Droning on About Privacy

Even as certain unnamed world leaders are suggesting people inject disinfectants to treat COVID-19 (…), tracing efforts at least are moving ahead more rapidly than expected. 

European Commissioner for Internal Market and Services Thierry Breton reports Tim Cook will deliver an early version of Apple’s and Google’s contact tracing tech to developers on April 28. Not a moment too soon, as confirmed global cases have now reached 2.76 million, with 905,000 of those in the United States.

Users will be able to share their status with health authorities who can then contact anyone who passed within that user’s Bluetooth range. When done correctly, contact tracing allows health authorities to isolate chains of infection and, in the case of the US, may allow certain states to loosen quarantine restrictions earlier than others.

Critically, the tracing system will be voluntary and have protections in place for privacy.

But here’s where the voluntary and the involuntary begin to blur. 

South Korea successfully used digital contact tracing to COVID-19, but drew heavily on surveillance cameras to keep track of the infected and limit their contact with healthy citizens.

It’s being used in India as well, where geo-fencing, CCTV footage, and even call records are also being employed to track primary and secondary contact of COVID patients. 

That’s…well, a little less comfortable for our tastes. And then there are drones. 

Drones have been used not only to lockdown shame in the UK, but now police in Connecticut are testing a drone that will monitor people for signs of “fever and coughing.”

Uhhhh…HOLD UP.

We weren’t the only ones utterly horrified by the idea of a drone that searches the populace for symptoms, and the town has apparently revered course and flown right back out.

But that doesn’t mean there aren’t some real privacy issues being raised here, still.

Apple and Google have been pretty transparent about their project’s abilities and limits, as well as the potential privacy pitfalls inherent in contact tracing. But they can be as transparent as they’d like and it doesn’t solve the problem that we just don’t know how this technology will be used after we get the all clear and life is back to normal. 

The Department of Health and Human Services has already said it’ll loosen privacy rules to make it easier for hospitals and their vendors to share medical records with public health officials.

Your medical records.

The White House Office of Science and Technology Policy has held individual meetings with Facebook, Amazon, Google, Facebook, and IBM to assess how to use smartphone data and other aggregated information to trace the spread of COVID-19 and determine if Americans are maintaining social distance. The focus, status, and meaning of those efforts is unclear.

And answers aren’t forthcoming. 

HIPAA laws include language that allows federal officials to waive privacy rules in case of a public health crisis, but when HIPAA was passed in 1996 health data were primarily in the hands of hospitals, insurance companies, and doctors offices. Not Apple, Google, Facebook, and Amazon.

Not drones that watch you cough.

Morally, it’s difficult to argue that we shouldn’t do anything we can do to slow the spread right now. And with a second wave of COVID-19 expected to coincide with fall flu season, that doesn’t appear to be changing any time soon.

But this uneasy balance between privacy and safety is something we have to address sooner or later. It was a question after 9/11, and it’s a question now — how much of what we consider private are we willing to relinquish for the greater good?

And who do we trust to determine what the greater good is?