Privacy experts fear a boom in coronavirus surveillance

Technology aimed at tracking infected Americans is just now being developed in the United States.

Sen. Ed Markey, D-Mass., wrote to the White House urging significant privacy protections on any such effort. Pat Greenhouse / The Boston Globe

As federal and state officials scramble to fight the novel coronavirus pandemic, experts are sounding alarms about the potential danger of increased surveillance programs they say could do long-term damage to U.S. privacy rights.

Related Links

Other nations, including South Korea and Israel, have used tracking data including cellphone location information and facial recognition tools to power their pandemic responses. But similar efforts in the United States could amount to a major erosion of civil liberties. And there’s scant evidence that efforts more sensitive to privacy and security concerns would actually be effective at containing the virus, experts say.

“My concern is that out of desperation we will turn to technology and put in place a massive surveillance apparatus at a tangible loss to civil liberties that doesn’t even accomplish the goals it sets out to in terms of saving human lives and healing the economy,” said Ryan Calo, a University of Washington law professor focused on cybersecurity and privacy.


Technology aimed at tracking infected Americans is just now being developed in the United States. Google and Apple are teaming up to create new digital tools that could tell iPhone and Android users when they cross paths with someone who is infected via Bluetooth wireless technology. Neither the infected person’s identity nor their actual location would be revealed.

Politico also reported last week that a coronavirus task force led by presidential adviser Jared Kushner has reached out to numerous health tech companies about how they can use data to combat the virus.

Yet one big concern is the virus could lead policymakers to rush headlong into adopting new digital surveillance regimes that don’t get rolled back once the pandemic is under control.

Sen. Ed Markey, D-Mass., wrote to the White House urging significant privacy protections on any such effort including reviews by external experts, a halt to the programs once the virus is under control and extra efforts to ensure the privacy of racial minorities and LGBTQ people.

“The Trump administration has not given me or the American people any confidence that it is capable of creating or maintaining a massive health data network in a manner that doesn’t undermine our fundamental right to privacy,” Markey said.


Officials could also adopt tracking tools that are later re-purposed for other things, similar to how post-9/11 surveillance and investigatory powers aimed at combating terrorism were later used to stem drug trafficking and other crimes. Tools that trace who has been in contact with people who test positive for the virus, for example, ultimately could end up being used by law enforcement to track criminals and their associates.

“Mission creep is always a concern because historically we’ve seen it happen,” Jennifer Granick, surveillance and cybersecurity counsel at the American Civil Liberties Union’s Speech, Privacy and Technology Project, told me.

Granick and other experts are urging companies and government officials to make a series of technology and policy commitments regarding any surveillance programs. Those include collecting as little data as possible and anonymizing to the greatest extent feasible. They should also ensure any data they collect won’t be used for purposes beyond combating the virus and commit to ending any new programs as soon as the virus is under control.

During a Senate Commerce Committee hearing last week, Sen. Maria Cantwell, D-Wash., whose state is among the hardest hit by the virus, urged the government to “resist hasty decisions that will sweep up massive, unrelated data sets” and to “guard against vaguely defined and non-transparent government initiatives with our personal data. Because rights and data surrendered temporarily during an emergency can become very difficult to get back.”


The meeting was conducted as a “paper hearing” with lawmakers and witnesses digitally submitting opening statements and questions and answers but not meeting in person.

Though there’s been a lot of talk about leveraging technology to combat the pandemic, there are few hard plans inside the United States so far.

The joint venture between Google and Apple, which could launch as soon as mid-May, includes protections to anonymize user data and would rely on people voluntarily downloading apps that participate in the program and reporting when they test positive.

Google is also using its trove of location data across 131 countries to share anonymized information with health officials about how much people are traveling during the pandemic.

Those privacy and security protections may also make any contact tracing technology less effective, though. For example, the apps probably wouldn’t distinguish between people who passed an infected person on the street and those who spent day after day next to him at the office, Greg Nojeim, senior counsel at the Center for Democracy and Technology noted during a panel discussion on coronavirus privacy concerns hosted by the Project on Government Oversight.

Some tech and security experts also warned information collected by the apps could be used to discriminate against people based on their infection status.

Here’s Sergio Caltagirone, a former National Security Agency official, who’s now vice president for threat intelligence at the cybersecurity firm Dragos: “Think if this had happened during the AIDS epidemic. I guarantee you people would have been murdered by homophobes,” he wrote on Twitter. “This will ABSOLUTELY be used to discriminate against people as fear of coronavirus will rise as we leave large-scale quarantine. Some people will not be allowed in certain places. Some people may not be allowed to return to work.”


There’s also a danger of hackers exploiting such apps.

For example, U.S. adversaries might falsely report a slew of infections to sow chaos and create the false impression of a surge of new infections, Calo said. Or political operatives could do something similar during an election to make people fearful of leaving the house to vote in person.

And even anonymized data can be misused by government officials — for instance, if police use reports that a particular neighborhood isn’t honoring stay-at-home orders as an excuse to ramp up unrelated arrests, Granick said.

“We need to be responsive to this crisis now, but we also need to be thinking about how this data will be used in the future,” she said. “Once this data is collected the only thing that really constrains how it’s used are laws and policies.”


This discussion has ended. Please join elsewhere on