Combating the coronavirus crisis is proving to be a huge challenge, one that no government expected or prepared for. As a result, almost every nation is playing catch-up, imposing strict quarantine measures to reduce transmission. With over 7 billion people on the planet, this is no easy task. Keeping track of those infected and cured is leading to a mass surveillance programme on a scale never seen before.
Even in the European Union (EU), home to some of the strictest privacy measures, governments are turning to surveillance tools like cellphone data to help battle the disease. Led by China’s example, the crisis now has many experts asking: is this the new normal?
Should people expect to be tracked and monitored every step of the way?
China is well known for its surveillance programme, especially after it rolled out a social credit system earlier this year. Despite criticism from human rights groups and the press, the system actually laid the foundation for China’s response to COVID-19.
Facial recognition is the backbone of the system – several Chinese companies rolled out systems that can detect elevated temperatures in a crowd, and identify citizens not wearing a mask. This is combined with telecom operators’ ability to track the location of its users. There’s also a system called Health Code, assigning users a colour code based on their travel history. As the crisis worsened, China released an app that lets people check if they have been near an infected individual.
All these systems are not new for China’s 1.4 billion people. To quote M from the James Bond movie Spectre: “surveillance is a fact of life.”
The question though is if the Chinese government will retain these draconian systems once the crisis is averted. In an interview with The Guardian, Stuart Hargreaves, an associate professor at Chinese University of Hong Kong’s law school said: “intrusive surveillance is already the ‘new normal’. The question for China is what, if any, is a level of surveillance that the population refuses to tolerate.”
In the EU, governments are increasingly finding the Chinese model as an apt solution. In a continent where open borders and ease of travel has become a way of life, tracking infected people is proving to be a challenging task. Without quarantining infected people and social distancing measures, Italy has already seen the devastating effects of the virus. The European Commission (EC) has asked that all tracking data obtained from telecom companies be centralised, speeding up response across the bloc. Thierry Breton, Europe’s internal market commissioner, called on the companies to hand over anonymized and aggregated data, as per Politico.
Spain and Portugal have taken digital surveillance to the next level, by creating an app that can track people’s movements. However, as lockdowns become the new normal, this data is not as useful since it cannot track localised movements within neighbourhoods.
So if such data isn’t as useful, why is the EU still persisting in collecting it?
“The acceptance level for tracking is higher,” Staffan Truvé, chief technology officer of cybersecurity intelligence firm Recorded Future told Politico. “Everyone feels at risk. The personal benefit of briefly giving up your privacy feels much bigger than with terrorist attacks.”
As medical professionals race to contain the spread, public health has become the number one concern rather than privacy.
The social contract model, that originated in the Age of Enlightenment proposes that “individuals have consented, either explicitly or tacitly, to surrender some of their freedoms and submit to the authority (of the ruler, or to the decision of a majority) in exchange for protection of their remaining rights or maintenance of the social order.”
Now with our health and life at stake, citizens are more willing to surrender their freedom to privacy.
In a statement on March 19, The European Data Protection Board came out and said that the GDPR regulations “do not hinder measures taken in the fight against the coronavirus pandemic.” It has also approved the use of phone location data, even if it is not anonymised or gathered with consent, paving the way for the EU to identify millions of EU citizens due to the epidemic.
Even if the data is gathered in an anonymised fashion, it is possible to combine it with information held in other government databases, revealing information. And since the aim is to identify infected individuals, there’s almost no scope for privacy. Eiko Yoneki, a research fellow at the University of Cambridge Computer Laboratory spoke about the issue to Fortune. “If you want to protect or prevent future infections, or if any action is required, then my guess is you have no chance to [maintain anonymity]. A certain level of identity should be revealed,” she said.
There are other relatively low-tech solutions being employed all over the bloc. Brussels has employed drones to monitor social distancing rules. In Spain, the police have been using drones to reprimand people for not obeying the quarantine measures. Without a doubt, the use of drones does give cities more flexibility and ease to tackle those violating social distancing norms, but will it become an accepted method for policing in the future?
- Sensitive personal data: This is information about you, your health and your symptoms if unwell, as well as data shared by your phone such as your IP address and location.
- Other personal data: Contact information.
While the second is standard for any app, the first should concern users. The policy clearly states that the data will be shared with other countries such as the USA, even if the data is anonymised. Since the app complies with GDPR regulations, it shouldn’t be a concern. However, if even the EU is willing to look the other way on GDPR during this crisis, it’s not a long stretch to imagine the UK doing so. It is also almost a certainty that the US will. It is very clear that thus, anonymity is no longer the number one concern in the battle against COVID-19.
Where is The Line?
It is important to understand that this is really the only effective way of controlling the spread of the coronavirus. Nations have attempted to impose lockdowns, but they haven’t always been successful. Many people are still out in parks, beaches and pubs, refusing to adhere to social distancing guidelines despite constant requests. If China has taught the world a lesson, it is that intrusive surveillance and tracking is the only solution.
However, everything has a limit. The question is will surveillance too have one? Talking to Fortune, Eva Blum-Dumontet, a researcher with the U.K.-based civil liberties group Privacy International compared the situation to 9/11. “One of our key concerns is: Is it just for the period of the coronavirus crisis, or what happens next?” asks Blum-Dumontet. “We’ve seen this before with the question of terrorism…We never seem to return to normal.” She isn’t wrong. The post- 9/11 measures turned into the PRISM, the surveillance programme that came into the public eye following Edward Snowden’s revelations. On the other side, it is because of such programmes that current measures to combat the coronavirus are possible.
If the public comes to accept mass surveillance as normal, like in China, then there will be limited, if any, opposition to the continued use of such programmes even after the crisis ends. While government use is one thing, it could also be a starting point for private companies to infringe on privacy.
To enforce such surveillance, governments will no doubt have to work with the private sector. If Apple and Google legally weaken their privacy settings at the request of government, it could also allow them to use the data for their own needs. Data is the new oil; it’s what most private firms like Facebook, Amazon and Google make money on. Now that there is a chance to get better, more refined and identifying data, it’s a very real possibility these companies could jump aboard that ship. Especially since they are already facing record losses as a result of the economic crash.
Will governments then stand up and advocate for a limit to the use of such data, or will it prove just too useful for them to stop? Only time will tell.
If you enjoyed this article, please consider checking out more of our tech coverage.