Since the COVID 19 outbreak became a fast-spreading pandemic, governments from across the globe have implemented new policies to help slow the spread of the virus.
In addition to closing borders to non-citizens, many governments
have also mobilized digital surveillance technologies to track and contain visitors and citizens alike.
On Wednesday, the Hong Kong government announced that all new arrivals to the city must undergo two weeks of self-quarantine,
while wearing an electronic wristband that connects to a location tracking app on their phones.
If the app detects changes in the person's location, it will alert the Department of Health and the police. Prior to this new policy,
only people who had recently visited Hubei province in China were required to wear a monitoring wristband during their quarantine period.
While surveillance technologies and measures may give the public a sense of security in
controlling the spread of the virus, we must remain mindful and vigilant of their continued use after the pandemic subsides.
European and North American countries like Italy, Spain, and the US are currently being hit hard by the
coronavirus. Meanwhile, Asian countries have been praised by international media for their swift responses and use of surveillance technologies to control the outbreak.
The Singaporean government, for example, implemented policies
that can effectively and rigorously trace a complex chain of contacts . As of February, anyone entering a government or corporate building in Singapore will have to provide their contact information.
In addition, the government
has been gathering a substantial amount of data detailing not only each known case of infection but also where the person lives, works and the network of contacts they are connected to.
While these measures have thus far seemed to
yield positive results, they have highlighted the technological capacity and power of the government to monitor the movements and lives of every individual.
In China, where Covid-19 was first detected, the government has been
deploying not only drastic lockdown policies but also a variety of surveillance technologies to ensure public compliance with self-quarantine and isolation.
In addition to using drones to monitor people's movements and ensure they
are staying home, police in five Chinese cities have taken to patrolling the streets wearing smart helmets equipped with thermal screening technologies that sound an alarm if a person's temperature is higher than the threshold.
The government has also collaborated with the company Hanwang Technology Limited to finesse their existing facial recognition technology, so that it can work even when the person is wearing a face mask
When connected to a temperature sensor and the Chinese government's existing database as well as state-level intel, this technology allows authorities to immediately identify the name of each person whose body temperature is above
38 degrees Celcius.
According to Hanwang Technology, this refined facial recognition technology can identify up to 30 people within a second.
While the use of surveillance technologies like these has been
effective in lowering the number of confirmed cases in China, it is not without risks.
Beyond the pandemic, both the Chinese government and the company have substantial interests in further developing and deploying this
technology: the government can make use of it to track and suppress political dissidents, and the company has much to gain financially.
This technology can also be co-opted by China's counterterrorism forces to further monitor and
regulate the movement of the Uighur people, who are categorised as terrorists by the Chinese government and are currently being forced into mass detention camps and subjected to forced labour.
Outside of Asia, Middle Eastern
countries like Israel and Iran have also been deploying similar surveillance technologies , citing the need to control the spread of the coronavirus.
The Israeli government now makes use of technologies developed for
counterterrorism to collect cellphone data, so that the government can trace people's contact network, and identify those who need to be quarantined.
The geolocation data gathered via people's phones will then be used to alert the
public where not to go based on the pattern of infection.
Not only is it unprecedented for Israel to deploy counterterrorism data to combat a public health crisis, but the existence of this data trove has also, according to the
New York Times , not been reported prior to this.
On March 6, researcher Nariman Gharib revealed that the Iranian government had been tracking its citizens' phone data through an app disguised as a coronavirus diagnostic tool.
Security expert Nikolaos Chrysaidos confirmed that the app collected sensitive personal information unrelated to the outbreak -- for example, the app recorded the bodily movements of the user the way a fitness tracker would.
Google has since removed the app from Google Play, but this case demonstrates the need for ongoing public vigilance over government use of surveillance technologies in the name of public health.
public health has historically been used as a justification for mainstream institutions and government authorities to stigmatise, monitor, and regulate the lives of marginalised people -- such as immigrants, racial minorities, LGBTQ+ people, and people
living in poverty.
If we do not hold our government accountable for its use of surveillance technologies during the current pandemic and beyond, we will be putting those who are already marginalised at further risks of regulation,
suppression, and persecution.
The government is
working with mobile network O2 to analyse smartphone location data to see whether people are following its social distancing guidelines.
