Few in the West would have imagined two months ago that their government would consider tracking their personal mobile phones. But as Covid-19 rapidly sweeps through cities and incapacitates health systems, manual tracing of potentially infected individuals can no longer keep up. Even epidemiologists are now recommending digital contact tracing for its increased speed and responsiveness. Privacy experts predict that in the next few weeks, many of us will likely install a contact tracing app to help stem the raging pandemic.
However, as governments around the world , including Australia, seek to tap into citizens’ location data, it is crucial to ask whether a balance between safety and privacy can still be struck, and if so, to hold our governments to such a standard. If we stop trying, temporary digital surveillance systems may outlive their initial purposes and become a permanent legacy of Covid-19.
Increasingly, smartphone technology seems to hold the greatest promises in outpacing the virus. Our location data and movement history can now be tracked to a useful extent through GPS and Bluetooth signals recorded in various smartphone apps and digital devices. The process of matching individuals’ movement history, if automated, can instantaneously identify people who have been in close contact with an infected person, allowing proactive testing and precautionary measures. On an aggregate level, movement history data can help predict the spread of the disease and gauge people’s overall observance of social-distancing rules.
Even a generally well-intentioned government can easily abuse or misuse this power.
But these promises cannot be realised without access to individuals’ location data. Whether we are ready or not, governments around the world have started gearing up for this access, with various invasive implications. The United States is working with Google and Facebook to analyse aggregate location data and model the spread of Covid-19. The UK government recently issued a notice granting the government unfettered access to confidential patient information for any “Covid-19 purpose”. And South Korea uses a combination of digital records, including pharmacy visits, CCTV videos, and card transactions to track down the locations of potentially infected people.
Effective digital contact tracing also requires the widespread uptake of an effective contact tracing app. So far, at least 29 countries in the world have developed Covid tracking apps. A few of these apps have already achieved a broad reach, some through government coercion, others through voluntary uptake.
In China, for example, an app called Alipay Health Code automatically assigns colour codes to people based on their “risk level” dictated by an opaque algorithm. If a contagion risk is detected, a person may be barred from leaving the building or taking public transport and hence, forced to self-quarantine. The populous Indian state of Karnataka requires all quarantined people to download a GPS-tracking app and upload a selfie to the authorities every hour of the day.
These practices, besides setting back recent global progress in privacy laws, strengthen states’ surveillance power and in some cases, their authoritarian grip. Human rights groups and legal scholars have demanded that any surveillance measures adopted during the pandemic must be strictly time-bound. But governments from China to Israel, for example, are known to let temporary “emergency” surveillance outlive their original purposes.
Even one of the most sophisticated and transparent contact-tracing systems so far implemented – Singapore’s TraceTogether app – opens the door to potential mass surveillance. The app has so far attracted great interests from other governments, including those of Australia and India. Using mobile phone Bluetooth, the app exchanges a series of encrypted, temporary IDs with other apps when in close proximity with each other. These IDs can then be uploaded to a central authority that matches the data of an affected individuals with that of other individuals. This then allows swift identification and notification of anyone who has encountered the infected individuals within the last 14 days.
Due to the randomly generated, temporary IDs and their encryption, the app excels in protecting an individual’s identity against other individuals and hackers. However, a gaping privacy loophole remains: a central authority, usually the government, holds the key to decrypt the identity data of the infected individuals and of everyone whom they have encountered.
While a high-tech surveillance state such as in China is unlikely to emerge in Western democracies, it is still important to ask whether a democratic government can be trusted with this centralised power over individuals’ identity data. Unfortunately, even a generally well-intentioned government can easily abuse or misuse this power.
Central data servers are often subject to cyberattacks, system overload, and accidental data leaks. The Australian government, for example, has lost sensitive, re-identifiable medical records of 2.9 million Australians due to pure technical naïveté. Past instances of Australian police illegally accessing metadata on journalists also raise the question of what other purposes might be served by the government’s centralised access to otherwise encrypted identity data, and what might happen to the data down the track. Where will it be stored and by whom? What rules will govern access?
Data is valuable, especially bulk data of this sort, and citizens should not be asked to give it up without information, assurances, and appropriate rules.
Given these risks, a community of technical experts have developed de-centralised alternatives that replace the role of the government with an interactive web of Bluetooth-based apps. Google and Apple have also announced a partnership to roll out a de-centralised contact tracing app in May. While de-centralised systems could potentially protect individual privacy from all parties (including the government), their success relies heavily on individuals to voluntarily and accurately upload their data to the system when they test positive.
Indeed, achieving effective contact tracing without any centralised control is not an easy task, and time is what governments around the world do not have. But populations should not be forced to choose between safety and privacy – the solution will mostly likely lie somewhere in between. As long as privacy-preserving options exist, we must ensure that our authorities consider them and adhere to a transparent decision-making process with sufficient accountability protections. We must protect against overreach as much as the virus itself.