This is a central dilemma as officials in the United States and other nations seek troves of data that might help fight the devastating coronavirus outbreak but also could raise fears that their government is spying on them or gaining access to information that could be used against them later, after the health emergency has waned.
Public-health experts argue that the location-tracking capabilities as practiced in such countries as Taiwan, South Korea and Singapore proved remarkably effective at helping officials control the spread of coronavirus — and that the U.S. needs all the help it can get amid projections that millions of Americans may get infected and hundreds of thousands may die.
“We are at war and we are fighting for our survival, for our lives, our health, our economy,” said Chunhuei Chi, director of the Center for Global Health at Oregon State University. “We are stretched very thin in most states, so this kind of technology can help every state to prioritize, given their limited resources, which communities, which areas, need more aggressive tracking and testing.”
Many privacy advocates see value in potentially giving public health authorities access to information created by smartphone use. That’s especially true if the data is voluntarily shared, as is already happening in several nations, where apps give users the option of uploading their location histories to health authorities.
“There’s no reason to have to throw out our principles like privacy and consent to do this,” said Peter Eckersley, an artificial intelligence researcher who organized an open letter on ways the tech industry could help combat the outbreak.
There is far more concern, however, about the program underway in Israel, which is using location data the government collected for fighting terrorism, to identify people potentially exposed to the novel coronavirus and ordering them to immediately isolate themselves “to protect your relatives and the public.” Hundreds of such texts started being sent by health authorities there on Wednesday.
In the United States, the White House has been in negotiations with major technology companies, including Google and Facebook, about potentially using aggregated and anonymized location data created by smartphone use, The Washington Post reported on Tuesday, but those efforts have been kept largely from the public.
Based on The Post’s reporting, Sen. Edward J. Markey (D-Mass.) sent a letter Thursday seeking answers about potential partnerships between the federal government and private companies.
“Although I agree that we must use technological innovations and collaboration with the private sector to combat the coronavirus, we cannot embrace action that represents a wholesale privacy invasion, particularly when it involves highly sensitive and personal location information,” Markey wrote to Michael Kratsios, the government’s chief technology officer. “I urge you to balance privacy with any data-driven solutions to the current public health crisis.”
Telecommunications giants in Austria, Germany and Italy also said this week that they would provide anonymized data on customers’ locations to government agencies hoping to analyze people’s movements.
O2, a telecom giant in the U.K., said Thursday that it was one of a group of mobile operators in the country asked by government officials to share aggregate location data on mass movements. The discussions are in an early stage, said a spokesman, who added that the company has “the potential to build models that help to predict broadly how the virus might move.”
Privacy experts repeatedly have shown that supposedly anonymous data can still be used to identify individual people, based on their known movements and other markers. Data that’s both anonymous and aggregated is far more private but also less useful in identifying people at particular risk for contracting coronavirus and spreading it to others.
The U.S. government has broad authority to request personal data in the case of a national emergency but does not have the legal authority, except in criminal investigations, to insist that companies turn it over, said Al Gidari, director of privacy at Stanford Law School’s Center for Internet and Society.
With appropriate safeguards, Gidari said the potential use of location data to combat coronavirus is “a real opportunity to do something positive with the technology and still protect people’s privacy.”
But currently there are no legal controls on how the federal government might use data once it has been collected, so location information collected for a health emergency could later be acquired by the FBI or the IRS.
Such complexities put companies in the uncomfortable position of balancing public safety and their customers’ privacy in deciding what data to share.
Many public-health experts say however that there are examples overseas of how such technology blunted the fast-spreading outbreak. In South Korea, the government directed tens of thousands of quarantined people to install a “Self-Quarantine Safety Protection” app that would monitor their phone’s location and alert health authorities if they left home. People also could use the app to report daily symptom check-ins and speak with the local government official overseeing their case.
On the app’s website, the country’s Ministry of the Interior and Safety said users would be protecting the “health and safety of your neighbors through strict self-isolation and observing the rules of life.” But because the app is voluntary, some critics have suggested its value is limited; people who wanted to skip quarantine could simply not turn it on.
Korean officials also routinely send text messages to people’s phones with public-health tips and alerts on newly confirmed infections in their neighborhood — in some cases, alongside details of where the unnamed person had traveled before entering quarantine.
But more so than the technology, the country’s vigorous health-screening infrastructure — more than 300‚000 people have been tested there in the last two months, compared to roughly 80,000 in the U.S. — has been credited by researchers with helping the country slow the virus’ spread.
