“Would you let your location be tracked if it saved lives? Would you be fine with your rights being limited if it slowed the spread of COVID-19?”
It seems innocuous, easy to miss. When we see yet another news headline offering another insight on the pandemic. Media outlets like NPR showcasing the location data of millions across the country to show more Americans are leaving their homes during a shutdown.
Our country’s unwavering focus on the COVID virus has doubled as an opportunity for private companies to collect and profit on some undisclosed amount of personal data and location history. Or so it seems.
“The data, provided to NPR by a mobile phone location data company called SafeGraph, is based on the locations of about 18 million mobile phones across the country.”
One such company is SafeGraph, a data company specializing in geospatial information. They are currently offering a COVID-19 Toolkit which includes Foot Traffic Patterns (among other quarantine related data points) updated weekly.
Offering vast collections of data, Safeguard offers pinpoint analytics. To that end, they partner with academics, non-profits, and governments to draw more informed conclusions about quarantine measures and re-opening efforts.
Safeguard cultivates its vast data stores from people who have “opted in” via mobile apps. Their website details their data collection methods, as well as the methods used to generate the graphs on the site. Nothing about the process screams scary big tech, stressing anonymity and confidentiality.
“The data was generated using a panel of GPS pings from anonymous mobile devices.”
Safeguard is not alone in capitalizing on COVID tracking, with the likes of Google announcing that it would now provide generalized tracking data for 131 countries and regions. Again, all stressing the anonymity and privacy of their personal data tracking.
Opted-in is not the same as informed consent.
The New York Times, in an investigation into smartphone location tracking, noted, “The explanations people see when prompted to give permission are often incomplete or misleading.”
Frequently, apps and the like will inform users that location services will need to be used to optimize functionality. However, these notices rarely reveal how the data collected will be used after it is collected. Therefore, it is difficult for people to truly consent.
Location-based services asking for access to your location are one thing. But Bluetooth beacons collecting micro-location data are deployed in stores without most knowing they exist.
Bluetooth tracking beacons are secretly deployed en masse in retail environments, allowing retailers and advertisers to track consumer movement in stores with aisle accuracy. In the stores using Bluetooth beacons, consumers are not informed of how the apps or companies use the data they collect — nor the existence of the beacons. In these cases, there is no consent and not many options for opting out.
The Future of Tracking
Alex Hudson of Newsweek raised important questions in the quotes at the top of this page. As we look to reopen our economy as quickly as possible, the protection of our collective privacy has become much more relevant.
Capitalizing on the demand, Apple and Google are set to roll out their joint effort at a contact-tracking service to aid the fight against COVID-19 late this May.
Their contact-tracing system will be included as apart of a software update and app pairing. Using Bluetooth technology, both Androids and iPhones will be able to communicate to create a log of other smartphones that have come into close contact with yours. If someone later reports on the app they are COVID positive, your phone will automatically receive an alert.
This automatic contact-tracing is only activated if smartphone users chose to download the companion app — the opt-in. For those users signed up their “smartphone will periodically exchange anonymized tracing keys with nearby devices via Bluetooth.”
The keys your phone receives, from those you came into contact with, are collected and stored on your device — rather than a central database unless you report your positive diagnosis. This means about 3 billion smartphones across the world becoming a sophisticated tracking machine.
In theory, the system seems safe enough. Apple has marketed the tool as a way to “accelerate the return to everyday life.” Still, some are concerned about how this system will escalate already rampant breaches of privacy.
“We don’t want anything to be built into the OS that’s going to be turned on forever.”
Bennett Cyphers, a staff technologist at the Electronic Frontier Foundation, alludes to a loss of privacy packaged as a solution to a pandemic. How long with the tracking tools remain installed on phones? What protections will prevent our contact-tracing patterns from being sold for profit?
Others, like Zak Doffman of Forbes, look to foreign efforts of tracking citizens — in the name of pandemic security — as a sign of what is to come in America.
“The largest countries in Europe as well as Australia are now tapping into the location data collected by the mobile networks themselves, a dataset that has much less potency than the marketing data the U.S. has decided to use.”
Other countries are currently acting with less restraint, going beyond aggregated data collecting apps. In Poland, a government-mandated app forces those on quarantine to take selfies and uses GPS location, to ensure they are not breaking the rules.
In Taiwan, a digital fence tracks about 55,000 citizens. If someone infected with COVID-19 leaves their house or even switches off their phone, a visit from the police is triggered.
With more willingness to give up privacy if it means beating the virus, will companies and government agencies transparently, and peacefully, give privacy back to the citizens when the pandemic ends? There is always another threat right around the corner, and big tech will always be there to sell itself as the savior.