The Centers for Disease Control and Prevention has teamed up with state and local governments across America to track people’s cellphone location data and trace the novel coronavirus’s spread, according to a new Wall Street Journal report.
Mobile advertising companies—as opposed to the cellphone carriers themselves—have been forwarding information from users “in certain areas of geographic interest” to federal authorities by way of the CDC, people familiar with the matter told the Wall Street Journal. It’s apparently all part of a bid to create a nationwide government portal that monitors the outbreak using geolocation data from as many as 500 cities.
Officials argue this information, which has been anonymized and aggregated, can help them tailor their epidemic response to the virus’s spread as well as map out the outbreak’s economic impact using variables like how many miles a person drove or how many shops they visited.
This government surveillance (to use a loaded conspiracy buzzword, that, in this case, seems pretty spot-on) can also cue authorities in on whether people are following CDC social distancing guidelines or official shelter-in-place mandates. In one case the Wall Street Journal cited, researchers contacted the police after determining via geolocation data that large groups of New Yorkers were still visiting Brooklyn’s Prospect Park despite warning notices.
Even though the data has purportedly been stripped of any identifiable information, this still feels like an Orwellian nightmare, one that’s already begun raising several red flags among privacy activists. In an interview with the Wall Street Journal, one such privacy researcher and activist, Wolfie Christl, said the industry was “covidwashing” its invasive practices and products as a justification for sharing metadata. The term is a reference to the disease, covid-19, caused by the novel coronavirus outbreak.
“In the light of the emerging disaster, it may be appropriate to make use of aggregate analytics based on consumer data in some cases, even if data is being gathered secretly or illegally by companies. As true anonymization of location data is nearly impossible, strong legal safeguards are mandatory,” Christl told the outlet.
Grosser still, regulations for these mobile advertisers have yet to be clearly defined in existing privacy law, particularly since cellphone users often opt-in to these company’s tracking measures and the data shared with authorities contains no identifiable information.
Different rules exist for telecom carriers, though, several of which told the Wall Street Journal that the U.S. government had not requested metadata from them at this time. That may be because officials are seeking that same kind of information from other tech giants instead; the Washington Post recently reported that federal authorities were in “active talks” with Facebook, Google, and other tech companies about obtaining anonymized, aggregated data to monitor whether users are adhering to official health ordinances.
Governments worldwide have begun implementing similar surveillance to help shape their covid-19 responses. Telecom companies in Italy, Germany, and Austria have already admitted to sharing users’ geolocation data with authorities, per a Reuters report. Last week, the European Union’s internal market commissioner, Thierry Breton, pressured the region’s largest telecom companies to share anonymized metadata from their customers’ cellphones to follow the virus’s spread and use that information to triage medical supplies.
Even more invasive measures have been deployed across Asia in an attempt to curb the virus’s spread. Authorities in China, Taiwan, and South Korea have used aggregated metadata to enforce quarantine orders as well as to identify which individual’s contacts had tested positive for covid-19.
China also teamed up with Alibaba Group and Tencent, two of the largest tech giants in Asia, to employ color-coded QR codes tied to a resident’s ID number. These codes designate an individual’s freedom of movement based on their likelihood to spread the virus as determined by a symptom survey. While not immediately clear, it was later discovered that this system also shared personal information like location metadata and identification numbers with local authorities so police could monitor their movements, according to a New York Times report.