go to top
A subway passenger holds up a green code on their phone in Wuhan, China. A subway passenger holds up a green code on their phone, which allows a person to travel freely, in Wuhan, China, April 1, 2020 (AP photo by Olivia Zhang).

Are Governments Sacrificing Privacy to Fight the Coronavirus Pandemic?

Tuesday, April 14, 2020

Editor’s Note: WPR has made this article, as well as a selection of others from our COVID-19 coverage that we consider to be in the public interest, freely available. You can find all of our coverage of the coronavirus pandemic here. If you would like to help support our work, please consider taking advantage of our subscription offer here.

In a video uploaded to Twitter on March 16, Carol Yin talked through a white face mask as she explained to the camera what it was like to travel in a country that has turned cell phones into weapons to fight COVID-19. Yin, a Shanghai-based podcaster, described her trip to the nearby city of Wuxi, outside Shanghai, shedding light on how integral a phone’s location data has become in China as the country tries to stifle the number of new infections.

“At Wuxi railway station, I couldn’t exit the station unless I showed them where I’d been for the past 14 days,” Yin said, which required giving consent to her cell phone carrier to access her location over that time. Then, she had to sign up for Wuxi’s new health code system, which provides each user with a QR code that they must scan in order to ride subways, take taxis and even enter residential buildings. “Whenever I enter a building or a neighborhood, I will need to show them”—security guards—“my Wuxi health code.”

The app used her travel data to determine whether Yin may have contracted the novel coronavirus and was at risk of spreading it. In the video, Yin received a green code, allowing her to travel freely while scanning in everywhere she goes. But a yellow code would have required her to stay home for seven days, and red would have mandated a two-week quarantine. In Chinese cities like Wuxi, Hangzhou and Wuhan, where the outbreak originated, these health code apps have become a new feature of daily life.

They are part of an arsenal of high-tech, surveillance-based tools that China has deployed in its fights against the coronavirus, in addition to its sweeping lockdown of Wuhan and its surrounding province. After the number of infections skyrocketed in Wuhan, the authorities integrated cameras that could detect fevers into CCTV systems and used drones equipped with loudspeakers to broadcast public service announcements.

Initially, China’s use of surveillance technology to track people’s movements was branded “excessive” by critics—an example of typical authoritarian overreach. But as death tolls from COVID-19 began escalating far beyond China, other governments that were scrambling to save lives started to see the appeal of using location data to put the coronavirus—and its potential carriers—under surveillance. Taiwan, South Korea and Singapore have also used smartphone location data to track individuals. In late March, Israel announced that it would repurpose counterterrorism surveillance technology to track civilians as part of its pandemic response.

Even countries in the privacy-conscious European Union have turned to technology and telecommunications companies for support. In particular, governments and technology companies are increasingly exploring and developing apps that can help curb infections, though Poland and Slovakia are the only European countries where such apps are already in use. Last week, a group of researchers from across Europe announced that it was developing another new application that will use Bluetooth technology to detect when someone has crossed paths with an infected person.

In the U.S., too, three local governments announced last week that they planned to adopt a location tracking app developed by the Massachusetts Institute of Technology. The MIT initiative is one of several U.S.-based projects; others include the Stanford University-supported app Covid Watch and two Seattle-based apps, CoEpi and NextTrace.

Then, on April 10, Google and Apple announced that they are developing a joint global tracking “platform” using Bluetooth that will be built into Android and Apple operating systems, allowing billions of smartphone users to opt-in to a global coronavirus surveillance system.

Since 9/11, surveillance debates have weighed democratic rights against national security needs. Now, there's a new question: Do people have the right to privacy in a pandemic?

But privacy advocates have been rushing to urge caution, pointing out that these technologies could endanger fundamental rights, and that the effectiveness of using cell phone location data to curb the spread of a virus is still largely unverified. Even in countries that have effectively contained the coronavirus, it is difficult to tell whether location data played a key role. “Looking at public health crises in the past, we haven’t necessarily seen that evidence,” said Alexandrine Pirlot de Corbion, strategy director for the digital rights organization Privacy International, in London. “Often mobile phone data is part of a broader package of measures by governments, and it’s difficult to pinpoint what exactly it was that worked.”

