Does increased surveillance during the coronavirus crisis presage the death of privacy?

Given the inherent immutability of the blockchain technology, it’s a popular choice for projects that involve creating verifiable databases to ensure that information integrity is maintained, and this is especially important when lives are at stake. But there are some lingering questions involving users privacy, especially regarding these coronavirus tracking apps. Governments are introducing intrusive surveillance systems to track the virus, and the principle question being asked is whether or not we can trust them to remove them once COVID-19 is contained.

The World Health Organization has joined forces with tech giants IBM (IBM.NYSE), Oracle (ORCL.NYSE) and Microsoft (MSFT.Q), and the decentralized platform Hacera, to create an open-data blockchain hub that can be used to determine if you have been near anyone infected with COVID-19.

The project is called MiPasa, and it’s based on enterprise-grade blockchain Hyperledger Fabric. It uses various analytic tools and data sources that can be used by citizens and public health officials to detect and recognize places where the probability of being infected by the coronavirus is greater. Public health officials and individuals using the system can upload data about the time and location of different infectious, according to Hacera’s blog.

MiPasa doesn’t collect any personal information form its users, but will alert them if they were around someone infected with the coronavirus. The system already gets data from the WHO, as well as the Centre for Disease Control (CDC) and the Israeli Public Health Ministry, according to Hacera. It’s using the data to build an infection map. The data analytics and privacy tools were previously only available to elite financial institutions and adopted for a public health context, Hacera wrote in their latest blog post.

The project is being supported by a multi-disciplinary group of health professionals, software and app developers and privacy experts, with decentralized platform Unbounded Network responsible for the onboard process.

The following organizations have joined MiPasa:

  • Johns Hopkins University,
  • Hong Kong Department of Health,
  • China’s National Health Commission,
  • American and European Centers for Disease Control and Prevention and
  • The Government of Canada

The surveillance state

In the latter half of the oughts, political journalist and activist Naomi Klein wrote a book called The Shock Doctrine: The Rise of Disaster Capitalism that detailed various government’s of the world’s predilection to using the political misdirection of calamitous events to push through agendas that would under other circumstances be given the utmost scrutiny.

For example, the second Iraq War, which she poses as a smokescreen to veil the furthering of American interests in the region. If you were around in that time period, you probably remember the sign-waving protesters chanting no blood for oil and other such slogans. Yeah. That. Results were a little mixed on the ideas put forward in the book based on the specific incidences used to elucidate her point. Some vehemently agreed while others were tepid in their disagreement. Regardless of where you may sit on the matter, the predisposition of our elected officials towards course correction has the potential to lead down some dark paths. If we’re being charitable, these are merely overcompensation, and recourse to control if we’re not.

Now the United States government plans to roll out a $500 million surveillance package as part of its $2 trillion coronavirus stimulus package. It was designed by the Centers for Disease Control and Prevention (CDC), and will track the spread of COVID-19. So far, not much is known about the project, but talks between the American government, Google (GOOG.Q), and Facebook (FB.Q) suggest the system will trace data from social media and smartphones.

This surveillance will analyze trends in smartphone owners’ whereabouts, and filter key infection related information back to a central hub. In terms of caring for the coronavirus, this is an invaluable tool, but the problem of course is that the American government, Google and Facebook are two companies and one governing entity that have proven themselves untrustworthy with our information in the past. Multiple sources stress that if they proceed they are not building a government database, but it wouldn’t be the first time these three organizations have lied to us about their activities.

And that’s only the United States.

The government of South Korea started posting detailed location histories of people who tested positive for the coronavirus in January. The information included whether they wore protective masks in the subway and at what stations they changed trains, and also their preference for karaoke bars and massage parlours. Surprising no one, the patient data was exploited to identify the people involved. Later on, the South Korean government rolled the decision back to “minimize patient risk.”

In Poland, people are required by law to document their whereabouts through a selfie within 20 minutes of receiving a SMS-request. Failure to comply means answering to the police.

What’s especially sad is that this isn’t tinfoil hat territory, nor is it something that only other countries do.

Clearview AI has been noteworthy in recent months for stealing and stashing headshots for use by law enforcement, and Uber paid out a $20,000 settlement on claims that it tracked the movement of journalists using its app through a feature called “God-View.”

What about Canada?

Canada already has a non-invasive national surveillance system for flu, called FluWatchers. It’s an online health surveillance system that tracks the spread of flu and flu-like illness across Canada. The program relies on Canadian volunteers to report each week. Now about whether or not Canada is going to use existing technology to otherwise surveil their citizens for COVID-19, Prime Minister Justin Trudeau hasn’t said that anything is off the table.

“It’s really important not to indulge in knee-jerk reactions against leveraging data technology to surveil disease, but we need to be realistic about where more data collection … actually supports accountable decision making, and where it will hurt human rights and more fundamentally human dignity. There are a lot of ways that data-driven surveillance can cross that line between necessary and helpful to disproportionate … Is it untargeted? Is it indiscriminate? Is it inappropriately constrained?” said Brenda McPhail, the director of the Canadian Civil Liberties Association’s privacy, law and surveillance project.

Blockchain is not the solution

Advocates of blockchain technology will be the first to tell you that it’s the solution to this problem. It’s not. There’s nothing inherent in the technology, or any technology for that matter, that will somehow ensure that the technology is free from the abuse of its user. If anything, blockchain’s immutability function, which blockchain aficionados tout as the balm for surveillance minded woes, actually has the potential to be the most damaging of all.

It all depends on who’s using it.

It’s because seeing is believing. Consider the camera. It captures images frozen in time, stripped of context and therefore prone to the interpretations of the powerful. The blockchain is similar. It captures and holds raw data forever, offering neither explanation nor context, and almost inviting anyone to invent a narrative around the decontextualized data that suits a political end.

How much data is too much?

“We need to have a framework that would allow companies and public authorities to cooperate, to enable proper response for the public good. To reduce the risk that coronavirus surveillance efforts might violate people’s privacy, governments and companies should limit the collection and use of data to only what is needed,” said Mila Romanoff, data and governance lead for United Nations Global Pulse.

That sounds about right. But how can we be certain that corporations and world governments will keep their hands off when the crisis is over? We can’t.

—Joseph Morton

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: