Privacy hopes and fears with governments’ tech solutions to COVID-19
The gravity of the COVID-19 pandemic has demanded governments around the world to act as fast as possible to minimize the damage the virus has done to society. In response to this demand, we have seen several countries leverage diverse technologies to help in this effort while complementing them with laws that broaden the governments’ executive powers during such times of calamity.
The technologist in me applauds these nations’ attempts at embracing the modern tools at our disposal. And although I am at awe at the solutions that have come up in the name of public health, I am weary of how much information these governments have at their disposal and how dangerous it could be if these solutions were developed further with different intentions in mind without the proper protections in place.
One particular initiative that I would like to highlight is a project in Singapore that involves their Ministry of Health collaborating with the Government Technology Agency (GovTech) to develop the TraceTogether app. The initiative is meant to improve the country’s contact tracing process and works by “exchanging short-distance Bluetooth signals between phones to detect other users of the app who are in close proximity.”
From a public health perspective, it is clear that the solution definitely eases the burden of the medical frontline to verify the history of an individual patient to properly gauge his risk level. Such a solution is necessary in a time where patients may potentially forget (or worse, lie) about their history like what happened recently in a Philippine hospital. However, the same project has also caused fears from advocates, as it represents a growing trend of “government surveillance” among nations justified by the on-going pandemic. And while most of the fears that privacy advocates have potential abuse in their minds, my own personal fears are rooted in a precedent made by the United States (US) in a military context back in 2001.
After the September 11 terrorist attack, the US government faced a similar pressure to respond with swift action that would help the nation respond to such a terrible threat. This led the US Congress to pass the Authorization for Use of Military Force (AUMF), which authorized their president “to use all necessary and appropriate force against those nations, organizations or persons he determines planned, authorized, committed or aided the terrorist attacks that occurred on September 11, 2001, or harbored such organizations or persons in order to prevent any future acts of international terrorism against the United States by such nations, organizations or persons.”
At first glance, it seems like a sensible statement that limits the authorized power to a specific temporal context. However, as outlined by the research done by Radiolab, the broad language used in this statement has since been interpreted to justify several military activities that continue on to this day. What originally was intended to counter the Iraq-based Islamic terrorist group al-Qaeda has expanded to allow US military presence in places such as Afghanistan, Pakistan, Libya, Somalia, and Yemen. And in a 2013 Senate hearing, it was made clear that what the Department of Defense defined as “the enemy” had become an expanding list that continues to grow to this day.
Now, I must admit that it feels quite alarmist of me to extrapolate such themes to conclude that all these government-led COVID-19 initiatives will lead to a dystopian future. However, the precedent made by the United States has shown us that even a democratically aligned nation such as theirs can twist the law in order to justify what they feel is “for the common good.” These fears are stoked further by the upward trend of countries embracing technology that allow for the disregard of our personal privacy.
However, I am hopeful that all is not lost in the battle of our privacy. The same TraceTogether app mentioned above promises some privacy features that is embedded in its design. According to the TraceTogether website, there are several privacy safeguards that they have put into place that reflects their commitment “to safeguarding your privacy and ensuring you have control over your data.” Some of the technical features that GovTech advertises that makes me comfortable with their app are as follows:
1. By its nature, the app has to be downloaded and permissions explicitly granted by the user. It also uses Bluetooth only, which is a phone feature that you technically always have control over. This differs from other contact tracing solutions like the United Kingdom government, which plans on asking its telecommunications companies to directly handover “phone location and usage data to monitor whether coronavirus limitation measures such as asking the public to stay at home are working.” Such a solution does not give its users any chance of consent whatsoever.
2. The tracking functionality of the app can be revoked at any time by deleting the app or by turning the app’s Bluetooth permissions off. A unique promise that GovTech offers is to prompt users to disable the features of the application when it is no longer necessary.
3. Ability to revoke consent by emailing their team with the mobile number that you registered with.
4. Constantly generating temporary IDs which will be the ones shared to nearby users masks your identity since the “lack of a persistent identifier means it is impossible for third parties to identify or track you.”
5. The purpose of the app is straightforward and the information they store about you is intuitively what is only necessary. In this case, it is your mobile number and a random anonymized user ID.
The nature of the COVID-19 necessitates solutions that will require accessing intimate information — there is no getting around this fact. And as far as public health is concerned, I do understand why governments are taking such measures to handle the pandemic. However, as individuals, we must still demand that our rights to privacy be protected. There will come a day when all of this is over and governments fully realize the power of the data they have at their disposal. When that happens, I fear that we will come to regret giving them so much to work with.
Hence, the TraceTogether app is a step towards designing solutions that not only benefit its users but respect their privacy as well. Hopefully, governments can regain and keep the trust of their people by integrating such principles into their initiatives moving forward.
