It has long been common knowledge that digital technology can keep track of our every activity online. The digital tracks we leave behind are easy to follow. Advertising agencies, online stores and online banks take advantage of this to target their ads and observe our shopping preferences. In recent weeks, however, these practices have been brought to a whole new level. Never before has technology been used so intensively and widely to monitor our health and, indirectly, to manage society. Such a large scale of extraordinary activities that endanger our privacy is something that only those living in the United States in the time immediately following 9/11 can remember. The Chinese may be somewhat less bewildered, having grown accustomed to their country’s social credit system which has long relied on data from the Internet, street cameras and smartphones to rate its citizens. Are we entering an age of global surveillance?
Measurements, controls, and laws
During the pandemic, digital devices watch us closely on streets, in stores, and even in our homes. Bluetooth-based applications such as TraceTogether can trace the contacts of an infected person. Wristbands connected to a smartphone control the movements of people placed under quarantine. A smart thermometer manufacturer has launched a website that collects data from hundreds of thousands of homes to predict infection spikes. Applications can recognize coronavirus infections by assessing cough type while drones can locate people running a fever. As devices take measurements, the government agencies and doctors who sanction their use turn the practices into new social norms.
What will become of our data?
Without much of a choice, each of us has agreed to having some of our rights restricted. Forced to choose between the protection of privacy and health, we will of course choose the latter. We have agreed to having our freedom of movement limited out of concern, fear and sometimes cold calculation. However, we are asking ourselves: what next? What is going to become of our work, personal life, the economy and politics. These questions also apply to the information about us collected during the crisis. Are there safeguards in place to ensure that the data on residence addresses and contacts with loved ones gathered during the pandemic will no longer be stored? During “normal” times, we have relative control over online data collection. The GDPR allows us to withhold our consent to its processing and demand its removal. However, things have become more complicated now with legislators invoking resolutions and special clauses passed during the crisis.
Privacy experts are not keeping quiet about their misgivings regarding the way governments, institutions and private companies use data to implement security policies. Overnight, biometric and location data has been pronounced health-critical. Face scanning on state borders is now viewed as a hygiene measure. While such interpretations appear to be reasonable during severe threats, upholding them any longer is fraught with dangers. To quote Yuval Harari from his latest article in The Financial Times: “Hitherto, when your finger touched the screen of your smartphone and clicked on a link, the government wanted to know what exactly your finger was clicking on. But with coronavirus, the focus of interest shifts. Now the government wants to know the temperature of your finger and the blood-pressure under its skin.”
The Cambridge Analityca Syndrome
The danger of data leaks to third parties is enormous. And I am not talking cyberattacks here. The Cambridge Analytica scandal has shown that as we log into Facebook to play games and do quizzes, our data becomes vulnerable to unauthorized access. A similar mechanism kicks in when we log into an application that monitors our health or our contacts with infected people. The danger lies in the fact that the data collected during the pandemic concerns health and, as such, has always been of great interest to banks and insurance companies. In addition, can we be sure that the data collected for health care institutions will not, sooner or later, end up in the hands of security agencies and politicians? Such questions have become legitimate concerns in almost every country.
What makes Covid-19 unprecedented is its global reach. Needless to say, as you scour the world, you will find that approaches to privacy vary from one nation to the next. Singapore has declared that its TraceTogether app will not record location data or access contacts on users’ smartphones. Phones use encrypted formats to store data. Google and Apple, which are working on a similar application, have also announced plans to encrypt data. Interestingly, the French authorities, which have been developing their own solutions (so far unsuccessfully), have refused to use ready-made software from these companies. South Korea has committed to stop data gathering and delete all personal information on its citizens as soon as the outbreak resolves.
Every social program, and especially one designed for crisis management, should come with a specified end date. There is nothing normal about government agencies being given unrestricted access to information on the whereabouts of each of their country’s residents at any time. Neither is it normal to handle the data of millions of citizens as if it were national-security sensitive. Sooner or later, the signs of the crisis and specifically those of health threats will unmistakably subside. What we are going to have to wait for and see is whether such positive signals will compel governments to restore normalcy in data protection.
. . .
Financial Times, Yuval Noah Harari: the world after coronavirus. This storm will pass. But the choices we make now could change our lives for years to come, Link, 2019.
. . .