For each new transmission of coronavirus, imagine the “tick tick tick” of a stopwatch. At least 2 million adults in the US could require hospitalization over the course of the pandemic, the Centers for Disease Control and Prevention estimates; that’s more than double the nation’s supply of hospital beds. Curfews and social distancing will hopefully help mete out the number of infections slowly—because 2 million patients over 18 months will be more manageable than 2 million over six months. Yet all such predictions are essentially guesswork at this point.
Leaders are looking for guidance on when to close schools or order residents to shelter in place, and whether the measures they’ve already taken are working. Early research on coronavirus suggests that isolating people soon after they become symptomatic plays the “largest role in determining whether an outbreak [is] controllable.”
Officials have a powerful potential surveillance tool unavailable in past epidemics: smartphones.
Government officials are anxious to tap the information from phones to help monitor and blunt the pandemic. White House officials are asking tech companies for more insight into our social networks and travel patterns. Facebook created a disease mapping tool that tracks the spread of disease by aggregating user travel patterns.
Such efforts clash with people’s expectations of privacy. Now, there’s a compelling reason to collect and share the data; surveillance may save lives. But it will be difficult to draw boundaries around what data is collected, who gets to use it, and how long the collection will continue.
One concern: Data collected for one purpose can later be used for another. Privacy experts say transparency is crucial if typically private information is harnessed for public health. Data used to fight Covid-19 could be reused for something else down the road.
“What’s really important is for the government to be really clear in articulating what specific public health goals it’s seeking to accomplish,” said Kelsey Finch, senior counsel at the Future of Privacy Forum, an industry-backed group focused on tech policy. “And how it’s limiting the collection of personal data to what’s necessary to achieve those very specific goals, and then making sure that there are appropriate privacy safeguards put in place before data starts to change hands.”
Even anonymized, aggregate data can inform health efforts. Consider a scenario where city officials close bars and restaurants for a weekend, hoping to reduce the number of new coronavirus infections. But instead, infections increase. Some may be the result of exposures days earlier, but tracking where people went over the weekend could reveal new transmission hot spots.
Some lawyers and academics have suggested that public health officials tap the geofencing capability of phones, to learn who may have been near people infected with the virus. Police have relied on geofencing in investigations, using broad warrants to request information on every smartphone near a crime scene.
Last May, police requested location data from every “Google account that is associated with a device” within 150 meters of a bank robbery. In theory, Google could notify users whose phones were recently near an infected person. Google didn’t respond to a request for comment.
There’s already legal debate over whether such actions would overstep the Fourth Amendment’s restrictions on the government’s ability to search private property. Evan Selinger, a privacy expert and philosophy professor at the Rochester Institute of Technology, says partnerships between tech companies and government agencies could create a “Covid-19 response infrastructure” that incentivizes companies to “find creative ways to benefit from mission creep.”
Some privacy scholars question whether enhanced surveillance in the name of fighting disease can be dialed back once the danger has passed.
“I’m not sure that we should be making longer-term judgments, in an emergency situation, about what the right balance is right now,” said Jennifer Daskal, faculty director of the Tech, Law, and Security program at American University and a former national security official in the Department of Justice. “That often doesn’t work out so well.”
Pointing back to 9/11, when Congress granted immense surveillance powers to the federal government, Daskal said decisions made during emergency situations tend to lead to overreach. Another thing to remember: There were no iPhones on 9/11. Technology has progressed rapidly since then, and in some cases, has outpaced the laws meant to govern it. “One of the lessons I hope we learned from 9/11 is that new powers in an emergency situation” should come with preset expirations, she added.
The rapid spread of the disease has prompted even some traditional defenders of personal privacy to acknowledge the potential benefits of digital tracking. “Public policy must reflect a balance between collective good and civil liberties in order to protect the health and safety of our society from communicable disease outbreaks,” the Electronic Frontier Foundation wrote in a blog post earlier this month. But, the group continued, any data collection “must be scientifically justified and … proportionate to the need.”
Balancing privacy and the need to quickly isolate patients is only becoming more complex as companies which individually target and identify individuals are also volunteering their technology. The controversial facial recognition startup Clearview AI is reportedly in talks with state officials to use its software to identify anyone in contact with people who are infected. The weapons detection company Athena Security claims its AI-enabled cameras can detect the coronavirus by spotting fevers. Clearview and Athena did not immediately respond to requests for comment.