During this COVID-19 pandemic, we are hearing stories about how some governments are abusing the privacy rights of their citizens in the interests of public health. The South Korean government is using smartphone location data, surveillance-camera footage and even credit card purchases to monitor those suspected of spreading COVID-19.1
Italian authorities are using mobile phones’ data to track people’s everyday movements and whether they are obeying the government lockdown orders. Israel has deployed Shin Bet, its internal security agency designed to target terrorism, to use mobile phone location data to determine the whereabouts of citizens who may have been exposed to COVID-19.2
Such spying will also likely soon be the norm in the U.S. In March, the White House Office of Science and Technology Policy began assembling a task force of tech and artificial intelligence companies to “develop new text and data-mining techniques that could help the science community answer high-priority scientific questions related to COVID-19,” according to CNBC.3
An ‘All Hands on Deck’ Call to Big Tech
The 60 companies,4 which include well-known names like Facebook, Google, Twitter, Uber, Apple, IBM, Microsoft and Amazon,5 will try to deduce, through cellphone data, where the next wave of COVID-19 will occur6 and the effectiveness of social distancing.7 What mechanisms will they use? According to the Wall Street Journal, the technologies under consideration:8
“… include everything from geolocation tracking that can monitor the locations of people through their phones to facial-recognition systems that can analyze photos to determine who might have come into contact with individuals who later tested positive for the virus, according to people familiar with the matter.”
The White House Office of Science and Technology Policy is not the only government agency enlisting the help of Big Tech companies during the COVID-19 pandemic. According to The Wall Street Journal:9
“Technology giant Palantir Inc., which was credited with helping to find Osama bin Laden, is helping the Centers for Disease Control and Prevention model the virus outbreak. Other companies that scrape public social-media data have contracts in place with the agency and the National Institutes of Health, documents show.”
Facebook Already Provides User-Generated Maps
Facebook currently creates and shares “disease-prevention maps” derived from aggregated user data with the government, researchers and nonprofits. When people use Facebook apps on their phones with location services enabled, maps are generated,10 though the information is not shared with the general public.11 Facebook says the maps, generated by a project called Data for Good:12
“… are designed to help public health organizations close gaps in understanding where people live, how people are moving, and the state of their cellular connectivity, in order to improve the effectiveness of health campaigns and epidemic response.
These datasets, when combined with epidemiological information from health systems, assist nonprofits in reaching vulnerable communities more effectively and in better understanding the pathways of disease outbreaks that are spread by human-to-human contact.”
Facebook-aggregated data allowed researchers to determine that weekday traffic into Seattle and its eastern suburbs dropped by half after the first Washington state COVID-19 outbreak and authorities’ distancing requests, says Wired.13
The London School of Hygiene and Tropical Medicine, Harvard’s School of Public Health, National Tsing Hua University, Direct Relief and other schools and organizations have also used the maps in their COVID-19 prevention efforts.14
Personal Privacy Takes Backseat During COVID-19 Pandemic
Despite assurances of anonymity and no plan to track individuals, enlisting Big Tech companies to work directly with the government has many legitimately concerned about their privacy. Who can forget the 2018 scandal in which Cambridge Analytica, a political data firm, gained access to private information on more than 50 million Facebook users?15
Though Facebook says its data is anonymized, only shows general trends and is not used to track individuals,16 the task force plans would enlarge Facebook’s role in providing data to the government.17 Facebook CEO Mark Zuckerberg said privacy concerns around tracking fears are “overblown.”18 Moreover, while some tech companies already share aggregated data generated by users, Wired notes that:19
“… it would be new for Google and Facebook to openly mine user movements on this scale for the government. The data collected would show patterns of user movements. It would need to be cross-referenced with data on testing and diagnoses to show how behavior is affecting the spread of the virus.”
Caroline Buckee, associate professor at the Harvard TH Chan School of Public Health, told Wired that though aggregated, anonymized location data is already available from Google, Facebook, Uber and phone companies, people worry that the collected data will be reverse-engineered to track people.20
Privacy suspicions do not just stem from the Cambridge Analytica scandal. During the Washington state COVID-19 outbreak, Facebook data were fed into models produced by the Institute for Disease Modeling in Bellevue, which collaborates with the Bill & Melinda Gates Foundation and other groups.21
Forbes reported that Gates called for a “national tracking system similar to South Korea … to understand where the disease is and whether we need to strengthen the social distancing,” in response to the COVID-19 epidemic.22 Gates responded to a question during a Reddit “Ask Me Anything” session by saying:23
“Eventually we will have some digital certificates to show who has recovered or been tested recently or when we have a vaccine who has received it.”
