Chicago Deal With Canadian Tracing Firm Brings Myriad Privacy Issues

By Joanne Cleaver 

Jacob Furst’s commute from a Chicago neighborhood to his office at DePaul University, where he is director of the school of computing, involves public transportation and walking.

Not that the latest company to surveil the movements of Chicago residents would know: Furst keeps the geolocation function on his cellphone switched off.

Most residents aren’t as meticulous about shielding their routine movements from BlueDot, a Toronto company that is under contract with the city’s Department of Health to see how people are moving around the city and to extract from that data clues as to how to manage and anticipate COVID-19 patterns.

“The city should know what’s being done in its name.”

— Jacob Furst, DePaul University.

While city health officials say the data collected by BlueDot is anonymous and linked to cellphones, not to individuals, Furst says the city’s latest use of surveillance data accelerates the collision of citizen privacy and public-health management.

Given the urgency of the COVID-19 crisis, it’s understandable that Chicago policies and practices have not caught up with the potential cross-matching of data collected by BlueDot and other departments and agencies. 

But Furst wants the city to get to it anyway.

“Chicago is already heavily surveilled city,” he told Digital Privacy News. “It’s hard to imagine that the city would give up these tools.

“And to some extent, the city doesn’t need to make any justification, though the government should be fully transparent — and that includes contractors, absolutely.

“The city should know what’s being done in its name.” 

BlueDot could not be reached for comment, despite numerous attempts by Digital Privacy News. Chicago officials have not released the scope, duration or dollar value of the BlueDot contract.

To date, Chicago has 30,921 cases of COVID-19 among city residents — nearly half the total in Illinois.

Widespread Tracing Needed

“This geolocation data allows us to get a sense as to whether these interventions are doing what they are intended to,” Peter Ruestow, senior epidemiologist at the Chicago Department of Public Health, told Digital Privacy News. “Is the stay-at-home order getting people to stay at home?

“At the beginning of the outbreak, we were focusing on containment — but as we get more and more cases, that became less feasible and it became more important to have larger-scale community interventions.

“This idea of using geolocation data for the mobility of the population during the outbreak became useful — and that’s how we’re using it,” he said.

“We do have specialized information technology to protect the data — and we definitely do not share blindly within the city structure.”

— Peter Ruestow, Chicago Department of Public Health.

HIPPA Rules Prevail

The health department hews to federal health privacy laws and is experienced at respecting consumer privacy with sensitive data, Ruestow said, not that any of the BlueDot-collected data is tied to a specific consumer, per the city’s contract. 

If and how BlueDot data and analysis will be used by other city departments is yet to be determined, he said.

“We do have specialized information technology to protect the data — and we definitely do not share blindly within the city structure,” Ruestow said. 

Still, the nature of government funding demands that the health department justify the renewal of any contract, which means proving that the data helped the city respond quickly to neighborhood coronavirus hotspots and other patterns, the epidemiologist explained.

BlueDot’s Data Policy

BlueDot, however, makes no pretense of segregating the data it collects; in fact, its business model is grounded in merging up to 100 datasets, including “global air travel and near real-time disease surveillance,” the company said on its website.

That is relevant for another high-profile Chicago agency: the Department of Aviation, which operates two of the nation’s busiest airports, O’Hare and Midway international airports.

Further, prior surveillance programs have not always gone well in Chicago.

In 2003, an Australian firm, Redflex, won a $120 million contract to install cameras at 384 red lights to send automated traffic tickets to people who appeared to have committed moving violations.

By the time the Chicago Tribune discovered in 2012 that the scheme was predicated on bribery, Redflex had generated $400 million in fines, sparking pushback by many Windy City motorists later found to be wrongly accused.

“Once Chicago figures out that it has a reliable way of tracking individuals within the city, will they give that up?” Furst, the DePaul University professor, posed to Digital Privacy News.

“There will be all kinds of arguments for how this will make the city safer and stop crime, if they can track individuals.”

Meanwhile, Furst suggested city residents commit the simplest and most-convenient form of civil disobedience: turn off the geolocation function on their cellphones. 

Joanne Cleaver is a writer based in Charlotte, N.C.

Sources (external links):