The partnership began following a tech summit at Number 10, where officials discussed coronavirus outbreak
planning with representatives from the UK's largest phone networks. A spokesperson for O2 confirmed that the company was providing aggregated data to the government so it could observe trends in public movements, particularly in London.
claimed that the project will not be able to track individuals but individual data seems so beneficial to contact tracing that surely it will be enabled.
Presumably there will need to be a balance. If the authorities use location data to punish
people for not following rules then people will leave their phones at home and contact tracing capabilities will be lost.
The US free speech campaigners of the EFF debate governments' use of phone location data:
Governments Haven't Shown Location Surveillance Would Help Contain COVID-19
Governments around the world are demanding new dragnet location surveillance powers to contain the COVID-19 outbreak. But before the public
allows their governments to implement such systems, governments must explain to the public how these systems would be effective in stopping the spread of COVID-19. There's no questioning the need for far-reaching public health measures to meet this
urgent challenge, but those measures must be scientifically rigorous, and based on the expertise of public health professionals.
Governments have not yet met that standard, nor even shown that extraordinary location surveillance
powers would make a significant contribution to containing COVID-19. Unless they can, there's no justification for their intrusions on privacy and free speech, or the disparate impact these intrusions would have on vulnerable groups. Indeed, governments
have not even been transparent about their plans and rationales.
The Costs of Location Surveillance
EFF has long opposed location surveillance programs that can turn our lives into open books for
scrutiny by police, surveillance-based advertisers, identity thieves, and stalkers. Many sensitive inferences can be drawn from a visit to a health center, a criminal defense lawyer, an immigration clinic, or a protest planning meeting.
Moreover, fear of surveillance chills and deters free speech and association. And all too often , surveillance disparately burdens people of color. What's more, whatever personal data is collected by government can be misused by its
employees, stolen by criminals and foreign governments, and unpredictably redirected by agency leaders to harmful new uses .
Emerging Dragnet Location Surveillance
China reportedly responded to the
COVID-19 crisis by building new infrastructures to track the movements of massive numbers of identifiable people. Israel tapped into a vast trove of cellphone location data to identify people who came into close contact with known virus carriers. That
nation has sent quarantine orders based on this surveillance. About a dozen countries are reportedly testing a spy tool built by NSO Group that uses huge volumes of cellphone location data to match the location of infected people to other people in their
vicinity (NSO's plan is to not share a match with the government absent such a person's consent).
In the United States , the federal government is reportedly seeking, from mobile app companies like Facebook and Google, large
volumes of location data that is de-identified (that is, after removal of information that identifies particular people) and aggregated (that is, after combining data about multiple people). According to industry executives, such data might be used to
predict the next virus hotspot. Facebook has previously made data like this available to track population movements during natural disasters.
But re-identification of de-identified data is a constant infosec threat .
De-identification of location data is especially hard, since location data points serve as identification of their own. Also, re-identification can be achieved by correlating de-identified data with other publicly available data like voter rolls, and
with the oceans of information about identifiable people that are sold by data brokers . While de-identification might in some cases reduce privacy risks , this depends on many factors that have not yet been publicly addressed, such as careful selection
of what data to aggregate, and the minimum thresholds for aggregation. In the words of Prof. Matt Blaze, a specialist in computer science and privacy:
One of the things we have learned over time is that something that
seems anonymous, more often than not, is not anonymous , even if it's designed with the best intentions.
Disturbingly, most of the public information about government's emerging location surveillance programs comes
from anonymous sources , and not official explanations. Transparency is a cornerstone of democratic governance, especially now , in the midst of a public health crisis. If the government is considering such new surveillance programs, it must publicly
explain exactly what it is planning, why this would help, and what rules would apply. History shows that when government builds new surveillance programs in secret , these programs quickly lead to unjustified privacy abuses. That's one reason EFF has
long demanded transparent democratic control over whether government agencies may deploy new surveillance technology.
Governments Must Show Their Work
Because new government dragnet location
surveillance powers are such a menace to our digital rights, governments should not be granted these powers unless they can show the public how these powers would actually help, in a significant manner, to contain COVID-19. Even if governments could show
such efficacy, we would still need to balance the benefit of the government's use of these powers against the substantial cost to our privacy, speech, and equality of opportunity. And even if this balancing justified government's use of these powers, we
would still need safeguards, limits, auditing, and accountability measures. In short, new surveillance powers must always be necessary and proportionate .
