Coronavirus and The Privacy Crisis: A Grave New World

The shadow of coronavirus pandemic looms over almost the whole globe, enshrouding masses in a grip of fear and uncertainty. Though pandemics eventually fizzle out, the consequences they leave behind in their wake – like lingering echoes of all crises – have an obstinate tendency to become a permanent part of our social life.

One response that the global pandemic has triggered is the expansion of surveillance programs in many parts of the world. On the surface, having our phones turned into information broadcasting devices and cameras that can recognize us along with much of our personal details seem like necessary measures for identifying people at risk and managing quarantines.

But the important question to ask is, what happens after the pandemic is over? Our medical records, health status, location data, and personal contact information in the hands of law enforcement, police, and other state institutions smells awfully like the perfect recipe for a police state.

In the face of this Orwellian threat to our civil liberties, public awareness about surveillance capabilities that governments have developed and extensive media coverage of such details is essential if we hope to keep a check on the common governmental tendency to use crises as an excuse for infringing basic human rights.

There are already worrying signs that surveillance initiatives being taken to control the spread of the virus might exceed their original scope and purpose, heralding a grave new world where surveillance is normalized.

Pandemic Surveillance and the Possibility of Mission Creep

“Preventing the spread of coronavirus while maintaining the privacy ofcitizens’ data is a delicate balance. Data protection shouldn’t hamper the efforts to curb the spread of the virus, but on the other hand, governments should not completely ignore the right of a citizen to privacy.” – Reuben Yonatan, CEO GetVoIP.

Every country affected with coronavirus has come up with its own solution to sharing information about coronavirus cases in order to enforce quarantines and determine dynamics of infection within any given area.

In most countries, a combination of technologies has been put in place, utilizing data from mobile phones, patient records, public CCTVs equipped with digital thermometers and facial recognition capabilities. These constitute a network of highly invasive data sharing technologies at a mass scale.

According to James Giordano, PhD, Professor of Neurology and Biochemistry at Georgetown University Medical Center, “iPhone-linked apps that identify whether individuals are COVID Positive are, at present, the most intrusive. These can be linked to facial recognition and social media programs to track individuals’ movements, activities, and personal contacts.”

Contact tracing techniques are particularly in wide favour among public health officials because it helps inform decision-making about quarantines and trace down the source of the virus to identify vulnerable areas.

Combining contact tracing with the outstanding power of modern phones through precise location data provides accurate insights for enforcing quarantines and understanding health status of a given population. And many state-sponsored apps helping fight the disease are doing just that.

But the mass data collection and sharing that these technologies entail pose a significant privacy risk. In fact, some apps share more information than officially claimed: information that is perfectly conducive to exerting social control and curbing basic freedoms.

This is especially alarming in countries that already resemble Big Brother-esque forms of monitoring and control. The Chinese Alipay Health Code is a good case in point.

The Alipay Health Code is a piece of software you download in your smartphone, which assigns the owner of the device with a colour-coded QR representing risk and health status. If you’re green, you’re safe. Yellow and red will require 7 to 14 days of isolation respectively. China has checkpoints in public spaces where you can only enter if the QR code gives you the green signal.

The system is remarkably simple and efficient and nothing seems to be off about this at first. Yet its operation is still a bit of a mystery. Officials have remained suspiciously silent about how the system classifies people with one of the three colors associated with infection risk level. The silence is terrifying, especially when the app suddenly changes color to one representing a higher risk level with no explanations why.

Suddenly, you find yourself under orders to quarantine yourself and that’s that. Though beneath the shady functionalities of the app lies something even more sinister. Digging deeper, there’s an instruction in the app’s code named “reportInfoAndLocationToPolice”. The code transmits the individual’s location, and an identification number to a server, presumably accessible by the police.

When you consider all that and remember the situation of the Uighur Muslims of Xinjiang, who have been subjected to similar color code based monitoring as a tool for oppression, the pattern is a hair-raising alarming one.

It’s hard to predict all the many ways in which the data collected through these apps might be abused by governments. What’s certain is that the potentiality for misuse exists.

As Laura, owner of InfinityDish aptly points out:

“It’s easy to see how combinations of facial recognition and contact tracing could be disastrous for citizen privacy. This danger only increases when put into the hands of the police-state and dictatorial governments. It’s undeniable that contact-tracing has had a strong preventative effect in many Asian countries.

“However, the tales of mandatory tracking bands in Hong Kong and regular phone calls to those quarantined in Taiwan are both worrying, considering their histories of human right abuse.”

Be that as it may, one crucial fact remains: China’s epidemic control strategy is one of the most effective in the world and its vast surveillance capabilities have doubtless played a key role in controlling the situation.

This begs the question if acquiescing to pervasive surveillance in a pandemic crisis is actually the key to effective control and containment.

The Eastern Reliance on Surveillance Tech

“Depending on who you ask, mass contact-tracing via phone-tracking could either be an extremely effective way to reduce COVID-19 spread… or alternatively, a significant – and possibly permanent – damage to multiple dimensions of privacy” – Rob Shavell, CEO of Abine.