“Whatever measures are going to be established now to deal with the coronavirus would lay the foundations for long-term mass surveillance and data exploitation systems,” she added. “Once they’re in place, it’s easy for governments to say, ‘We have a brand-new way to monitor people! Why don’t we maintain these systems?’”

But others believe governments should prioritize saving lives, even if that means pushing privacy concerns to the sidelines. In Britain, where Prime Minister Boris Johnson spent last week in an intensive care unit after contracting COVID-19, the health secretary, Matt Hancock, explained on Twitter that data protection rights must be “balanced against other public interests,” and that “we are all having to give up some of our liberties.”

Since 9/11, debates on surveillance have centered on the tension between democratic rights and national security needs. But now, societies are struggling with a new question: Do people have the right to privacy in a pandemic?

Location Tracking Goes Public

The location data emitted by cell phones is deeply personal, showing where their owners go and who they meet. The data tracks them as they go from home to school or work, and from there to their other, often private commitments, whether a doctor’s appointment, the gym, a date—recording some users’ location “as often as every two seconds,” according to a review by The New York Times of a database of more than a million phones in the New York area. That data is also valuable. Advertisers pay for location data to learn more about consumers’ habits. Personal injury lawyers use it to identify potential clients among those that have recently visited a hospital. And finance firms capitalize on the data to measure the popularity of a business before deciding to invest.

Private companies collect location data in a variety of ways. Firms can design apps that persuade users to allow location access. The Weather Channel’s app, for example, asked users to provide their location data to load information on local weather, which it then collected and sold for a profit, according to a lawsuit filed last year by the city of Los Angeles. Telecommunications companies can also track their customers and have been found to sell that information, too.

These practices and the covert industry that employs them have existed for years, and their data collection methods have been increasingly scrutinized as a threat to privacy. Yet regulations and protections for personal data are still being developed and debated around the world. The European Union’s General Data Protection Regulation, or GDPR, which came into force in 2018 and places limits on the collection and use of personal data, is considered to be the most ambitious. However, most regulations like GDPR still permit companies to collect data as long as they take steps to obtain consent and ensure personal information remains anonymous. Now, this industry is coming under renewed scrutiny as location data is passed from corporate ownership into government hands during a global pandemic.

So far, countries are using cell phone location data predominantly for three reasons: to track who has crossed paths with people carrying the coronavirus; to enforce individual quarantines; and to measure the effectiveness of lockdown measures. They have also pursued a variety of location-tracking methods. A person’s location can be monitored via a phone’s GPS, by using data stored by cell phone companies or by recording Bluetooth “handshakes,” which log only who has crossed paths with whom, not where they met.

A man checks his health code in Hangzhou, China.
A man checks his health code in Hangzhou, China, Feb. 11, 2020 (Photo by Long Wei for FeatureChina via AP).

As some countries, like Austria and Denmark, begin easing lockdown restrictions, officials say location data will play a central role in their ability to detect and suppress new outbreaks. A growing number of countries are turning to smartphone apps that automate “contact tracing,” a common technique used to contain infectious diseases that, in the past, has largely been analog. Health workers ask infected patients to list everyone they interacted with while they were infectious, so those people can be contacted and asked to self-isolate. However, patients’ lists are unlikely to be exhaustive, and would not include, for example, strangers they might have met at the supermarket or bumped into on the street.

In 2009, two British researchers set out to investigate whether mobile phone apps could make contact tracing more efficient. Their project, FluPhone, was one of the first apps to automate the process. FluPhone used Bluetooth technology to detect when two people who had both downloaded the app came into close contact. Even back then, privacy was a concern. “The app actually sends the encrypted data about the encounters to a secure database which is only accessible by medics,” Jon Crowcroft, one of FluPhone’s two creators, told World Politics Review. “We don’t get to see where they met—just that they met.”

