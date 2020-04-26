THE Governor’s Economic Re-opening Task Force is meeting daily to determine how to reopen New Hampshire while maintaining public health. As the task fork undertakes its mission and the governor coordinates with neighboring states, there will inevitably be conversations about “contact tracing,” a technology that New York is already pursuing.
Such technology could be vitally helpful in reopening states. It could also eviscerate privacy. Pandemics, like other emergencies, can serve as opportunities for governments and corporations to expand their power at the expense of civil rights. This includes expanded access to personal data — the twenty-first century currency of choice for corporations.
History makes clear that it is easier to prevent erosions of privacy than it is to regain privacy rights after they’ve been lost. To this day, we are still trying to claw back the privacy we lost to the Patriot Act in the wake of 9/11. This is why any discussion of contact tracing must prioritize privacy rights before it is ever implemented.
Contact tracing is a longstanding public health technique that works by identifying all people that a sick person may have exposed. But traditional contact-tracing — carried out through in-person interviews — is labor-intensive and too slow for a fast-moving virus like COVID-19. The proposed systems for this pandemic would instead rely on data taken from mobile phones.
If such systems are to work, they must be widely adopted. But that won’t happen if they are not trusted by the population, which again means protecting privacy from the outset.
At a minimum, this means any contact tracing system must be voluntary. People will avoid and distrust a privacy-sensitive scheme that seems compulsory and antagonistic. Context matters here. If installing and running an app is required in order to go to work or shop for food, then it is not truly “voluntary.” The United States has never compelled people to carry a phone, much less to install a specific app, and doing so would represent an enormous and distressing step.
Contact tracing must not be used for punitive measures such as criminal prosecution or immigration enforcement, or even for potentially health-related measures that could be considered punitive, like quarantine enforcement.
A contact tracing system must not collect or transmit any data not strictly necessary for public health. It should adopt strict technical and legal safeguards for data that is collected and transmitted, and use of data that is difficult or impossible to anonymize should be avoided.
Any contact tracing system must be transparent about which central authorities it relies on and for what purpose. The most privacy-unfriendly tech schemes ship huge amounts of data to central authorities, leaving users little to no control over what happens to data once it leaves their device. Even if an authority is well intentioned, it could turn over data to a more malicious authority in the future, or it could be technically compromised.
We have repeatedly seen technological systems deployed that further entrench existing social inequities, such as recidivism risk scores that are more likely to keep people of color incarcerated, hiring algorithms that exacerbate existing gender disparities, and facial recognition systems that are more likely to misidentify people of color as criminals. Any contact tracing system should account for and mitigate these risks.
Contact tracing will rely on the availability of hardware and Internet access, requiring that steps be taken to avoid economic disenfranchisement. If accelerated access to testing is granted to people because they own a smart phone and have high-quality Internet, that may amplify existing disadvantages faced by poor communities (which are already at elevated risk of complications due to COVID-19).
Contact tracing should be coupled with efforts to identify populations likely to be misrepresented or excluded by the system. It should also include funded measures to support these communities, such as expanded traditional contact tracing and subsidized Internet access.
Basic privacy protections must be employed. Data should be encrypted. Any system must not share fine-grained data and should retain only aggregate information. Any retained data should have a defined expiration date that is no later than the latest epidemiologically-relevant date. When it expires, the system should purge all data from any component that has access to it.
There will be pressure to engage in “surveillance creep” from those who want broader use of surveillance schemes for other purposes, benign or malicious. Contact tracing for COVID-19 should not last beyond this current pandemic. That means from the outset, any contact tracing system must have built-in and transparent measures for phasing itself out.
As the Governor’s Task Force fulfills its mission, location tracking and massive centralized surveillance should be off the table, but proximity tracking could be useful – if essential privacy safeguards are installed from the start. Privacy must not be sidelined, unless we are willing to sacrifice it for good.