It is hardly a coincidence that countries with the strictest quarantine and surveillance measures have generally tasted better success in managing the coronavirus pandemic. There are quite a few good cases in point in this regard.

Take Singapore, for instance. The Ministry of Health uploads information about each confirmed patient with astounding detail so you can stay away from the places the infected ones have been to and the people they have been in contact with.

Here’s one entry about a confirmed case on the ministry’s website:

“Case 227 is an imported case involving a 53-year-old male Singapore Citizen who had been in France from 7 March to 12 March… He is a staff of Lighthouse Evangelism Church (Tampines Street 82) but had not gone to work since onset of symptoms. He stays at Pasir Panjang Road.”

Singaporean government also developed an app, TraceTogether, which works on an opt-in model in homage to user consent – a commendable feature. TraceTogether uses Bluetooth to connect with phones of nearby people and maintains location data logs that can help to see if people at risk have crossed paths.

It respects user privacy by keeping the identities of users a secret to one another, but the app is not without some privacy holes. Although the app only relays information to government servers if the user permits it, the server can determine the private data of users even if they are not infected. Another concern is the longevity of data logs, which are locally deleted from the app every 21 days, there’s no saying if central authorities are committed to the same diligence in deleting records.

When you think about how TraceTogether is one of the most privacy-focused covid-19 tracing apps, it’s disheartening to see that the best we have isn’t without considerable privacy flaws of its own.

Yet, Singapore’s success at controlling coronavirus is exemplary on a global level.

Elsewhere, the systems in place seem almost dystopian-level of bad. Officers in Taiwan are calling people two times a day to make sure their mobiles are at hand and to inquire about their health status. This system is different from that employed by Singapore, Hong Kong, or China, because there are no mass data sharing apps that Taiwanese people are obligated to download on their phones.

Instead, the surveillance system relies on traditional phone networks to triangulate a user’s location. Nonetheless, the extended powers granted to the police and state – though probably well-intentioned in the interest of the greater public good – appear to share characteristics with the system oppressive control that hark back to Taiwan’s bleak history.

Switch your phone off for 15 minutes and the Taiwanese police will be notified that you’ve gone offline. Expect a few police officers banging on your door to check up on you shortly after. An American Student stuck in Taiwan’s quarantine was swiftly visited by the police after his phone’s battery ran out while he was asleep.

But these draconian measures have led to outstanding success in controlling infections in Taiwan.

Balancing Privacy and Public Health

No one would deny that some degree of information exposure is necessary to effectively tackle the spread of coronavirus. Fast access to accurate, instantly updated information that is accessible to responsible institutions, officials, as well as the general public is key to managing large scale crises like these and concessions to privacy is the only way mass data sharing can be implemented. But to what extent can society benefit from that?

A good argument may be built that, with a sufficiently well-coordinated surveillance response, the need for lockdowns may be avoided. An excellent example is South Korea which has demonstrated how mass surveillance, rightly implemented, can obviate the need for imposing restrictions on movement. Rather than shutting down the country and economy, South Korea relied on its smart city infrastructure to battle coronavirus.

Utilizing information from cameras, mobile phones, and credit card transactions, the South Korean authorities can identify people that have been in close proximity to coronavirus patients. From there, it’s simply a matter of utilizing the country’s outstanding testing and hospital capacity while enforcing quarantines where necessary.

In this way, South Korea chose to take away their citizen’s privacy to ensure the much greater right to health with huge success.

The dilemma of public safety and preserving privacy is significantly tougher for Western countries as compared to their Eastern counterparts. The stark difference in coronavirus management efforts between East and West suggests that cultural attitudes about surveillance might have something to do with it.

The Shoddy Shelter of Privacy Laws

“GDPR and CCPA policies are effective at present, to some degree. However, in light of increasing demand to stabilize the economy and the need for increased testing and surveillance, these legislative efforts will require re-visitation, and perhaps some measure of revision (such as a more broadly construed medical information non-discrimination act- MINA, modelled, at least in part, upon the extant Genetic Information Non-discrimination Act, GINA)” – James Giordano, PhD.

The idea of surveillance as something inherently evil is more popular in Western societies than in the East. It isn’t surprising that some of the strongest legal protections for data privacy happen to exist in Europe and the US in the form of the General Data Protection Regulation (GDPR) and CCPA.

These legislative frameworks are welcomed by public and groups advocating privacy in the US and Europe, as these guidelines compel companies previously negligent of privacy rights to ensure anonymity and confidentiality of customers. Clauses for respecting customer’s consent and their right to know how their data is being used are essential components of these laws.

But the effectiveness of GDPR and CCPA has remained questionable even during times more normal than the current global situation, where it is even more likely to fail to forestall violations of privacy.

According to Caleb Chen, Content Marketing Manager for Private Internet Access: “Cal. Civ. Code 1787.145(a)(2), part of the CCPA, permits entities to disclose information to the government. Similarly, the GDPR includes flexibility in clauses that allow private data to be disclosed due to public health concerns or cross border terror threats.”

