Abstract
Technology presenter
If you’re lucky, we might move the conversation on to how weird it is that Google and Apple are co-operating to design their own, decentralised, privacy-protecting, software for contact-tracing apps – and how it’s even weirder that the two tech giants are effectively forcing governments around the world to use that system.
They want their app to work properly on Apple or Android phones (i.e. most smart-phones), because an effective app needs about 80% of smartphone users to run it.
I mean, Silicon Valley protecting our privacy against our own governments? Unprecedented times, indeed.
At this point, let’s suppose that I pause to sip my beer and you make your escape. If we were both using a contact-tracing app, the fact we’d been close together would already have been logged.
We might never have to share that information, especially if neither of us is diagnosed with Covid-19 in the near future, but our social connections have become fodder for state surveillance in a way that would be anathema in normal circumstances.
In South Korea, contact tracing has been very effective at containing Covid-19, but it also publicised the locations of Seoul nightclubs where recent infections took place, which led to the stigmatising of the gay community.
While I have reservations about particular uses of technologies, I accept that our social connections have become the vector for a nasty virus.
I would welcome an efficient system of contact tracing, which means one run by humans even though that makes it even more intrusive.
Coronavirus is a shared problem that needs shared solutions, and I have voluntarily signed up for other apps that request much more personal information to help researchers understand and track the pandemic.
But remember the wise words of former Chicago mayor Rahm Emmanuel (and Winston Churchill, and Niccolo Machiavelli): “Never let a good crisis go to waste.”
More importantly, remember that those in power have already remembered that. Measures being taken now to fight a deadly virus might turn out to be handy for other purposes later. Further research that could be useful for future pandemics – who could object to that?
Well, some are squeamish about private companies doing that research with data we shared with our own health authorities.
But information about how we move around, how we spend time together and our social networks could be useful to other bodies for other purposes.
Local authorities working out how to reduce the amount we travel. Advertisers seeking to reach our secondary audience by identifying super-spreaders of fashion. Police wondering who is hanging out with drug dealers and who is meeting them for just two minutes.
CREDIT: Donna Grethen/Ikon
There’s a danger of getting hung up on the technical details of what data is being collected, whether it’s proximity (who you were near) or location (where you were – and, by extension, who else was there at the time), or Covid-19 infection status.
It’s always worth asking what data is collected, and by whom. But more important is the question: what controls are in place?
It’s telling that Israel was able to implement a location-based contact-tracing system almost immediately because its internal security service, Shin Bet, already had legal powers to track the locations of phones for counter-terrorism purposes. Unlike some equally intrusive powers around the world, it is explicitly mandated by, and accountable to, parliament.
Australia built a Bluetooth-based contact-tracing app that collects all data centrally, but also passed into law regulations that govern who may access the data, how it may be used and how long it may be kept.
South Korea amended its law after the 2015 Mers outbreak to give authorities extensive powers to require phone location data, police CCTV footage and the records of corporations and individuals to trace contacts and track infections.
However, the same law specifies that “no information shall be used for any purpose other than conducting tasks related to infectious diseases under this act, and all the information shall be destroyed without delay when the relevant tasks are completed”.
By contrast, the UK has no plans to make new laws and gives no guarantees that data collected to fight the coronavirus will not be repurposed later, even if in only anonymised forms.
This is not helping to build trust among the people who would need to download and run the app, in whatever form it eventually takes.
In exceptional times we may accept measures that would normally be draconian, but they must remain exceptional, not become the new normal.
We should always ask: Is it proportional? Is it accountable? Is it temporary? And if we can’t get clear answers, whether from public health authorities or tech companies, we should be very wary of giving away powers that might be hard to take back in a post-coronavirus world.
And at the end of this crisis, what we must ask is: “Can we have our privacy back now, please?”