With the COVID-19 pandemic preventing large gatherings of any kind, the Senate Committee on Commerce, Science and Transportation last week was forced to hold its hearing on big data and privacy protections in response to the pandemic as a “paper hearing.” Participants submitted written testimony only. Lawmakers sent those experts questions, and the panel responded with written answers.
Despite the unusual format, the hearing was packed with insights about which tracking and tracing technologies have the best chance of being helpful in the fight against COVID-19, and which constitute too high a risk to Americans’ civil liberties.
Most witnesses were representatives from industry associations, but the list also included Ryan Calo, a professor of law at the University of Washington, and Kinsa CEO Inder Singh.
Other countries’ examples
Part of the impetus for this discussion is the relative success some other countries seem to have had with digital contact tracing – using cell phone activity, GPS and/or Bluetooth data to monitor the path of infection and quarantine people accordingly.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
For instance, lawmakers pointed to Taiwan, South Korea, Singapore and Israel as countries that have managed to control the disease. But witnesses questioned whether those cases were truly illustrative, as well as whether that level of tracking could work in the United States.
“In responses like Taiwan’s, the availability of high-quality and complete data sets helped enable a policy response that effectively stopped the spread of COVID-19,” Graham Dufault, senior director for public policy at ACT | The App Association, wrote in his remarks. “However, the ready availability of an extraordinarily complete picture about individuals’ movements to a government authority is not generally a feature of American policy, which tends to avoid such invasive surveillance and enforcement without due process.”
The question at hand is whether voluntary tracking can be as effective as mandatory tracking. To that point, one of Israel’s initiatives could be a serviceable model.
“[A] program launched by the Ministry of Health has been supported by leading privacy academics in Israel,” said Stacey Gray, senior counsel for the Future of Privacy Forum. “This program involves an app, ‘HaMagen,’ which individuals may use voluntarily, and leverages GPS data, Wi-Fi data, Google Timeline history (upon separate consent) and Bluetooth data to enable alerts to users who have been in the proximity of a known infected person. Alerts trigger a recommendation for users to voluntarily self-quarantine. HaMagen is open source, voluntary and according to the Ministry of Health has been adopted by approximately 1.4 million people, or 25% of the desired population.”
University of Washington’s Ryan Calo and Michelle Richardson, director of the Privacy and Data Project at the Center for Democracy and Technology, both noted that it’s impossible to know for sure whether results in other countries are replicable here.
“To the extent that technology-based contact tracing has been effective in these jurisdictions, they have not been voluntary, self-reported, or involved self-help,” Calo said. “Rather, public officials have forced compliance and dispatched investigators to interview and, if necessary, forcibly quarantine exposed individuals. I see it as an open question whether Americans would be comfortable with this level of state expenditure and intervention. At any rate, the experiences of these nations are not a ready analogy.”
“Even though location and proximity tracing apps have been deployed in other countries,” Richardson added, “their impact has not been disentangled from contemporaneous efforts like widespread testing, compulsory quarantines, public information on the movement of infected individuals and other responses.”
Calo pointed out that voluntary self-reporting apps sound good in theory from a privacy perspective, but they introduce a new danger: bad actors co-opting the platform.
“It is not hard to imagine nefarious use cases as well,” he wrote. “A foreign operative who wished to sow chaos, an unscrupulous political operative who wished to dampen political participation, or a desperate business owner who sought to shut down the competition, all could use self-reported instances of COVID-19 in an anonymous fashion to achieve their goals.”
How much are privacy and security at odds?
Many senators framed their questions to the panel in terms of the balance between privacy and security.
“I want governments and businesses to be mindful that, in a complex world where absolutes like total anonymity and privacy are rare, we have to balance the value of privacy with other core values, and that the quest for that equilibrium is a constant challenge,” Leigh Freund, president and CEO of the Network Advertising Initiative, wrote. “I am optimistic that we can, collectively, retain a strong belief in the value of data for both societal and commercial benefit, and that its use can be governed by respect, rather than fear.”
Most witnesses suggested that, with the right technology, it was possible to have both privacy and an effective response to the virus. But to do so, companies and governments will have to choose the right approaches and carry them out correctly.
Source: MobiHealth News