Contact tracing has two purposes, according to Crowcroft, who is a professor at Cambridge University. One is to protect members of the public by telling them if they’ve crossed paths with someone contagious. The other is to help epidemiologists—researchers who study infectious diseases—predict how far and fast a disease will spread. “Epidemiologists can then do clever math that informs policy, telling governments when they need to go into lockdown,” Crowcroft said.

Since the outbreak of COVID-19, plans to replicate and improve on FluPhone are in motion across the world. Singapore’s TraceTogether app is already using Bluetooth to log which users have come into contact. Argentina’s CoTrack app also automates contact tracing, but does so using GPS, taking into account the evidence that the coronavirus can survive on surfaces and can infect people even if they don’t physically meet a person carrying the virus. As the number of apps proliferates, so do questions about their usefulness and accuracy.

Privacy or Public Health?

Unlike in China, democratic governments looking to leverage location data against the coronavirus must first persuade citizens that such stringent measures are not only necessary, but also trustworthy. In mid-March, the British National Health Service announced it was working in collaboration with Oxford University to create an “acceptable version” of China’s health code app. In an outline of the project, the Oxford researchers describe how the app’s developers would command public confidence by establishing an advisory board, publishing its ethical principles and using a transparent and auditable algorithm.

A version of this app, which uses Bluetooth technology for contact tracing, is expected to be tested in northern England this week. Efforts to convince Britons that the technology’s use of data is proportionate to the coronavirus’s threat have apparently been kick-started on Twitter. “Imagine going about your daily business,” David Bonsall, one of the three Oxford researchers, tweeted:

“You attend a long meeting with people you haven’t met before. One of them has #Covid_19 but doesn’t know it. … A while later, the man at the meeting feels unwell. He’s diagnosed with #Covid_19. He doesn’t know you to tell you, but it’s ok, he’s using ‘the app’ and so are you. You receive an anonymous message saying you’ve come into contact, and you should self-isolate. You planned to visit your grandmother this weekend. The personalized advice you just received via your phone has saved her life …are you worried about GDPR, or are you grateful that your colleagues shared their data to protect you and others?”

Others agree with the general need to use data for public health purposes but insist on limits. One such person is Rachel Coldicutt, a British technology expert who wrote an open letter calling on Britain’s contact tracing app to respect privacy. “I completely agree, in times of emergency, we should do whatever is needed,” Coldicutt said in an interview. “But in order to do that there needs to be clarity about what’s happening. There needs to be transparency.”

Coldicutt also warns that contact tracing apps cannot be used as shortcuts to reduce rates of infection. Instead, they can only be effective if they are integrated into the World Health Organization’s wider “find, isolate, test and treat” strategy for COVID-19. She pointed out that certain British politicians have applauded contact tracing efforts in countries like South Korea, where health officials track residents’ movements using cell phone GPS data, security camera footage and credit card activity. But location tracking is only one part of South Korea’s disease control response system.

“The tracing there is being used in the context of testing—everyone is being tested. There’s actual certainty of who is and isn’t a carrier,” Coldicutt said, pointing out that Britain is struggling to scale up its testing capabilities, like the United States, too.

Unlike in China, democratic governments looking to use location data must first persuade citizens that such stringent measures are not only necessary, but also trustworthy.

Similar concerns about the effectiveness of tracing without testing have even been raised in Germany, where more than 100,000 tests are administered each day. In late March, after enormous public pressure, the German government withdrew a measure from its Infection Protection Act that would have allowed it to use data provided by telecommunications companies for contact tracing. Markus Beckedahl, founder of digital politics blog NetzPolitik, said there was a sense among Germans that contact tracing technology would be excessive and unnecessary. “Is the goal to get people to stay at home? If so, we have already had that suggestion by the government,” he said. “Is the other goal to persuade you to go to get a test? But in Berlin, I don’t know any person who got tested."

In response to the pushback, contact tracing advocates in Germany have instead proposed using Bluetooth “handshakes,” the same method used by the British app, FluPhone, and Singapore’s TraceTogether. Calling their project Pan-European Privacy Preserving Proximity Tracing, a group of researchers behind the initiative said the app would store information on “handshake” connections for just two weeks, and that only local health authorities would be able to download data to notify people at risk of infection. In a tacit endorsement, German Chancellor Angela Merkel said she would use the app herself if it was effective and voluntary.