“While legislation like this may be effective in tidying up the privacy practices of the average company, they can technically be ignored by a sufficiently motivated government.”

Skepticism about the ability of these laws to prevent privacy violations inherent in the functionality of contact tracing apps and other invasive monitoring technologies deployed as part of coronavirus containment effort are thus well-founded.

On this note, Perry Toone from Thexyz says, “It will be interesting to see how European countries deal with this. A couple of years ago, EU countries introduced GDPR which were the strongest privacy laws in the world. I am not sure how compatible the GDPR regulations will be with contact tracing apps.”

Inconsistencies in laws at the federal and local levels is another hindrance to privacy protections. According to D. Gilson, PhD, and researcher for CarInsuranceComparison: “Legislation like the CCPA has not previously been very successful in protecting our privacy. Federal law, for instance, has recently been seen as protecting the DMVs’ right to sell our private information.”

But some official protections of privacy are better than none at all. The liberal democratic inclinations of the West and public outrage against many recent privacy scandals only justified the need for privacy regulations such as GDPR and CCPA.

With mounting public pressure and digital privacy now coming under stronger legal protections, Western governments have found it hard to fight public reluctance to privacy-violating surveillance

As a consequence, we have seen less strict surveillance in most Western countries, which it may be argued, became a contributing factor for the heavy costs incurred by West due to coronavirus.

Where China, Hong Kong, South Korea, Taiwan, Singapore and their ilk chose to violate individual privacy in the interests of public safety, Western countries strove to maintain a balance between individual rights of the public. The correlative pattern between success in covid-19 containment and the extent of surveillance enacted, while obviously not conclusive, is suggestive.

Should some rights and liberties be sacrificed to save lives in the face of immediate danger or should we resort to less drastic – and less effective – measures to reduce the spread of the virus and thwart extension of powers that forebode future oppression?

Which alternative amounts to lesser human misery in the long run? These are not easy questions to answer, but the situation presents a true test of prudent leadership and penetrating prescience if we ever saw one.

The Post-Corona World

“Scraping data that users voluntarily put on the Internet is one thing. But leveraging fears in a crisis to incentivize them to upload highly sensitive data that they never intended to share is dangerous and permanent.” – Raullen Chai, CEO of IoTeX.

If we could be guaranteed that the extended surveillance powers of governments during coronavirus will recede as soon as the pandemic ends, there would be no cause for worry.

But in the face of uncertainty and the undeniable tendency of government surveillance systems to become a permanent part of our lives, there is ample cause for concern as far as the post-corona world is considered. This is especially true when heightened state surveillance efforts coincide with the suspension of normal social freedoms and rights.

Governments have a history of ushering in surveillance technology during major events that are retained long after their originally declared purpose has been served. We saw this after September 11 terrorist attacks in the US and 2008 Olympics in Beijing.

I reached out to a few experts for their thoughts about new surveillance measures becoming a permanent feature of post-corona civilization. Many fear that invasive surveillance might well be on its way to become the new normal:

On this note, James Giordano notes:

“It is possible, if not likely, that the type and extent of public surveillance will continue after this first wave of COVID-19, so as to either lessen and/or respond to increase infections occurring during a second wave. This may represent a new normality, with broader level and types of public and individual surveillance being maintained, and a relative laissez-faire attitude growing within the public. ”

Similar fears are echoed by Reuben Yonatan:

“Hopefully, these governments will relax the measures once the pandemic ends. From experience though, we have seen that if you give the government an inch they take an entire mile. Some governments will, but without a doubt, some will justify the measures insisting it is prior preparation for future pandemics.”

Perry Toone expresses skepticism as well:

“I have not seen (measures relaxed at any time in the past and do not expect they will be relaxed after the pandemic.”

David Reischer, Attorney & CEO of LegalAdvice.com is particularly concerned about the collection of biometric data of citizens:

“There are legitimate concerns of a mass surveillance state developing whereby an individual’s bio-metric data is obtained.”

Raullen Chai points towards September 11 attacks to foreshadow what we may expect in the future:

“These emergency measures risk normalizing monitoring mechanisms in much the same way that the September 11 terrorism attacks triggered legislation enabling broad spying on citizens. This ostensibly temporary legislation remains largely unchecked almost two decades later.”

It is easy to get carried away with fears of an impending dictatorship when civil rights are impinged on, but it is important to remember that the current situation isn’t an ordinary one. Fearing the present and dealing with immediate threats is more important than worrying about all the many ways existing surveillance powers may be abused in the future.

On the flip side, our fears of invasive surveillance resulting in serious abuses of human rights are grounded in recent history. It is hard to predict what the future may exactly hold for us; whether policymakers will fight to have our liberties restored and the scope of surveillance diminished once the pandemic subsides.

Or perhaps the public will gradually come to accept the new normal of widespread monitoring in a society where privacy has long died.