As the world continues to grapple with the implications of the COVID-19 crisis, including mass infection and death, a global economic downturn and the stigmatization of minority communities, the rush to reopen and “get back to work” weighs hard on world leaders. Along with vaccine development, contact tracing has been touted as a necessary tool to help stop the spread of the virus. But for many minority communities across the globe as well as data privacy advocates, the promise of contact tracing is met with trepidation. While contact tracing and other forms of surveillance may seem like a panacea, a pandemic is not the time to grant the private sector and governments further reason to abuse civil liberties.

As a public health tool employed in crises such as Ebola and others, contact tracing is designed to track the people with whom a person infected with COVID-19 or another infectious disease may have come into contact, and thereby slow the spread of the disease. While there are some general questions about how effective contact tracing can be, there are also several specific and troubling data and rights-related risks that contract tracing poses.

Our Data

First, big tech companies like Apple and Google have offered to build out their contact tracing capabilities but have thus far refused to share this information with health officials, thereby rendering the efforts largely useless for public health purposes. Yet these efforts let the companies continue to collect a massive amount of personal and private data, and they are no stranger to criticism and lawsuits over their handling of said data. It is reasonable to ask what the companies will be doing with this data if and when the coronavirus pandemic is under control.

Second, some lesser-known companies’ efforts at contact tracing apps have gone the opposite direction, that is to partner directly with state governments in the US, and health officials on digital contact tracing efforts and sharing public health data. Yet these faulty apps are collecting users’ data in an insecure manner. A company that created a contact tracing app for North and South Dakota, for example, is now being accused of going against its own privacy policy because its app allows data to be shared with outside vendors including Foursquare and Bugfender, neither of which appear to be working on contact tracing themselves, thereby opening the door for companies to use the transferred data for marketing or other non-health-related efforts.

Third, as a recent CNN article outlines, the steady slide into mass collection of consumers’ private details has accelerated post-9/11, but contact tracing and other forms of digital surveillance risk would involve a different level of intimacy, that of accessing our social and health histories. Not only should we not trust big data with this information, but it is not unreasonable to assume that this information could be weaponized not only by autocratic governments but democratic ones, too. For example, given the Trump administration’s politicization of public health information and authorities, including the Centers for Disease Control and the White House Coronavirus Task Force, it is reasonable to be wary of entities like these having increased access to the public’s personal health data.

If one thinks that sounding the alarm about contact tracing is a bridge too far, consider the other “reforms” that governments have been pushing through during the COVID-19 crisis, likely betting that their respective citizenry will be too focused on the pandemic to care about the sweeping powers that some world leaders and legislatures are amassing, largely under the radar.

The US Senate has been quietly pushing extensions to the PATRIOT Act, the vast post-9/11 law that not only changed the way that government could surveil its citizens under the pretext of counterterrorism but continues to be a major flashpoint for minority rights groups who point to issues of targeted surveillance of Arabs and Muslims. Meanwhile, China is trying to ram through a national security law that would clamp down on dissent in Hong Kong. Over in Russia, the government is using problematic facial recognition software to crack down on quarantine violators.

Successful Contact Tracing

With all of these concerns, what is to be done? First, public health officials should consider abandoning high-tech contact tracing efforts altogether. In theory, successful contact tracing does not need to involve sophisticated technology like Bluetooth or tracking bracelets. Therefore, current and floated contact tracing efforts, ones that rely on high-tech solutions and the involvement of tech giants, may not only be dangerous in their scope and potential to abuse consumers’ private data, but also may be unnecessary. Germany, for example, which has seen relatively few coronavirus cases per capita as compared with other European countries, uses a low-tech but successful approach mainly involving simple phone calls.

Second, in this time of solidarity, there is also an opportunity for those concerned with attacks on free expression and privacy to join with human rights advocates to stop private companies and government entities from further descending into unnecessary and potentially damaging surveillance. In the US, for example, reigning in big tech is often a bipartisan effort, and libertarian lawmakers have historically expressed concern about the government’s expansion of surveillance powers.

Two such examples stand out for replication elsewhere. Several US senators and representatives recently introduced the Public Health Emergency Privacy Act, which seeks to protect the data collected through COVID-19 contact tracing efforts or more generally during a public health emergency from being used or shared for other than their intended use. Additionally, the European Union, while underscoring the need for robust digital tools to combat the coronavirus, has also urged member states to abide by the EU’s fairly strict data privacy protocols such as the General Data Protection Regulation.

While it is unlikely that autocratic states will champion legislation or regulations like those mentioned in the US and EU contexts, other democratic states must adopt similar commitments and legislation before private, health-related data gets into the wrong hands. Further, like the Public Health Emergency Privacy Act, it is imperative that any other data protection legislation introduced must apply to both corporations and governments, to prevent both misuse of data and targeting of minorities and dissenters.

From China’s surveillance of the Uighur minority to the US government’s weaponization of the PATRIOT Act against Arab and Muslim Americans, there is ample pretext for both the private sector and governments to abuse consumer data and public trust under the guise of national security or public health. But the COVID-19 pandemic is terrifying enough. Activists, public servants and elected officials who care about data privacy and human rights should make sure that this public health crisis is not used as a ploy to further erode citizens’ rights, protections and safety.  

The views expressed in this article are the author’s own and do not necessarily reflect Fair Observer’s editorial policy.