By Karen Kelly

Sandra Robinson

Sandra Robinson

Tracking the locations of people with COVID-19—and those near them—is an urgent issue for our society. Not only are governments trying to slow the spread of infection, they are looking for ways to restart the economy while keeping those who are infected away from people who aren’t immune.

There is an easy answer to this: tracking cellphones. Anyone who is using Google services or Facebook on their smartphone—along with a number of other apps—has already agreed to have their movements tracked and recorded through their terms of service.

Now the urgency of the COVID-19 pandemic is adding another layer of data collection: private health information. Governments in South Korea, Singapore, and some European nations are using cell phone surveillance to monitor quarantine compliance or identify clusters of infection. That approach concerns big data and privacy experts like Sandra Robinson.

“Anytime you have this kind of data collection, it is difficult to wholly guarantee anonymity and limit the scale of the surveillance,” says Robinson, a faculty member in the School of Journalism and Communication who studies social media, privacy, and surveillance, “We want to be cautious about how data is collected and handled, who stores the data, and who has access. Is it our government? Is it private companies?”

These are not just hypothetical concerns. Canada’s largest medical diagnostic lab, LifeLabs, was hacked in 2019 and personal information including health card numbers, names, email addresses, logins, passwords and dates of birth of up to 15 million Canadians was exposed. Hospitals and provincial health agencies have been aggressively targeted by cyberhackers eager to access the sensitive personal information of Canadians, which can be used to perpetrate identity fraud.

Robinson acknowledges the importance of this information for health and safety concerns as well as providing a baseline of information that may enable us to reopen the economy. But she argues the collected data must be subject to the highest encryption standards to protect it.

“There have to be explicit limits on the scope of collection and robust data anonymization,” she argues. “It’s a big data grab of sensitive health information and there have been instances where people have been re-identified from data, even when efforts have been made to anonymize it. These companies also need to provide guarantees that the data will be deleted after the crisis ends.”

Can Surveillance Be Private?

While this may sound oxymoronic, a new smartphone application being co-developed by Google and Apple is attempting to do just that. This “privacy-preserving contact tracing” program will give app developers—including agencies such as Health Canada—access to Google and Apple cell phone platforms (Android and iOS respectively).

The key is that they will use short-range Bluetooth signals in smartphones to track close contact between people in a decentralized way. This will prevent the government from aggregating the data to monitor population movement more broadly, or to see the personal information of individual app users.

Crucially, the app would be voluntary and specific to the urgent requirements for contact tracing during the pandemic. Those who install it would be alerted when they’ve been in close contact with an infected person.

Robinson acknowledges, in the end, that perhaps Apple and Google’s proposal will offer a workable solution to balance privacy with the urgent need to accelerate contact tracing.

But, she argues, it’s important to remember that technology is only one aspect of a broad approach to the pandemic, as we continue to live with physical distancing and sweeping economic measures, while urgently seeking tests, treatments, and a vaccine.

Wednesday, April 22, 2020 in
Share: Twitter, Facebook