Practical Challenges on Accuracy and Anonymity

Even as debates continue over the justification for using location data during a crisis like the coronavirus pandemic, serious concerns have been raised about the practical application of that data. Some experts point out that people are considering giving up their privacy rights to use technology that might not work as promised against COVID-19.

Contact tracing apps are only thought to be effective if they are adopted by 60 percent of the population, according to most experts. Singapore’s TraceTogether app, which is voluntary, has only been downloaded by one in six people there. There are also concerns that Bluetooth-based apps could create false flags, logging connections between people even if they are separated by thin apartment walls.

“There’s a lot of techno-solutionism being thrown around,” said Estelle Masse, senior policy analyst at the digital rights organization Access Now, adding that many other techniques used to collect location data are not precise enough to tell whether the user has come within six feet of an infected person. GPS does not work inside buildings, and data from telecommunications companies is even less precise. “The danger is even though [this technology] might not give you the information you will need for the health crisis, it will put the population under surveillance,” she said.

The team behind Argentina’s contact tracing app, CoTrack, has published the app’s code in an effort to be transparent and allay privacy concerns. But they shrug off questions about the accuracy of using GPS. “To be honest, I don’t think it’s really important about accuracy,” said CoTrack’s co-founder, Bryan Tafel, speaking over Zoom from Miami. “It’s more about creating awareness.” He explained that the goal of the app is to show users how easy it would be to catch the virus by going outside.

“There’s a lot of techno-solutionism being thrown around.”

In countries where the results of contact tracing apps are strongly enforced, accuracy is important. In Israel, there are reports of people being wrestled to the ground by officers in protective suits for violating quarantine orders. Israelis have also complained about receiving quarantine orders after waving to an infected person from outside their apartment.

“Digital epidemiologists are scientists, who often assume their work will be received and implemented in a nuanced, thoughtful way,” said Sean McDonald, senior fellow at the Centre for International Governance Innovation in Canada, who studied the use of digital technologies during West Africa’s 2014 Ebola epidemic. “The issue is not necessarily that epidemiologists are wrong; it’s that they know they’re experimenting, but everyone else takes it as gospel.”

While some countries are using location data to assess who should be put into quarantine, Kenya, Taiwan, Ecuador and Poland are using it to keep them there. In Poland, a new app called Home Quarantine requires users to submit selfies to prove that they are complying with quarantine requirements. Geolocation and facial recognition confirm that they are adhering to the rules.

“The use of the application is currently voluntary,” a spokesperson for Poland’s Ministry of Digital Affairs told World Politics Review in an email. “Quarantined citizens are given a choice—either use it, or have the police visit them.” If a Home Quarantine user fails to respond within 20 minutes, the app notifies the police, who can issue a fine up to $1,200. As of March 26, the Polish government confirmed that around 18,000 people in quarantine had already sent their first selfie.

For countries wary of tracking individuals, location data provided by cell phone companies can be aggregated and anonymized to provide insight into how much the population as a whole is moving around. According to FluPhone’s creator, Jon Crowcroft, this data can provide insight into the general effectiveness of social distancing and quarantine policies. “It doesn’t tell you about infection, but it does tell you about compliance with the lockdown,” Crowcroft said.

Cellphone companies, he added, track people moving between “cells,” areas that are typically covered by a single cell tower and are roughly the same size as a city block. “If you see 10 percent of phones moving beyond that, they’re doing more than stepping out” for exercise or essential supplies.

Kashmiri doctors looks at an aerial map.
Health workers identify an area to be monitored in Srinagar, Indian-controlled Kashmir, March 19, 2020 (AP photo by Dar Yasin).

The countries using location data to assess lockdown measures are largely doing so through partnerships or transactions with local telecommunications companies, with varying levels of transparency. The British government has repeatedly refused to comment on whether it is using mobile phone data to track movements among the general population during its lockdown. In Germany, however, on March 18, the country’s public health institute, announced that the telecommunications company Deutsche Telekom had provided it with anonymized movement data, free of charge. Government officials in Italy, Switzerland and Austria have also either made or discussed deals with local telecommunications companies. In the U.S., researchers in California are using Facebook’s location data for this same reason.

