Quarantine edition

Life after lockdown: Do we have to give up our privacy for public health?

The popular historian Yuval Noah Harari has warned us about it in a widely shared article: we must be careful that the corona crisis doesn’t give legitimacy to a terrifying new surveillance system. Technology is very useful for tracking and monitoring groups of people. For insights about the development of the virus we often take China as an example, since the pandemic started there. China was known for its extensive surveillance technologies long before the outbreak, so it’s no surprise that they used ingenious techniques to monitor COVID-19 and limit the spread. In February, videos circulated on the internet of people who were checked for the corona virus when they got on the bus. The usual facial recognition payment devices were extended with the addition of thermometers and passengers with a high temperature had to leave the bus. In public spaces, police-operated drones were warning citizens to take better precautions against the virus. And when normal life slowly started up again after a long lockdown period, a ‘Health Code’ was used to avoid a second outbreak. The Code was developed by the government and is carried out by omnipresent platforms like WeChat and AliPay. Everyone is allocated with a green, orange or red color code—green means there’s a low risk that you’re infected with the virus, and red means the opposite. The color is probably based on your location data, but the way the system works is not transparent at all. This causes a lot of critique, since the colour code influences the freedom of movement of all citizens. Authorities are allowed to ask your color code when you leave your apartment building or enter the subway station or your office building.

You might be thinking: but this is China, where they already had a social credit system, robot police officers, and facial recognition vending machines. However, it appears that similar techniques will be used in Europe as well. KLM is considering measuring the temperature of passengers when they enter an airplane and the German government is developing an app to track who you have been in contact with. Do we need to be monitored and give up our privacy in order to better control the virus? Or are there other ways? To find out, I spoke with Lotte Houwing, policy advisor at Bits of Freedom.

Lilian Stolk: Are there any surveillance methods that companies and organisations operating in The Netherlands have developed or already apply that surprised you?

Lotte Houwing: Actually I haven’t seen something that surprised me. Not yet, at least. But that does not mean that I don’t think some things are disturbing.

LS: Which surveillance techniques can we expect to be added?

LH: Currently, three ways to apply surveillance seem to be under discussion: using location data to map people’s mobility patterns, contact tracing and different types of surveillance to control whether people are abiding the measures, such as social distancing or staying at home. The mobility patterns can be used to enforce the measures that have been instituted, to increase the efficiency of the deployment of the police, or to gain insight into the effects of measures. It could also be useful to compare the type of lockdown with the mobility data with the regimes in other countries. Contact tracing can be used to keep track of who is near whom, to provide insight into the risk of infection at an individual level. Other surveillance measures are for example drones and camerawagens to control whether people keep distance from each other when they are outside.

In Chinese hospitals, robots are checking temperatures and identities of visitors and disinfect people.

LS: Is there any evidence that surveillance techniques really help fight the virus? Is it working in China for example?

LH: I think it’s really difficult to prove this. Every country has a different approach to tackle the virus, with different measures, resulting in a different course of the virus. It’s very difficult to link a decrease in spread to a specific measure. In addition, the context in which the measure is applied is also relevant, and differs per country.

LS: In The Netherlands, KPN and VodafoneZiggo announced that they are willing to share their location- and metadata from cell towers with the government, like in other European countries. This Financial Times article explains that data from cell towers would not be sufficient enough. The GPS data from other commercial companies, like WeChat and Alipay, is way more accurate. And these companies t have accompanying data that can be very useful, like information about where someone ordered food or with which friends they talked to virtually. Also in The Netherlands, we live in a society where commercial companies, and not the government, have the most relevant data about us. Is this something to be concerned about?

LH: The huge amount of data that companies collect about us and the conditions under which this happens is something to be concerned about anyway. We have little control over this, as well as what happens to our data next. Even though some data may seem harmless at first sight, often a lot of information about us can be deduced from this collected data. On top of that, the main goal of (many of those) companies is to make money. Not to do good.
We see now that Google is providing information about mobility patterns based on the location data the company collects. However this may be useful information, that should not distract us from the question how Google got this data in the first place. Governments using data legitimate the fact that this data is gathered in the first place. We should be careful not to coronawash such mass surveillance practices.

LS: In China, these commercial companies are not always willing to share the relevant data they have with others, even when the government asks them to. When we think about possible positive effects of this pandemic the blossoming of nature is often mentioned. It seems like there’s more support for a basic income. It would be nice if this crisis could also open the eyes of governments to do something about the power of Big Tech companies. Could you see this happening? Or is it more likely that we go in the opposite direction where these companies get even more power?