Needless to say, the mention of “digital certificates” increased the fears many have about surveillance and tracking.
The COVID-19 Operations Increase Government Reach
In normal times, such broad sharing of personal information would not be legal without a court order or user consent, but during an emergency the government has the authority to request such data. According to the Wall Street Journal:24
“In the U.S., the government could legally request this type of data from telecommunication carriers or from Google, which has access to more- precise location data belonging to its Android and Google Maps users, said Al Gidari, director of privacy at Stanford Law School.”
Many remember how the events of 9/11 ushered in the Patriot Act, which greatly enlarged government reach and chipped away at personal privacy. Though the law was aimed at terrorists, the government powers could easily be directed against those suspected of spreading a disease — fears that the White House task force of tech and artificial intelligence companies is fueling. According to the Department of Justice:25
“The Patriot Act allows investigators to use the tools that were already available to investigate organized crime and drug trafficking … The Patriot Act facilitated information sharing and cooperation among government agencies so that they can better ‘connect the dots’ …
The Patriot Act updated the law to reflect new technologies and new threats … The Patriot Act increased the penalties for those who commit terrorist crimes …”
Whistleblower Edward Snowden Sees Privacy Risks
Edward Snowden, the National Security Agency contractor known for leaking information about government surveillance of citizens, points out that the government could requisition fitness tracker information to look at measures like pulse and heart rate. According to Snowden:26
“They already know what you’re looking at on the internet … They already know where your phone is moving. Now they know what your heart rate is, what your pulse is. What happens when they start to intermix these and apply artificial intelligence to it?”
Snowden is right that the many disturbing possibilities of artificial intelligence (AI) will be unleashed by the White House task force. AI companies are being asked by the government to “mine through the avalanche of research” and develop AI algorithms to explain the COVID-19 virus’ behavior.27 According to Wired, “the hope is that AI will accelerate insights into the novel coronavirus by finding more subtle connections across more data.”
The government is in talks with Camber Systems, a location-tracking firm that says it uses “data, machine learning and artificial intelligence” to help cities manage transportation and infrastructure.28
According to Kai-Fu Lee, an artificial intelligence expert and author of “AI Superpowers: China, Silicon Valley, and the New World Order,” AI works with audio and video data streams, using facial and speech recognition and will lead to autonomous robots.
Privacy advocates worry what will happen to the data when the crisis is over and about new reasons that can be fabricated by the government to keep gathering and analyzing people’s personal data.
Most Mobile Phones Put You at Risk
According to Robert Epstein, senior research psychologist for the American Institute of Behavioral Research and Technology, unless you use a virtual private network (VPN) on your phone, your identity is very easy for tech companies like Google to determine. Of course the phone numbers you’re dialing, the music files you’re playing and the places you’re visiting are all also information available to the tech companies.
A VPN, however, will mask your identity including when you are using apps like Google Maps on your phone. Epstein also suggests:
“Don’t use Google as your search engine, or any extension of Google, such as Bing or Yahoo, both of which draw search results from Google. The same goes for the iPhone’s personal assistant Siri, which draws all of its answers from Google …
When you use your mobile phone, laptop or desktop in the usual way, your identity is very easy for Google and other companies to see. They can see it via your IP address, but … there are much more sophisticated ways now that they know it’s you. One is called browser fingerprinting.
Basically, the kind of browser you have and the way you use your browser is like a fingerprint. You use your browser in a unique way, and just by the way you type, these companies now can instantly identify you.”
Worse, cautions Epstein, even when you are not connected to the internet, your phone can be used to track you. Android cellphones, which use a Google-owned operating system, track you even when you’re not connected to the internet, whether you have geo tracking enabled or not, warns Epstein.
“Let’s say you pull out your SIM card. Let’s say you disconnect from your mobile service provider, so you’re absolutely isolated. You’re not connected to the internet. Guess what? Your phone is still tracking everything you do on that phone and it’s still tracking your location.”
Even though you may think you’ve spent the day “trackless” or incognito, if you had your phone with you, the information has been stored in it and will be sent to Google when you reconnect, warns Epstein.
The COVID-19 is undoubtedly accelerating the dangerous trend of government and Big Tech surveillance of everyday people. We must resist this dangerous trend and protect ourselves on a personal level from government invasion of our privacy.