Yet aggregated data also raises concerns about users’ privacy. Though government officials and tech developers promise that collected location data has been made anonymous, it is still possible to use the data to identify the movements of specific individuals.

“One of the things we’re seeing is a lot of companies saying, ‘We can use mobile phone data, it’s fine, we’re anonymizing it,’” Privacy International’s de Corbion said. “But as research has shown, it’s actually really hard to anonymize data, and it requires a lot more than just removing what would be seen as the obvious identifiers—a name or a phone number, for example. Location traces are highly unique, and they can be linked back to a person.”

Anyone with access to the anonymized data could, for example, still pinpoint a particular phone that registers location data every night at a specific address. They could then consult public phone and address records to figure out who lives at that address or uses that device, attaching that anonymous location data point to an identity.

In Austria, the country’s largest telecommunications operator, A1, is reportedly providing the government with movement profiles of all cell phone users in the country. Yet because A1 and Invenium, a data firm helping the government analyze A1’s data, have previously boasted about the level of detail their data can offer to their commercial clients, digital rights advocates are calling on the company to release details of how exactly location data is anonymized before it is passed onto the Austrian government.

“We can’t blindly trust a telecom operator using sensitive location data about millions of people without checking the math,” said Thomas Lohninger, director of the Austrian digital rights organization epicenter.works, adding that he is not opposed to aggregated location tracking, so long as it is carefully implemented. “We privacy advocates are not fundamentalists, but during this crisis, we have to remain a liberal democracy. Much more intrusive measures can be proportionate in these circumstances, as long as there are proper safeguards, and there is a sunset clause.”

Government Surveillance for the Public Good

Already during the coronavirus pandemic, countries have temporarily rolled back certain rights and freedoms through emergency legislation in order to save lives, but sunset clauses promise to return life to normal once the crisis is over. These conditions have been woven into emergency legislation in Israel, for example, where “cyber-monitoring” powers will end after 30 days. In similar legislation in the U.K., emergency powers that give the authorities the ability to shut airports and force people infected with the coronavirus into isolation, among other measures, will expire after two years. In Austria, emergency powers will last until the end of 2020. But in countries such as Hungary, sunset clauses are conspicuously absent from the emergency legislation passed to nominally deal with the pandemic.

Most digital rights advocates are not trying to stop the use of location data in the fight against COVID-19, but they are trying to shape how it is used and for how long it can be accessed. “The thing about governments using data to help fight coronavirus is not a question whether they should or shouldn’t—it’s about how,” said Marwa Fatafta, a Middle East policy analyst at Access Now. “It should be transparent,” she added, and “necessary and proportionate.”

“We privacy advocates are not fundamentalists, but during this crisis, we have to remain a liberal democracy.”

Transparency is crucial because the debate over location data orbits around technical details. Information about where people go and who they see is potent and personal, and could be catastrophic in the wrong format or in the wrong hands. “Location data is so critical to any kind of social control,” said William Staples, founding director of the Surveillance Studies Research Center at the University of Kansas—whether “you want to control the population,” or “you want to monitor a population.”

“In times of crisis,” he added, “I think people are particularly willing to turn around and say, ‘Yes, do this. We’ll give up our data to save lives from COVID-19.’ OK, but six months, eight months, two years after this is over, are they going to give that data back?”

In a few short weeks, the coronavirus has killed thousands more Americans than the 9/11 terrorist attacks. Just like in 2001, the world now finds itself at a monumental turning point, and how countries respond could define the bounds of government power and personal freedom for decades to come. Saving lives is, and should be, the priority. But authorities are showing that even when the collective enemy morphs from terrorism to a pandemic, they will call for the same solution: surveillance. Back in 2001, total surveillance was at best an ambition. Today, technology has turned that ambition into a possibility, and perhaps a reality.

Morgan Meaker is a freelance journalist based in London. She writes about human rights and digital politics. In 2018, she was selected as one of Forbes 30 under 30 working in European media.