LH: That would be very nice indeed. Unfortunately I don’t see that happening here. I think we should be vigilant that opening up the data or the information from it, like Google did with their Mobility Reports, is not legitimising the company’s mass surveillance.

Infrared thermometers are installed in Chinese airports and train stations.

LS: In these Mobility Reports, Google creates graphs to show movement trends per country, even per province, to places such as supermarkets, parks, public transport, and so on. These graphs are based on our location data that they’ve collected via GoogleMaps. You wrote an interesting article about this. The company has been recording our location data for years, but now they also display it. Why would they do that?

LH: I haven’t spoken to Google’s boss about this, so I find it difficult to speak of intentions. But of course the company has been under fire for years for flouting privacy laws and wrongful data collection. This crisis offers an opportunity to demonstrate the usefulness of collecting data, or to put it at least in a positive light. Of course they are happy to take advantage of this. It does not exclude a sincere intention to use the collected data to fight the virus. The only thing remains is that the data collection was already going on before we had ever heard of corona. The fact that information based on it now might be useful should not refrain us from asking questions about that.

LS: You finish your article with the sentence: “Quick solutions can lead to long-term problems”. Can you give some examples of that?

LH: I’m thinking about sloppily introduced techno-fixes, in which the government outsources solving public problems or defending public interests such as public health to profit-making commercial companies and increases the dependence on large tech companies. Or drastic measures that are introduced without properly identifying the specific problem, without thinking about how the measure will be evaluated and without ensuring that the measure is scaled back if the situation allows that.

LS: Now, we’re still in self isolation at home, but we will resume our public life in a few weeks, or months, and probably before a vaccine against the corona virus is developed. What’s the best way to do that and how can technology help us? An idea: the Amsterdam-based hospital OLVG developed an app that lets people test if they had corona-symptoms. This data could be used to create a ‘Health Code’, just like in China. We have to scan the code when we take the train or enter the supermarket. That way, we may hand in our privacy, but the data is created in collaboration with health care professionals. There are no further commercial interests. Would this be a good solution?

LH: As far as I know, you can not test with an app if you have corona. I would be very careful with apps that claim to be able to do this. After all, data that is inaccurate can provide false security and encourage us to make misinformed decisions.
We should be very careful about these fast techno-fixes. A health code can only be truthful if there is a lot of accurate health data available which means a lot of testing, which is not the case yet.
In addition to this, any technology designed to address the spread of the virus must be designed in a way that minimizes the intrusion on our rights and freedoms, including privacy. That means that there is a long list of requirements that it should meet. And we should never forget that there are also analogue solutions that can be very effective.

The Chinese Health Code.

A few hours after my talk with Lotte, the Dutch Minister of Health, Hugo de Jonge announced he wants to use apps to monitor the coronavirus during a press conference. So, we’ve asked her a few additional questions.

LS: During the press conference Minister De Jonge said that this app should work via Bluetooth, like in Germany. What’s the difference between Bluetooth and data from cell towers or GPS?

LH: Cell towers and GPS provide location data. Bluetooth focuses more on the distance between you and another person, regardless of where you are. So that could be a plus in privacy.

LS: Assuming that the app meets all the privacy requirements. What would you think if such an app becomes mandatory?

LH: It should be a requirement that use of the app is on a voluntary basis. This should go further than just not be mandatory. It should be forbidden to require people to have the app to go somewhere, or to show it to your employer for example. It should not be possible for anyone to oblige you to have, or show, the app. Part of meeting the requirements in privacy legislation at this time (if no special legislation is made for it) is also that it is voluntary. The only way the use of the app could be made mandatory is if there is a legal basis for it under national law. Than the government needs to provide that.

A virus-tracking app will come to the Netherlands. A conclusion we can draw from our talk with Lotte is that more surveillance doesn’t automatically have to be creepy. There are several ways technology can safely help us in monitoring the virus. But first we should answer some fundamental questions: What problem should the app solve exactly? And is an app the most effective for this or are there other, less drastic solutions? Then it’s important that these apps are developed by non-commercial organisations for whom our health, instead of profit, is the priority. It should not be mandatory to use these apps. And it should be clear from the beginning when the apps have reached their goal and thus are no longer needed. It will be a challenge for governments not to be tempted by commercial companies such as Apple and Google that have been collecting an enormous amount of relevant data for years and are now eager to do their part, for example with this COVID-19 tracker. To prevent this from happening, Bits of Freedom has launched a website with a clear list of rules that a privacy-friendly app must meet. Hopefully the Dutch government will take this into account.