View profile

Do We Need to Give Up Privacy to Fight the Coronavirus?

Issue
This Week
Hello, friends,
It’s been a sobering week here in New York City. The streets are silent except for the sounds of ambulances racing by. Pedestrians steer clear of each other—and many are wearing masks. New York has far more cases of the coronavirus than any other state in the nation.
It reminds me of the horrible days after 9/11, when New York City was shut off from the world, the streets were quiet, and the smell of smoke lingered everywhere. And just like after 9/11, governments around the world are turning toward technological surveillance as a silver bullet to solve their problems.
In today’s crisis, the focus is on using cellphone data—an unprecedented window into people’s movements—for disease surveillance.
Journalists around the world have been reporting on these efforts: Israel has authorized its security agency to tap into a trove of cellphone data to monitor people with the coronavirus. In Lombardy, Italy, the government is using cellphone data to keep track of whether people are disobeying the lockdown. China is requiring citizens to use an app that gives them a score—of red, yellow, or green—indicating whether they can move freely or must stay in quarantine. Singapore built an app that alerts users when they come into contact with an infected person.  
The U.S. government is in talks with tech companies, including Google and Facebook, about possibly using anonymized location data from Americans’ cellphones to track the spread of the coronavirus, according to The Washington Post. And the GSMA, an alliance of hundreds of global mobile phone operators, is exploring whether to build “a global data-sharing system that could track individuals around the world,” according to The Guardian. 
The hope that we can use technology to stop the spread of the coronavirus is understandable. But before racing headlong into massive surveillance, it’s worth pausing to remember what we have learned in the decades since we built the post 9/11 surveillance infrastructure: It’s very invasive, and it doesn’t necessarily work.
In the years since 9/11, research has shown time and again that it’s possible to use outside information to re-identify people’s personal data in data sets that are supposedly anonymous, as Sara Harrison reports in this week’s Ask The Markup. 
And the data the governments want to use—cellphone location—is particularly susceptible to deanonymization. In 2013, researchers in Europe studied location data from 1.5 million people and found that it was so specific to individual habits that they could identify 95 percent of the people with only four location points.
“Data can either be useful or perfectly anonymous but never both,” writes Paul Ohm, a professor of law at Georgetown University Law Center, in his paper on deanonymization, “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization.” (Ohm is also a member of The Markup’s board of directors.)
Sometimes data is neither anonymous nor useful. In 2014, after Edward Snowden revealed that the U.S. government had been scooping up the phone records of all Americans since 9/11, a federal commission found that the invasive effort had been largely useless. The federal Privacy and Civil Liberties Oversight Board declared that it could not identify “a single instance involving a threat to the United States in which the program made a concrete difference.”
The truth is that we don’t know how useful cellphone records will be for disease surveillance. (Tufts University computer science professor Susan Landau has a nice write-up in Lawfare on the technical limitations of cellphone surveillance.)
We do know, however, that the testing and monitoring of those who are infected is a traditional approach to disease surveillance. During the 1918 Spanish flu epidemic, people who were infected tied white scarves on their doors to alert their neighbors that they were contagious. In Seattle, the health department is distributing self-administered testing kits to residents to track the spread of the virus.
But currently the U.S. is not broadly testing and isolating those who are infected. Testing rates depend on where people live. We filed public records requests for the testing algorithms in use in all 50 states and the District of Columbia. So far, we’ve received documents from 12 jurisdictions, which we are making public here. Seven are responses to our requests; the others were shared with us by readers—thank you!
Already, we have seen differences in the guidelines. In New York City, testing is only recommended for hospitalized patients. In Massachusetts and Illinois, testing is offered to more groups, including people who have been exposed to someone with the virus.
We will keep you updated on the results of our public records requests. In the meantime, please stay safe and healthy!

Best,
Julia Angwin
Editor-in-Chief
The Markup

This email doesn't track you when you open it or click on any links. To learn more read our Privacy Policy.
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
The Markup - The Markup P.O. Box 1103 N.Y., N.Y. 10159