Say hello to the coronavirus and goodbye to privacy. The government is working with a variety of tech companies — including infamous analytics companies like Palantir — to get a grasp on the spread of the virus. Unfortunately, this means the data citizens have generated for a variety of tech companies will become a handy way to track them and their movements, especially if they’re infected or in contact with those who are.
Technology giant Palantir Inc., which was credited with helping to find Osama bin Laden, is helping the Centers for Disease Control and Prevention model the virus outbreak. Other companies that scrape public social-media data have contracts in place with the agency and the National Institutes of Health, documents show.
The push is in part being coordinated by a task force working in conjunction with the White House, and includes startups as well as tech giants such as Alphabet Inc.’s Google unit, Facebook Inc. and Amazon.com Inc. The task-force discussions involving the White House and tech companies were reported by The Wall Street Journal on Sunday.
The legal limits on what the government can grab from service providers and platforms are pretty much waived if there’s a national emergency. No one’s arguing the spread of the virus isn’t at least a crisis. But only a few people are arguing this justifies domestic surveillance aided and abetted by an abundance of third party records. Normally, the government would have to show at least reasonable suspicion before collecting these records from third parties, but it won’t even need this minimal, individualized showing if it can declare this an emergency.
Even privacy-focused legislators seem to be on board with broad harvesting of location data for this reason.
Sen. Ron Wyden, a Democrat from Oregon, is among the lawmakers who have been briefed on the discussions. In a statement, Sen. Wyden said the efforts are sensible as long as the appropriate conditions are in place. “There must be procedures to keep this information safe, to delete information once it’s no longer in use, and to ensure it isn’t used against Americans by law enforcement,” he said.
Good luck ensuring it isn’t used by law enforcement. The only thing keeping them honest, for the most part, is their own honesty — something that seems rarely an innate part of US law enforcement. Even if things appear to be above-board, parallel construction can whitewash info gathered by government agencies purportedly for tracking the spread of the coronavirus.
What we don’t have at this point in time is many details on how this would happen and what constraints would be placed on data collection and use. But what little we do have isn’t promising.
Public-health experts are interested in the possibility that private-sector companies could compile the data in anonymous, aggregated form, which they could then use to map the spread of the infection, according to three people familiar with the effort, who spoke on the condition of anonymity because the project is in its early stages.
First off, anonymized data is never truly “anonymized.” With very little effort, data can be stripped of its anonymity to identify the people who generated the data. Second, if efforts already in place in other countries are any indication, this is only the starting point, not the entire plan. Government agencies are going to want to track infected citizens in order to ensure/enforce self-quarantining and track potentially-infected friends and acquaintances of those who’ve tested positive for COVID-19.
Location data is what the administration wants — something no longer under the purview of the Third Party Doctrine thanks to the Supreme Court’s Carpenter decision.
In recent interviews, Facebook executives said the U.S. government is particularly interested in understanding patterns of people’s movements, which can be derived through data the company collects from users who allow it.
Google is saying pretty much the same thing. Government officials and health experts want access to location data. At this point, the government seems willing to collect this data in aggregate form to predict trends and determine the impact of social distancing and local bans on gatherings.
An open letter to tech companies from dozens of engineers and epidemiologists suggests the government should have this data, but possibly only with the approval of platform users who would have to opt-in. It’s a little disconcerting to read a call for handing over user location info to the government coupled with complimentary reference to China’s surveillance state.
Apple, Google, and other mobile operating system vendors should work to provide an opt-in, privacy preserving OS feature to support contact tracing. Users who opt in could be notified in a non-identifiable way if they had been in the same spaces as subsequently identified cases, in order to enable self-quarantine, monitoring, early detection and prevention of tertiary cases. If such a feature could be built before SARS-CoV-2 is ubiquitous, it could prevent many people from being exposed. In the longer term, such infrastructure could allow future disease epidemics to be more reliably contained, and make large scale contact tracing of the sort that has worked in China and Korea, feasible everywhere.
At this point, everything is still in the planning and development stages. Google and Facebook collect tons of user info, including their locations, and it is true tracking people’s movements — even in “anonymized” form — might slow the spread of the virus. There’s a tradeoff here, one that isn’t limited to this disease. The government — without directly asking — wants people to sacrifice some of their privacy for the benefit of the nation as a whole. But there’s no expiration date on the request and there’s no ensuring this will actually benefit the nation. And once the government is in, it’s going to be very hesitant to step back out. There’s always another emergency just over the horizon.
I’m all for a completely voluntary system that fully informs citizens who opt in what their rights are, one of which should be the right to revoke consent at any point in time. Anything else sounds like a convenient way to engage in domestic surveillance and ignore the Constitutional protections afforded to these particular third-party records. And while I appreciate tech companies’ willingness to do anything they can to curb the spread of the virus, they should be asking the tough questions that need to be asked on behalf of their millions of users, rather than deciding they can contribute to the greater good of the public without asking for the public’s permission.
Permalink | Comments | Email This Story