How much surveillance do we need to stop a pandemic? As the novel coronavirus spreads, testing and health system resources are becoming more and more scarce, while normal life has screeched to a halt for millions of people under shelter-in-place orders. The solution to both these problems, according to some researchers and government agencies around the world, is to use data to help identify the virus’s spread and impact. The core idea is to use massive datasets of phone location data, or rollouts of new, surveillance-focused mobile apps, to accelerate contact tracing, measure, and police social distancing, and improve modeling forecasts, all of which may help soften future outbreaks and help communities start functioning again, even during the current pandemic.
The problem is that it’s not at all clear the value that new or existing surveillance tools bring to the table, and it’s possible to create tools that provide similar insights without building new surveillance infrastructure. This choice that’s being presented between privacy and safety might well be a false one, and we need to have a conversation about it now before it happens on a large scale in the U.S. Without careful consideration, any further surveillance measures taken now might become invasive fixtures of our future.
To understand the dubious usefulness of location surveillance to combat the spread of covid-19, look no further than contact tracing, which is what Israel’s service, built by their internal intelligence agency, Shin Bet, attempts to do. They use location data from telephone companies to identify people who have been nearby newly diagnosed patients and force them into self-quarantine. The devil here is in the details. What does “nearby” mean? Phone GPS data, which is much more accurate than telecom location services (it’s accurate to within 16 feet) under the best of conditions, but this rapidly declines near buildings, bridges, and trees—in other words, what we’re surrounded with while living in cities. Location data from phones also is not reported at regular time intervals, making it very hard to know if you were in the same place at the same time as someone else.
These limitations mean that location data can perhaps tell if you were in the same building, or street, as another person, but certainly not if you were in the 6-foot radius the Centers for Disease Control reports the disease spreads within, and it probably won’t be able to tell if you were both there at the same time. What they might more accurately track is risk of environmental transmission (touching something an infected person touched), but we don’t yet know how much of a factor that is in how the virus spreads.
As a result, these kinds of surveillance systems will likely produce huge numbers of false-positive rates, potentially leading people to try to get tested, thus overwhelming hospitals that are already stretched thin even further. Worse, these false positives will be much more rampant in dense cities, which are already the epicenters of the outbreak. The last thing an NYC hospital needs is hundreds of unneeded visits from people who think they were exposed because of an app.
And that brings us to a broader question: What are these systems useful for, and are they worth it? Many current epidemiological models suggest that one-time social distancing, even for extended periods of 20 weeks or more, will help avoid worst-case scenarios but not prevent future outbreaks. Instead, they show that maybe the only way to avoid overloading hospitals is to adopt intermittent distancing measures, implemented when cases reach a critical threshold. Data from phones may help here, by helping predict when cases might increase, but building such models often relies on having fast, accessible testing. With testing rates as low as 888 per million people in some states, our current bottleneck is system capacity, not surveillance ability.
Other arguments for using location data from phones involve surveilling and policing how people are following social distancing, and punishing those who don’t with fines or jail time. But surveil-and-fine solutions risk disproportionately hurting low-income and service workers who can’t afford to stay home. If our end goal is to incentivize people to follow quarantine, can’t we find more creative and compassionate solutions than a centralized surveillance state?
Even if we do get widespread rapid testing, there are better ways to use data to predict when to implement distancing measures. Unlike location data, Bluetooth sensors can actually discern users who are 6 feet apart from people on different floors of the same building. When aggregated properly to eliminate re-identification risk, location data could be useful in directing policy, but it’s worth remembering that those aggregate data are built on and validate the massive, invasive datasets advertisers have hoarded, often without our explicit consent.
Instead, new technology proposals from researchers and industry around the world building on decades of privacy work show how to build measurement and contact tracing infrastructure that maintains autonomy and privacy. Such solutions can keep data about who you’ve been in contact with and where you’ve been securely encrypted on your device, and allow you to redact sensitive locations or other data. Modern computation techniques, like secure multiparty computation or mixnets, can then be used to create aggregate location heatmaps, or alert other users you’ve been near if you’re diagnosed. These solutions can make it almost impossible for someone else to see your data, but privacy is never perfect, and there’s always a question of who data is private from: An app that keeps data secret from other users might leak it to the state, as a recent proposal from a group of European researchers risks doing by centralizing data that could be de-anonymized under national governments.
Before blindly implementing surveillance programs, or “covidwashing” the private, unregulated surveillance-as-advertising market we already have, it’s worth remembering lessons from the surveillance infrastructure we’ve already built. As journalist Julia Angwin points out, the NSA dragnet that Edward Snowden revealed has been found to be largely useless, and versions of it are still in place almost a decade after the catastrophe that spawned it. In times of crisis, short-term emergency measures can become fixtures of our future societies. If the wrong tools are used, even for the right reasons, we might end up with a stronger, lingering surveillance state well after this emergency ends.
Dan Calacci is a PhD student and artist at the MIT Media Lab, studying how data, surveillance, and algorithmic systems can impact city and community planning, behavior, and governance.