As scientists around the world work tirelessly to develop a viable vaccine, coordinated data-sharing has become an essential tool in the ongoing fight against coronavirus. In an effort to establish effective public health strategies and protocols for curtailing the spread of COVID-19, mass data collection methods are already being put to use across the world.
In South Korea, government agencies are harnessing surveillance-camera footage, smartphone location data and credit card purchase records to help trace the recent movements of coronavirus patients and establish virus transmission chains.
The country also issued mass cellphone alerts announcing locations visited by infected patients, and ordered a tracking app installed on the phone of anyone ordered into isolation. These aggressive measures are credited with helping curtail the outbreak.
In Italy, the authorities are analyzing location data transmitted by citizens’ mobile phones to determine how many people are obeying a government lockdown order and the typical distances they move every day.
Digital and privacy rights’ defenders are now raising the alarm over government-led emergency efforts to use personal data to halt COVID-19. The worry is that this could lead to continued surveillance after the outbreak has ended.
Naturally, any type of government-sanctioned surveillance, however well-intentioned, raises serious questions. How is our data being used? Who has access to it? How vulnerable is our data to leaks and hacks? How could it be exploited by private companies in the future?
In Europe, officials, doctors and engineers are looking at how smartphones could be enlisted in the war against the spread of the new coronavirus. One obvious attraction for health officials is the possibility of using smartphones to find out with whom someone diagnosed with COVID-19 has been in contact. But can this be done without intrusive surveillance and access to our devices that store a wealth of private information?
It is argued that these firms can anonymize location data received from your smartphone by stripping out personal identifiers. It can then be presented in an aggregate form where individual and identifiable data points are not accessible. For instance, our location data is already likely being used in that way by mobile operators to feed traffic information to map apps.
It is such information that the European Commission has requested from mobile operators, which can determine the location of users by measuring the phone signal strength from more than one network tower. Google plans to publish information about the movement of people to allow governments to gauge the effectiveness of social distancing measures. In particular, it will display percentage point increases and decreases in visits to such locations as parks, shops and workplaces.
This type of data-sharing can only go so far. To get practical data like the people with whom an infected person has had contact, it is likely there will be an invasion of privacy.
With that being said, Singapore has pioneered a method using Bluetooth. When connecting to devices via Bluetooth in a public place, you will have noticed the devices of others nearby. It is this feature that the Singaporean app ‘TraceTogether’ exploits. Someone who has downloaded the app and kept their Bluetooth enabled will begin to register codes from all people who have the app on their phone and come within range.
The app is designed to reduce privacy concerns. For one, the app is voluntary. Another is that it doesn't track your location; rather, it just collects codes from the phones of people with whom you come into relatively close contact. That information is only uploaded to the operator of the app when a person declares himself or herself as having come down with COVID-19.
The TraceTogether app then matches up the codes (non-identifiable except to the operator of the system) with the telephone number of owners, and then messages them they had been in contact with someone who has been diagnosed with COVID-19.
Health officials say tracing will be of limited use if not enough people install the apps. The TraceTogether app was launched on March 20, yet only about a fifth of its 5.7 million people have installed it, far below the 75 percent rate government officials say is required for the app to be effective.
Australia, which rolled out its bluetooth-tracking COVIDSafe app, saw nearly two million downloads in the first 24 hours, though that is still just a small fraction of its 25 million people.
But for nations still under lockdown, including Australia and hard-hit European countries including Italy, Spain and France, it remains to be seen if tracing will halt a new surge in cases once people begin to leave their homes.
The other means to get practical information is to utilize the location data of phone users. This is the method chosen by Israel, which put an internal security agency in charge of obtaining the data from mobile phone operators. It also gets access to data on the movement of people for a two week period to help track down people exposed to the coronavirus.
Putting the fox in charge of guarding the henhouse is unlikely to sit well with rights and privacy groups, although they don't exclude the use of technology to help combat the crisis.
“United States' efforts to contain the virus must not be used as a cover to usher in a new era of greatly expanded systems of invasive digital surveillance,” said a statement issued by 100 rights groups including Amnesty International, Privacy International and Human Rights Watch.
They warn that “an increase in state digital surveillance powers, such as obtaining access to mobile phone location data, threatens privacy, freedom of expression and freedom of association, in ways that could violate rights and degrade trust in public authorities - undermining the effectiveness of any public health response.”
They said any additional digital surveillance powers should be necessary, proportionate and temporary.
“We cannot allow the COVID-19 pandemic to serve as an excuse to gut individual's right to privacy,” the groups said.
During an extraordinary time like this, governments are willing to overlook privacy implications in an effort to save lives. However, sensitive data that is being collected is not exclusive to public health organizations and governments. This is the primary issue.
In the United States, the government is openly working with Verily, a Google sister company, to offer online screening tests that require users to have a Google account. Sensitive data is also being accessed by surveillance technology companies and mobile app developers. Users of the Corona 100m app, for example, can see the date that a coronavirus patient was infected, along with his or her nationality, gender, age and the locations they visited.
In ordinary circumstances, medical records must be kept private in every instance. Exposing them to private companies and tech giants, even in the interest of public health, is a major source of concern because these records hold significant commercial value to private companies.
They could, for instance, provide advertising agencies with valuable targeting data for healthcare and pharmaceutical companies. They could also help inform decision-making by health insurers seeking to verify medical histories when processing new policies and claims.
In these uncertain times, as our governments explore data-driven solutions to curb a global health pandemic, we must consider how our data will be handled in the aftermath of the coronavirus. This crisis will eventually pass and, as new data challenges continue to arise, privacy technologies must become the standard for enterprises and governments alike. This will ensure we are equipped to facilitate privacy-enabled data-sharing in the most secure way possible before the next crisis unfolds.