Private lives, public health: Privacy in the time of COVID-19

People around the world are banding together in an attempt to quell the rapid spread of COVID-19. Efforts to contain and combat COVID-19 are clearly necessary, but there is a largely unseen and unspoken problem rearing its head as we go into battle against COVID-19: some containment efforts are coming into direct conflict with the right to privacy. Different legal jurisdictions have different laws relating to privacy, and many of those laws are being bent or broken under these extraordinary circumstances. The analysis of credit card purchases, surveillance footage, and smartphone location data have all been used to track potential or confirmed cases of COVID-19, and some major breaches of privacy have led to COVID-19 patients being publicly named and even witch-hunted. 

We agree that in an unprecedented crisis like the COVID-19 situation, extraordinary actions must be taken in order to mitigate harm. However in the global effort to slow the spread of the virus, some privacy and civil liberties advocates are deeply concerned that governments are eroding our rights in ways which may not be reversed once the worst is behind us.

The aftermath of the 9/11 attacks saw a dramatic increase in state surveillance powers and laws that eroded our privacy. While we all want to do everything we can to respond effectively to this pandemic, we don’t want to do so at the expense of further, potentially permanent, erosion of our personal privacy. 

But it might already be too late. With reports of hundreds dying every day, and hundreds of thousands infected, it is perhaps understandable that restraints on practices such as police surveilling citizens using drones have been somewhat relaxed. But some privacy advocates are concerned about the extent to which these sorts of measures could be normalised once the storm has passed.

There are a variety of different ways that location tracking and other invasive measures can be utilised to slow the spread of COVID-19. Some are sensitive towards privacy, but others are not. In Israel, a large and previously undisclosed cache of location data which has been secretly collected from Israeli citizens for use in counterterrorism operations has been quietly unveiled by prime minister Benjamin Netanyahu and used without parliamentary oversight to trace the movements of people who have contracted .

Where the actions of the Israeli government represent something of a worst case scenario in terms of individual privacy, others are pursuing the same ends by far less invasive means. A  decentralised and open-source contact-tracing technology developed by MIT (Private Kit: Safe Path) is setting the standard for containment measures which don’t sacrifice user privacy in the name of safety. The decentralised infrastructure of this technology means that user information is not stored on an external cloud and that government surveillance is impossible. Making Private Kit’s code open-source allows its security to be audited and provides total transparency.

There is an urgent need for technologists, governments, and digital rights experts to work together to ensure that a private-by-design approach is incorporated into the strategies and solutions that are being deployed to counter COVID-19. Governments must be transparent in the approaches they use — especially when it comes to our privacy. We must all work together to ensure that any privacy-eroding policies and laws that are implemented will be rolled back once this crisis is over, else we risk a permanent shifting of the Overton Window, and an irreversible loss of privacy.