But today, we can't balance those interests or enumerate necessary
safeguards, because governments have not shown how the proposed new dragnet location surveillance powers could help contain COVID-19. The following are some of the points we have not seen the government publicly address.
the location records sought sufficiently granular to show whether two people were within transmittal distance of each other? In many cases, we question whether such data will actually be useful to healthcare professionals.
may seem paradoxical. After all, location data is sufficiently precise for law enforcement to place suspects at the scene of a crime, and for juries to convict largely on the basis of that evidence. But when it comes to tracking the spread of a disease
that requires close personal contact, data generated by current technology generally can't reliably tell us whether two people were closer than the CDC-recommended radius of six feet for social distancing.
For example, cell site
location information (CSLI)--the records generated by mobile carriers based on which cell towers a phone connects to and when--is often only able to place a phone within a zone of half a mile to two miles in urban areas. The area is even wider in areas
with less dense tower placement. GPS sensors built directly into phones can do much better, but even GPS is only accurate to a 16-foot radius . These and other technologies like Bluetooth can be combined for better accuracy, but there's no guarantee that
a given phone can be located with six-foot precision at a given time.
2. Do the cellphone location records identify a sufficiently large and representative portion of the overall population? Even today, not everyone has a
cellphone, and some people do not regularly carry their phones or connect them to a cellular network. The population that carries a networked phone at all times is not representative of the overall population; for example, people without phones skew
towards lower-income people and older people.
3. Has the virus already spread so broadly that contact tracing is no longer a significant way to reduce transmission? If community transmission is commonplace, contact tracing may
become impractical or divert resources from more effective containment methods.
There might be scenarios other than precise, person-to-person contact tracing where location data could be useful. We've heard it suggested, for
example, that this data could be used to track future flare-ups of the virus by observing general patterns of people's movements in a given area. But even when transmission is less common, widespread testing may be more effective at containment, as may
be happening in South Korea .
4. Will health-based surveillance deter people from seeking health care? Already, there are reports that people subject to COVID-based location tracking are altering their movements to avoid
embarrassing revelations. If a positive test result will lead to enhanced location surveillance, some people may avoid testing.
As our society struggles with COVID-19, far narrower big
data surveillance proposals may emerge. Perhaps public health professionals will show that such proposals are necessary and proportionate. If so, EFF would seek safeguards, including mandatory expiration when the health crisis ends, independent
supervision, strict anti-discrimination rules, auditing for efficacy and misuse, and due process for affected people.
But for now, government has not shown that new dragnet location surveillance powers would significantly help to
contain COVID-19. It is the government's job to show the public why this would work.
Update: In fight against coronavirus, European governments embrace surveillance
The Independent Inquiry into Child Sexual Abuse, chaired by Professor Alexis Jay, was set up because of serious concerns that some organisation had failed and were continuing to fail to protect children from sexual abuse. It describes its remit as:
Our remit is huge, but as a statutory inquiry we have unique authority to address issues that have persisted despite previous inquiries and attempts at reform.
The inquiry has just published its report
with the grandiose title: The Internet.
It has consider many aspects of child abuse and come up with the following short list of recommendation:
Pre-screening of images before uploading
The government should require industry to pre-screen material before it is uploaded to the internet to prevent access to known indecent images of children.
Removal of images
The government should press the WeProtect Global Alliance to take more action internationally to ensure that those countries hosting indecent images of children implement legislation and procedures to
prevent access to such imagery.
The government should introduce legislation requiring providers of online services and social media platforms to implement more stringent age
verification techniques on all relevant devices.
Draft child sexual abuse and exploitation code of practice
The government should publish, without further delay, the interim code of practice in
respect of child sexual abuse and exploitation as proposed by the Online Harms White Paper (published April 2019).
But it should be noted that the inquiry gave not even a passing mention to some of the privacy issues that would have far reaching consequences should age verification be required for children's social media access.
Perhaps the authorities
should recall that age verification for porn failed because the law makers were only thinking of the children, and didn't give even a moment of passing consideration for the privacy of the porn users. The lawmaker's blinkeredness resulted in the failure
of their beloved law.
Has anyone even considered the question what will happen if they ban kids from social media. An epidemic of tantrums? Collapse of social media companies? kids go back to hanging around on street corners?, the kids find more
underground websites to frequent? they play violent computer games all day instead?