This article is part of a series in which OECD experts and thought leaders – from around the world and all parts of society – address the COVID-19 crisis, discussing and developing solutions now and for the future. It aims to foster the fruitful exchange of expertise and perspectives across fields to help us rise to this critical challenge. Opinions expressed do not necessarily represent the views of the OECD. To keep updated on all of the OECD's work supporting the fight against COVID-19, visit our Digital Content Hub.
Co-authored by Brenda Leong, Senior Counsel and Director of Artificial Intelligence and Ethics, Future of Privacy Forum.
Decisions made during emergencies can have lasting effects. We ignore this historical lesson at our peril, especially since massive amounts of surveillance have been occurring globally, including through comprehensive cell phone location tracking data.
Governments around the world are now charged with the dire task of responding to the COVID-19 pandemic. This existential threat isn’t just taxing resources, but the social contract itself. In such desperate and uncertain times, it’s no wonder surveillance technologies are being used to track the spread of infection and guide social control measures, like policing quarantine orders. While the emergency adds urgency and legal legitimacy for probing into people’s health, as well as monitoring and restricting their movements, protecting privacy and civil liberties remains essential. How to do so is a much-debated and multi-faceted topic and our discussion is merely an entry point into two closely related questions.
- How important is the efficacy of new initiatives that restrict privacy and civil liberties, framed as necessary for containing the spread of COVID-19 (“flattening the curve”), given they won’t all be equally successful?
- What are the appropriate measures to take so policies don’t evolve bearing enduring privacy and civil liberties costs?
Just how effective is the contact tracing approach?
Limited resources have constrained the effectiveness of responses to COVID-19. There isn’t enough equipment (ventilators, masks, etc.) available and a vaccine hasn’t been developed. These limitations have resulted in prioritising contact tracing as a first line of defence. Such initiatives aim to support broader containment strategies by identifying those who might have COVID-19 because they came into contact with someone who is confirmed to have the illness, while that person was contagious.
Contact tracing—a response that only seems to be effective when infection rates are low and sufficient testing is available—can be conducted through different technologies, all of which carry certain risks. Tracking through GPS or cell tower location data generally fails to identify locations tightly enough to sufficiently identify possible contagions, while allowing access to stores of personal data.
The Bluetooth-based app model has the benefit of not including personal location data; instead, it operates by tracking “interactions” between devices and is precise enough to verify close range proximity. Nevertheless, since everyone doesn’t carry a phone and downloading the app is voluntary, there are limits to its effectiveness as well. Most importantly, it operates by sending an alert to seek testing when the device crosses paths with someone else who has been found positive. As a result, diagnostic effectiveness also requires sufficient ease and availability of testing stations. And while Bluetooth technology operates on a unique, “anonymized” identifier, it’s still tied to an individual’s phone number, making the possibility of identifying personal data a concern. Bluetooth based systems have other drawbacks as well, including known security vulnerabilities and significant battery use (which disincentivizes the continuous use required for the app to work).
These are only observations about effectiveness but they highlight a crucial question that has important privacy and civil liberties implications: Is contact tracing medically necessary for protecting public health?
If the answer is no – if collecting individualised location data isn’t sufficiently useful to stop the spread of COVID-19 – it shouldn’t be done. Location data is considered legally sensitive because where we go reveals a lot about who we are. In our views, pre-emptively preventing the collection and storage of personal location data is thus an effective way to ensure that governments won’t misuse that information in the future.
Importantly, foreclosing poor, ineffective options is not to say that digital technologies cannot play important roles in tracking and responding to epidemics by other means. On the contrary, preventing the use of flawed techniques has the additional benefit of incentivising the search for better alternatives. For example, public health experts are now recommending using aggregate (not individualised) location information to help manage COVID-19 resource allocation and measure group-level trends. A number of European countries are working with telecommunications providers to obtain anonymized customer location data to analyze movement patterns.
In our view, the bottom line is: While information management is crucial for COVID-19 policies, every time a surveillance measure is considered, it’s imperative to ask whether, in fact, it should be introduced. As Susan Landau, Bridge Professor in Cyber Security and Policy at Tufts University, rightly concludes in her essay, Location Surveillance to Counter COVID-19: Efficacy Is What Matters: “Efficacy should always be the first issue to raise in the deployment of any technology, especially one that involves potentially serious risk to privacy and civil liberties. If a proposed ‘solution’ is not efficacious, there is no reason to consider the program”.
Of course, it should be noted that privacy enforcement authorities play an important role in guiding the decisions being taken today, and virtually all privacy legislation includes exceptions for emergency circumstances - particularly when the “right to life” is at stake. This approach generally requires that emergency restrictions on freedoms be necessary, proportionate, and limited to the emergency period. Yet even with careful attention to these values, the risk of normalisation from surveillance calls for thoughtful scrutiny and societal debate.
Historian Yuval Noah Harari expressed concern about governments monitoring citizens’ bodily data (finger temperature and blood pressure) through their smartphones for two reasons: “It might normalise the deployment of mass surveillance tools in countries that have so far rejected them”; and, “It signifies a dramatic transition from ‘over the skin’ to ‘under the skin’ surveillance”. Harari speculates that in the future these capabilities might give governments and corporations significantly more insight into our private emotions than they currently have.
How should slippery slope possibilities like this one (and there are so many!) factor into decisions about what to do? Again, it’s helpful to use efficiency as a baseline. Reconsider that a surveillance programme might not be necessary if it has questionable efficacy. If the programme also deploys new surveillance tools or methods that risk continued compromise of privacy and civil liberties in the post-pandemic world, these effects should count as a definitive strike against its use.
By emphasising efficacy as a first-order concern for determining whether to run a new surveillance programme or use new surveillance features during the crisis, we’re making the case that evidence-based considerations are fundamental. These considerations include the fact that transaction costs and opportunity costs matter: the easier it is to surveil, the more tempting it becomes; and, investing resources in expanding and accessing surveillance infrastructure weakens the prospects for dismantling it. Also, surveillance and mission creep go hand-in-hand: over time, the mandate for using data or a data-collecting instrument for a specific purpose can change and become more expansive. And the more accustomed people become to using a technology, the harder it can be to break them of the habit.
Unfortunately, none of these factors, alone or in combination, can be translated into incontestable, mathematically formulated probabilities. Consequently, the risks they pose, individually and collectively, are hard to quantify. What is important to keep in mind is that they do pose real threats. Protecting privacy and civil liberties will require figuring out how to give causal drivers due consideration under conditions of uncertainty.
The ideas we’ve presented are intended to further the critical global conversation. Despite all of our differences, our collective goal should be to ensure we can look back on the history of this time with our rights intact.