Singapore, too, has asked people to use a voluntary location-tracking system based around QR codes — the square bar codes with information readable by smartphones — installed in cabs, offices and public spaces, which people have been instructed to scan upon passing. Health officials there have said the digital breadcrumb trail can help with infection “contact tracing,” but the data is far from complete, likely limiting its widespread use.
For an even more aggressive and seemingly effective example, some public-health experts have pointed to Taiwan, an island nation of 24 million people that has recorded only 100 infections, though it sits just 80 miles off the Chinese coast.
The country uses mandatory phone-location tracking to enforce quarantines, sending texts to people who stray beyond their lockdown range, directing them to call the police immediately or face a $ 33,000 fine. People who don’t have a GPS-enabled phone are issued a government-provided phone for the full length of the quarantine.
Devastated by a SARS outbreak in 2003, the country has spent years investing and preparing for viral outbreaks and, in some cases, disinformation campaigns from neighboring China. It also has established a government agency, the Central Epidemic Command Center, with special crisis-era powers to gather data and track people’s movements.
When the outbreak spread, the government combined citizens’ health records — from its universal heath-care system — with customs and immigration records, helping piece together the travel histories of people suspected of infection. Those histories were made instantly available to medical providers, who tested for covid-19 and ordered quarantines for both confirmed cases and those who had traveled recently from widely infected countries.
For everyone else, the government offers an app that provides daily updates on reported cases, travel restrictions and details on community spread. Officials also make reams of real-time data publicly available, including online maps of where people can buy surgical masks.
The level of data gathering and surveillance is deeply intimate. But Chi, the Center for Global Health director, said it has also given Taiwanese people peace of mind about the unprecedented spread of a virus they can’t see.
“When the public doesn’t get adequate information, you give room for fake information to spread, and also panic,” Chi said. “When you do something like Taiwan did, you feel safe: You don’t have to worry about who’s infected. That’s not the case in the U.S.”
In the United States, wireless carriers such as AT&T and Verizon have extensive records on their customer’s movements based on what cellular towers their smartphones use to connect to broader networks. AT&T said it has not had talks with any government agencies about sharing this data for purposes of combating coronavirus. Verizon did not respond to requests for comment.
The information collected by some technology companies is significantly more precise, by tracking locations through GPS and the proximity of individual users to wireless data sources. Google, which operates navigation apps Google Maps and Waze and also produces the Android mobile operating system, the world’s most popular, has a particularly extensive trove of data.
Google said on Tuesday that it had not yet shared any data with the U.S. government to help combat the outbreak but it was considering doing so.
“We’re exploring ways that aggregated anonymized location information could help in the fight against covid-19. One example could be helping health authorities determine the impact of social distancing, similar to the way we show popular restaurant times and traffic patterns in Google Maps,” spokesman Johnny Luu said in a statement, stressing any such partnership “would not involve sharing data about any individual’s location, movement, or contacts.”
Government officials also could simply buy location data from companies that already collect and market such information, typically from apps that gather the locations of their users. Such data is readily accessible but regarded by technology experts as less comprehensive and reliable than data from other sources.
There are technical limits as well. Even the most granular cellphone data can be imprecise, potentially complicating its use as a logbook for establishing close interpersonal contact. Most GPS-enabled smartphones are accurate only within a roughly 15-foot radius and can be obstructed by trees and roofs.
Many privacy advocates recall a previous national tragedy, the Sept. 11, 2001 terrorist attacks, not only for the human toll in deaths and dislocation but the U.S. government’s subsequent moves to aggressively gain access to sensitive data through technical means and expanded legal authorities.
The full sweep of that data grab only became clear years later, perhaps most powerfully when former National Security Agency contractor Edward Snowden shared a huge trove of classified information with The Washington Post and other news organizations in 2013.
That history looms over the current debate.
“It would be very unfortunate if the government’s failure to conduct testing when it had the opportunity now became the reason for expanded surveillance authority,” said Marc Rotenberg, president of the Electronic Privacy Information Center, a research and advocacy group based in Washington.
The source of location data and how it was acquired could affect how useful it is to government health experts. Ryan Calo, an associate law professor at the University of Washington, said location-sharing partnerships between government and industry, like phone location data or GPS-sharing apps, could serve as critical tools for officials wanting to know, for instance, where crowds are violating social-distance rules or which hospitals are dangerously strained.
But other ideas now being pursued in the U.S., including consumer apps where people are mapped based on their self-submitted health status, threaten to promote a false sense of security that could leave more people at risk.
“The immediate and obvious trouble is where you purport to convert that information that’s crowdsourced, that’s imperfect, that can be gamed, into some kind of broader knowledge that people can deploy to avoid getting infected,” Calo said.
Ruth Eglash in Jerusalem contributed to this report.