To help combat the coronavirus pandemic, the Centers for Disease Control and Prevention and state and local governments are receiving analyses of people’s movements derived from anonymized cell phone location data held by the mobile advertising industry. This information is being used to track locations that are still drawing crowds and to analyze the effectiveness of stay-at-home orders. There are reportedly plans to create a centralized government portal with this location data from 500 cities across the country.
At the same time, the White House and the CDC are asking tech companies such as Facebook and Google to provide similar anonymized data to track the spread of the virus, identify trends, and see if people are practicing social distancing. And there have been related calls to use individualized location information to engage in contact tracing, which could help identify people that have come into contact with a sick person.
The impulse to turn to high-tech tools in this time of crisis is understandable — and some such tools might indeed be a useful part of our response to Covid-19. At the same time, history offers ample reason to proceed with caution. Before embracing new forms of surveillance to address the coronavirus, we must ensure that any such responses are proportionate and grounded in evidence.
Our experience with expanded surveillance after 9/11 provides an object lesson. With the laudable-sounding goal of preventing the next terrorist attack, the government secretly undertook new dragnet surveillance programs that violated Americans’ privacy rights. The hasty rollout also sacrificed necessary assessments of whether these programs were likely to work.
Years later, government analyses found that mass data collection for counterterrorism purposes was ineffective. The Department of Defense, for example, found that machine learning systems were unable to “accurately anticipate” terrorist threats. Furthermore, this data collection was actually counterproductive, because it ended up burying useful intelligence. Even with a dismal success rate, many of the post-9/11 surveillance programs are still active today, nearly two decades after the emergency that was used to justify their inception.
To be sure, proposed data collection measures to address the Covid-19 pandemic resist a direct comparison with post-9/11 surveillance. One reason why mass data collection has been an ineffective counterterrorism measure is because terrorist attacks are rare and isolated events, while the spread of coronavirus, in contrast, is exponential and ongoing. And while post-9/11 surveillance collected swaths of personal information, some of the proposed measures for Covid-19 would use anonymized and aggregate data. But this history is nevertheless a valuable reminder that even in times of crisis, it is critical to ensure that proposed measures are likely to be effective and that privacy interests are appropriately balanced.
As a preliminary matter, we simply do not have many specifics on how the U.S. government is interested in using location data or what companies are offering. To evaluate whether the proposed collection would be effective and proportionate, it is not sufficient to know that geolocation data would be used “to track the spread of the virus” and “help blunt its advance” — we must know exactly how the data would be used. The government’s discussions with the companies who hold this data, however, have been conducted quietly and behind closed doors. This secrecy is a problem in itself. It also suggests that the government may be interested in collecting data simply in the hope that it will be helpful, but without a clearly effective plan in place.
In addition, we cannot simply assume that measures adopted by other countries would be effective now if implemented here. While using location data to perform contact tracing may have had some success in countries like South Korea, researchers acknowledge that the usefulness of contact tracing is dependent on the widespread availability of testing. In the United States, testing capacity remains woefully inadequate, and estimates suggest the real count of infected persons nationally could be as many as 10 times higher than current figures. Contact tracing is also extremely labor intensive, requiring large numbers of government workers to interview sick people and their associates, which would be much more difficult in the United States than in smaller countries.
The limits of the available technology must also be taken into account. As Tufts professor Susan Landau explains, location data obtained via cell towers or GPS is too varied and imprecise for some of the contemplated tasks. Such data can reveal the general area in which a cell phone is located, but it cannot tell the government whether two cell phones are within 6 feet of one another, which limits its value as a contact tracing tool or a means of determining whether a given individual is complying with a social distancing order.
This could explain why countries like Singapore and proposals in Europe are instead relying on Bluetooth technology, which offers precision ranging from 150 feet down to a few inches. But without a massive expansion in Bluetooth beacons or widespread adoption of a particular app, coverage simply won’t be comprehensive enough for meaningful contact tracing or the enforcement of social distancing orders in the United States.
Despite these limitations, location data may still have a role to play. For example, one company conducted an aggregate analysis of travel patterns using cell phone location data to study the effect of stay-at-home orders across different states, concluding that states with fewer confirmed cases of the virus are showing smaller declines in travel. Anonymized and aggregate data might also provide insight into the overall effectiveness of voluntary social distancing orders by detecting clusters of location data in front of restaurants or retail establishments.
We must weigh the potential value of using location data against the impact on civil liberties. Historical records of a person’s cell site location information over an extended period of time can reveal exquisitely sensitive information, including a person’s activities, associations, and beliefs. Ordinarily, the government needs a warrant to compel a phone company to provide these records. While anonymized data builds in some protections, there are still privacy concerns. As demonstrated by a New York Times investigation, it is relatively simple to re-identify anonymized data by combining it with other information sets. Palantir, a company that specializes in finding connections between disparate data sets, is reportedly already working with the CDC, sharpening concerns that anonymized data sets won’t remain that way for long.
In practice, this means that proposals to use even anonymized data for pattern analysis should come with strict privacy protections. These include controls for who can access the data, a policy that specifies acceptable uses of the data, limitations on sharing data with law enforcement or intelligence agencies, and a data retention period that is proportionate to the emergency. Each of these measures should be tracked in a manner that permits ongoing auditing for compliance. These basic protections are necessary to ensure our response doesn’t cause privacy erosions that ripple long past the current pandemic.
Emergencies strain our democracy, testing the strength of our constitutional freedoms and the rule of law. It’s essential that the U.S. response to Covid-19 is evidence-based, time-limited, and reasonably balanced to maintain our civil liberties. If we allow this moment to entrench an unaccountable surveillance apparatus, we risk its presence as a fixture of our future.