bookmark_borderDon’t Stop Thinking About Your Privacy in a Time of Crisis

Note: this story originally appeared on Write.As and OneZero.

Crises have a way of making us reexamine our convictions. Last week, in the face of a deadly virus sweeping the country, conservative Republicans in the U.S. Congress voted almost unanimously to pass the largest government spending package in American history. Senators who routinely espoused a desire for small government and balanced budgets reversed their opinion and signed off on a major spending program. This sort of dramatic change in thinking under extreme threat is common throughout history, both at the group and individual level. When it appears to be a choice between reversing a dearly held conviction and losing everything, many of us will sacrifice a long and dearly held position in order to survive the times.

Today, another debate swirls around whether and to what extent governments should have access to citizen location data in the name of public health. As the global infection count skyrockets, many states are tapping citizen location data to respond to the crisis. Israel, South Korea, Taiwan, and China have already employed location-based methods to track the virus. Telecom companies across Europe have offered up anonymized user data to aid researchers. More than a dozen countries are reportedly testing NSO spyware to track the spread of the virus. In the United States, a task force of 60 tech companies have begun work with the White House Office of Science of Technology and the Office of American Innovation to see how location data can be used to stop the spread of the virus.

“It would be foolish to not explore these opportunities,” Daniel Castro, vice president at the Information Technology and Innovation Foundation, told CNBC. “People may have privacy concerns, and some of these concerns may be legitimate. But focusing on only privacy while ignoring public health would be a mistake.”

Health authorities in South Korea have notified people by text with the location history of people who recently tested positive for the virus.

Double-edged data

Mass location data is both useful and potentially dangerous, depending on how it’s used. Useful, because location data can help researchers and government responders understand how people are migrating or socially distancing. Health authorities in South Korea have notified people by text with the location history of people who recently tested positive for the virus. The largest telecom company in Europe, Deutsche Telecom, announced that it would be handing over anonymized customer data to help understand the spread of the virus and the impact of social distancing. State-owned Chinese telcos allow users to track their location history, which, used in conjunction with apps for identifying carriers, can help citizens avoid areas infected with the virus and take steps to quarantine themselves if they are a carrier.

But this information can also be dangerous because of how much it can reveal about a person. Individuals can be identified even from location datasets that don’t explicitly name the people they track. According to Paul Ohm, a law professor and privacy researcher at the Georgetown University Law Center, “DNA is probably the only thing that’s harder to anonymize than precise geolocation information.” With a detailed location record, all sorts of sensitive information can be exploited: where you’ve been, who you’ve been with, and, perhaps, what you’ve been doing. Such knowledge, when abused, can dramatically affect society. As the Electronic Frontier Foundation points out:

[F]ear of surveillance chills and deters free speech and association. And all too often, surveillance disparately burdens people of color. What’s more, whatever personal data is collected by the government can be misused by its employees, stolen by criminals and foreign governments, and unpredictably redirected by agency leaders to harmful new uses.

This isn’t some abstract theory. A few months ago, I interviewed a Serbian digital security specialist who told me how government surveillance systems are used today to prevent state contractors from participating in any protests against the increasingly authoritarian state. “The government is keeping them on a temporary contract, as long as they do the things that they tell them,” the digital security expert said. “These people cannot be seen in the streets doing anything, because [the government] will know they are there.” Governments that don’t respect the rights of their citizens can and will abuse their power.

Location data is valuable for understanding how people as a group move even as it reveals personally identifiable information

Crisis thinking

Given the potential dangers of such systems, it is an indication of how devastating this virus is that stalwart advocates for privacy are calling for the relaxation of privacy rules. Maciej Cegłowski, a well-known privacy activist, wrote in an article called “We Need a Massive Surveillance Program” that governments need to leverage the surveillance systems already developed by the private sector. It would, of course, be an “enormous cost to our privacy” to provide governments with this information. Cegłowski explains:

But this proposal doesn’t require us to give up any liberty that we didn’t already sacrifice long ago, on the altar of convenience. The terrifying surveillance infrastructure this project requires exists and is maintained in good working order in the hands of private industry, where it is entirely unregulated and is currently being used to try to sell people skin cream. Why not use it to save lives?

The argument is that the ship is sinking—we can worry about navigation after we have plugged the holes.

In times like these, it may be comforting to realize that our options are not always binary: to choose purity and destruction or live a half-life. Sometimes it is viable to say, “Yes, but” — to acquiesce and then to mitigate. This is usually our way of addressing privacy concerns. We allow police officers to search our homes and our devices if they obtain a warrant from a judge. We require that invasions of privacy are necessary and proportionate. Placing limitations on useful but dangerous instruments is how we balance for competing objectives, to maximize the “goods” and minimize the “bads.”

The Necessary and Proportionate logo. Source

How might we reduce the harms and get the most benefits of governments accessing citizen location data? Apart from the legal restrictions listed above, the researchers in the field of privacy-preserving data mining (PPDM) have developed a number of methods to extract useful information from data while limiting violations of privacy. In particular, some have argued that aggregating location data can help governments understand broad societal trends without understanding the movements, activities, and affiliations of individuals. Others have argued that governments should be required to demonstrate proof of impact so these surveillance powers can be revoked if they prove ineffective.

These options can and should be explored. But while we are striving to strike the appropriate balance on government power, we should take a moment and consider the circumstances that have enabled this debate in the first place. While we rightly debate the fitness of government to access individual location data, we appear as a society to accept that the private-sector companies from which government would receive it are the appropriate guardians of our information.

Unsafe guardians

As it turns out, a wealth of companies retain granular information on citizens’ locations. To understand us better, sell ads to us, and improve the quality of services, tech companies like Google and Facebook keep detailed location information about their users (unless explicitly prevented from doing so through privacy settings). But the list of companies that know where you’ve been extends much further than the recognizable tech giants and telecom companies. Data brokers we’ve never heard of leverage trackers we never suspected in apps we mistakenly trusted so they can aggregate vast, granular datasets of individuals’ locations over time.

We seem to accept this reality as a fact of life. A recent Pew survey revealed that six in 10 Americans believe that it is impossible to get through life without being recorded by companies or the government. We largely accept that the conveniences offered by these “free” services are worth the sacrifice of personal privacy and have, as yet, attempted few regulations that limit the power of these services to sell or exploit our information. If we aren’t certain that we trust governments to use the data well, why are we so keen to trust the private sector?

If crises can prompt us to question our dearest convictions, can they not also prompt us to question our acceptance of “necessary evils”? It is possible to build applications that serve our needs without harvesting our information. As Zeynep Tufecki points out, privacy-preserving processes can be developed that allow for developers of services to understand user behaviors and data in the aggregate without understanding the information of any one individual. The Brave browser, for example, employs local machine learning to understand the user without ever reporting that information to the browser’s creators. Consider optional, opt-in, shared-data approaches to data collection, which allow the user to determine when and how their data is employed by the service provider. Consider services like Blockstack that enable users to host their data privately by ensuring that only the users control the access keys. Or open source services like Nextcloud that enable users to host their own data. The models for powerful, privacy-protecting tech exist — why do we let businesses that engage in surveillance capitalism tell us otherwise?

The modern crisis requires that we adopt thoughtful, practical approaches. It is appropriate for us to debate how much power we should grant to the government and with what restrictions those powers should be applied. Surely, at the same time, we can empower our leaders, mindful that such powers have a tendency to stay in place unless actively dismantled. As we do so, we should consider the decisions we have made that allow private companies to collect this information, largely free from oversight and regulation. If we can make governments use our data appropriately, we should be doing the same with anyone who has our information.