April 21, 2019

The COVID-19 pandemic has disrupted every aspect of life. As we are in the midst of the worst pandemic in modern times, the use of technology in order to track citizens has become not just a key method in controlling the spread of the virus, but also has attracted increasing scrutiny about the nature of surveillance. On one hand, it’s vital to be able to track who is not adhering to quarantine, where infected persons are traveling, to be able to receive alerts about new cases in an area, and even to prove that one isn’t a transmission risk. However, growing concerns point to apps not working properly, how much information needs to be shared with the general population, and how these tracing measures can and will be used once the pandemic is over. During this crucial time, the expansion of technology-based tracking measures to control the pandemic will fundamentally alter the future of digital rights and privacy if left unchecked.

Countries like China, South Korea, and Taiwan jumped head first into harnessing the ubiquity of smartphones in order to control the scope and spread of the pandemic in their respective countries. Now other countries like the United States, the United Kingdom, and others are planning on doing the same. Contact tracing is meant to not only let others know that they have come into contact with an infected person, but also to help ensure safe and effective quarantines. By using smartphone data, much of the guesswork of trying to determine where a person went, what time they were present, and how long they were there. Since human memory isn’t necessarily the most reliable, these kinds of data are essential to help stop the spread of disease.

However, the slew of ethical concerns about what kind of data to collect and what information to release to the public are only mounting as the pandemic worsens in many parts of the world. South Korean alerts release information about the infected person’s age, gender, neighborhood of residence, when and where they took public transportation, and the names of businesses or other areas they may have visited. South Korea’s system not only sends out alerts, but includes trackers and maps created with patient data that are then sent to everybody within a 5km radius. There have been cases, though, where enough information was released about someone that made them identifiable which then resulted in online harassment and doxxing. These exposures and their subsequent attacks may result in a fear of stigma, which may prevent people from seeking treatment or being forthcoming about their status, further worsening the pandemic.

Even more, businesses that are identified by name as being locations that were visited by someone who was confirmed positive have seen a loss in customers. In general, despite the large amounts of information being provided, people seem to be demanding more information about people who have tested positive. Currently, all of the information that is disclosed and access to data is given voluntarily by patients. However, as the pandemic worsens, this voluntary surrender of data may become a thing of the past.

Crisis and Opportunity

This is not the first time that a crisis has been the key event that triggered mass surveillance measures of a population. In response to the 9/11 terrorist attacks, the Patriot Act was passed by Congress under the guise that it was meant to provide resources to fight terrorists. This was far from the truth. Rather, the Patriot Act greatly expanded the government’s ability and authority to spy on citizens and reduced the checks and balances in place to control this power. In 2013, Edward Snowden revealed to the world that the U.S. government had been collecting the phone records of millions of Americans, as well giving the government unprecedented authority to access computer records and credit and banking history.

Using the fear of the possibility of another terrorist attack, the U.S. government had justified their actions for years after the 9/11 attacks by turning “everybody into a potential suspect.” In the era of COVID-19, a disease that can be spread by even asymptomatic carriers, everyone is potentially infected. Economies are crumbling and threats to the global supply chain are mounting as the crisis worsens. This fear, and its associated crisis, is an opportunity for governments to expand these surveillance powers and their authority to collect this data about its citizens. Organizations, researchers, and legal experts are calling for uses of these public health initiatives like contact tracing to only collect data that is relevant for public health purposes. Countries that were already using technology to surveill certain people (like in Israel’s case, the mass surveillance of Palestinians) are merely expanding these in-place measures for everybody else or using the crisis to expand even more authoritarian surveillance measures.

Currently, we are already seeing countries in Europe developing methods or alreadt starting to to track people’s movements via information provided by cell phones. Even in the United States, the “social distancing scoreboard” is using similar kinds of data to give states letter grades on how well they are social distancing. This highlights the key tension here: the kind of data needed for mass surveillance and control of a population is already readily available and accessible, and doesn’t need to be voluntarily surrendered or disclosed by citizens. Rather than being seen as a “cute” project, the social distancing scoreboard should alert people to the amount of information already available and being collected about their movements.

Divides in Access, Privacy, and Ethics

In the United States, Google and Apple are teaming up to build a contact tracking system that is not built off of GPS, but rather Bluetooth technology. Although Google and Apple maintain that they will not be “creating” the apps so much as providing instruction and guidance to governments to do so themselves, and that the data won’t be shared, the two tech giants spearheading the contact tracing initiative in the United States should be cause for alarm. Apple and Google currently have access to not just information about people from their devices, but from their browsers, searches, GPS systems, all of the apps that they use, and even their health data. Further, the utility and efficiency of app-based contact tracing measures is still unknown. However, we can predict how efficient they will be due to knowing the already existing limitations of the technology itself: Bluetooth, for instance, is not particularly exact and doesn’t necessarily measure distance accurately. This means that people may be alerted that they may have come into contact with a tested positive person, but they may have been nearly 20 feet away, meaning that transmission is unlikely. Further, the issue is not even just about the data collection, but the fact that 2.5 billion phone users will not be able to use these apps because of limitations of their devices or laws prohibiting the use of Google services.

Although apps will help ease the burden, manual contact tracing will still be more accurate than app-based approaches. These app-based measures not only highlight privacy concerns, but highlight issues regarding the digital divide. But manual contact tracing may become impossible if the pandemic continues to worsen, and at the rate that it is going, we may be facing a future of faulty apps and technology providing us information about the rate of transmission and exposure. People will need to fight in order to ensure that the only data being collected for contact tracing measures are data that are useful from a public health standpoint and that governments are being transparent about how these apps work. This transparency also extends to how data is being collected and stored, and with what agencies and organizations it is being shared.

Rather than applying technodeterministic lenses on the use of technology during a pandemic, questioning the extent to which data is being collected to help stop the spread will be crucial in preventing the use of these technologies long after the pandemic for surveilling citizens. Governments will most likely be reluctant to give up this level of access to citizen data, and although even I can understand and accept the utility of technology-based methods, I am wary of the potential for this access and authority to be extended even long after the pandemic is over. The world will never be the same, but how it will change is still uncertain. We will either emerge from this crisis with our privacy protections intact, or will exist in a world where we will have embraced the pandemic panoptican.

Ailis Yeager
worked directly with the Center for Digital Ethics & Policy. She completed her bachelor's degree at Loyola University in 2020, majoring in integrated advertising, public relations, and history.