COVID Is ‘Laying the Foundation for the Future Surveillance State’
By Patrick W. Dunne
Kian Vesteinsson is a research analyst for technology and democracy at Freedom House, a research institute in Washington.
He also greatly contributes to the annual “Freedom on the Net” report produced by the nonprofit, which was established in 1941.
The report, released in October, analyzes how countries worldwide handle internet freedom.
“The public-health crisis has created an opening for the digitization, collection and analysis of people’s most intimate data without adequate protections against abuses,” reads an excerpt from the 2020 report.
As a former senior law and tech policy officer at Human Rights Watch, Vesteinsson told Digital Privacy News that, with COVID-19 fears still reaching new heights, it was important to address how governments were handling the issue.
How are the coronavirus and the public’s response to it affecting digital privacy?
We found that this public-health crisis is laying the foundation for the future surveillance state.
Authorities worldwide are using COVID-19 to justify expanding surveillance powers and deploying new technologies that residents of those countries may have previously seen as too intrusive.
Smartphone apps for contact-tracing and quarantine compliance are widespread.
We saw them introduced in at least 54 countries, often with few or no safeguards against abuse.
These apps collect a lot of incredibly sensitive health information, so privacy safeguards are significant for keeping that information safe.
Are some governments going a bit too far?
Yes, of course.
We saw governments invoking the pandemic to engage in mass surveillance by forming direct partnerships with telecommunications providers and other companies.
They collected their users’ data to facilitate risk-modeling and tracking of the virus. However, this act entailed privacy violations, often without the user’s consent.
Even if they were acting in what they believe is their people’s best interest, the governments are still violating basic privacy rules.
What surveillance technology is being used, for instance?
In Ecuador, the government created a public-health platform that aggregates location data pulled from satellites and people’s phones.
This platform aggregates that data with surveillance-camera footage and personal data from a COVID-19 app.
It’s essentially gathering data from all these sources, including this incredibly sensitive health information.
There’s little transparency about how long this data is stored and who uses it.
It’s going against all the best practices of treating sensitive health information on a completely different front.
We’ve also seen authorities roll out facial-recognition technology and automated decision-making with minimal safeguards to protect privacy or prevent police abuse during the pandemic.
The most significant example is China.
How is Beijing monitoring its citizens?
The Chinese government has taken the world’s most comprehensive and draconian approach to monitoring COVID-19 with sophisticated technology.
We’ve even heard reports that people were asked to install cameras both inside and outside of their homes.
In one case, someone reported coming home to find that someone had installed a camera outside their door without their consent.
This is also happening across the U.S. and Europe: Companies pitch this advanced surveillance technology — whether it’s facial recognition, cameras or automated algorithmic decision-making systems — to governments, schools and all sorts of public places where people might be gathering.
Should we worry about contact-tracing tools in the U.S.?
These tools need essential safeguards to protect the privacy that they’re collecting.
In the U.S., we’re seeing many states rolling out tools that are built from the Google-Apple Exposure Notification (GAEN) system.
GAEN is an opt-in system that uses Bluetooth signals instead of your location data to determine proximity to other smartphones and ultimately provide information about potential exposure to COVID-19.
This is a promising alternative to invasive and mandatorily imposed apps in places like China and Russia.
But it’s essential that GAEN stores information on our phones versus a government database subject to centralized control.
There are still other privacy risks.
I’m worried that data stored on smartphones may also provide a privacy risk.
In general, smartphone apps are opaque about how they collect, store and process data — and how and with whom they share information.
The other apps on my phone can access sensitive data stored there by a contact-tracing app, allowing them to sell data unless they follow a strict privacy guideline.
There’s also the concern that proximity tracking is vulnerable to breaches or hacking.
I’m not sharing any of these to dissuade from digital contact with the tools.
Still, these are certainly privacy risks from these apps that can and should be mitigated by privacy protections, passed at legislation at the federal level.
What are your specific concerns about contact-tracing?
No digital contact-tracing tools will be useful or effective at stopping the COVID-19 pandemic unless it’s widely adopted and deployed in an environment where robust testing is available at low or no cost in all parts of the country.
There must be a manual contact-tracing system that’s well funded, well trained — and, of course — a well-resourced public-health infrastructure.
These digital contact-tracing tools are not the only tool in the toolkit that should be deployed.
What’s the best way we can benefit from contact-tracing and keep people safe?
This is a critical question. It’s a real tension, especially when we’re talking about this moment of the global public-health crisis.
I spoke earlier about these tools that are being rolled out to against COVID-19.
But here’s the big thing: Many COVID-19 monitoring tools haven’t been proven to be effective in limiting the spread of the disease.
But they do have evident harm when it comes to human rights.
So, what we need is for authorities to work with public-health experts to prove that any proposed COVID-19 surveillance measure is necessary and is entirely fit for purpose.
Public-health experts must demonstrate that this health-monitoring, technology-specific program is both necessary and sufficient.
We also need independent oversight, transparency and narrowly tailored rules to minimize the data collected and how government entities and private companies can use the data.
The final thing we need are transparency rules around how these tools are rolled out and who has access to them.
Can the government fulfill so many demands at once?
The best solution is to have a federal privacy law that strictly regulates the type of public entities and private companies that can use the data of people in the U.S.
Think about it this way: Our lives are increasingly shifting online. We have folks working, attending school and even visiting their doctor from home.
All those activities are unregulated at the federal level. Some states have regulations in place, but only a federal data privacy law can ensure all Americans’ safety.
Patrick W. Dunne is a San Francisco writer.