Saturday, May 16, 2020

9/11 saw much of our privacy swept aside. Coronavirus could end it altogether



Analysis by Nick Paton Walsh, International Security Editor, CNN

Spit into a cup when you land in an airport, and your DNA is stored. Every phone in every city talks to every other nearby device, their exchanges floating somewhere in the ether. Cross-border travel is enabled only by governments sharing data about millions of private movements.
© Vesa Moilanen/AFP/Getty Images A passenger, wearing a face mask, looks at her phone at the Helsinki International Airport in Vantaa, Finland, on May 13, 2020. - The Finnish airport operator Finavia requires the use of mouth-nose protectors of all airport employees who work in the customer interface. It also strongly recommends that passengers use a mask as they move about the airport. (Photo by Vesa Moilanen/AFP/Getty Images)
These are all possible visions of a future that the coronavirus pandemic has rushed on us -- decades of change effected, sometimes it feels, in just weeks. But a lurch into an even more intense era of mass data-collection -- the vast hoovering up of who went near whom and when, who is healthy to travel, and even scraps of personal DNA languishing in databases -- appears to be on the verge of becoming the new reality.


Will this grave new world intensify our desire for privacy, or extinguish what little left of it we had?

It took the attacks of September 11, 2001 to shove aside the previous decade's phobia of mass surveillance, and usher in an era where many of us imagined the state was probably skimming our emails, in exchange for keeping us safe from terror.

Over the next 15 years, billions of people agreed to a tacit deal where Facebook or Google were permitted to learn a staggering amount about them in exchange for free access to messaging apps, news, and shared pictures of a baby dancing, or a dog driving a car.

Eventually, that mutated into the heights exemplified by Cambridge Analytica -- private companies hoovering up the online lives of tens of millions in order to try to sway elections.


But the challenge presented by Covid-19 -- and the urgent need to trace contacts and movements -- is of another scale of intimacy. South Korea located over 10,000 cellphones near the latest outbreak and texted them to suggest a coronavirus test. The UK government has toyed with a centralized database of movements and health records, secured by government cyber-spies, able potentially to see who has been sick and who they have been near. Russia and many others have issued QR codes. China is putting surveillance cameras right outside people's doors.


Technology is again claiming the mantle of the savior we need to fill the gap between where we are now, and the new, knowledgeable, and capable place we need to be. Apple and Google are again offering solutions government cannot -- embedding into our phones anonymous methods of knowing who we may have infected and when. We are already seeing the extraordinary potential of these technologies in limiting the spread of the disease. But if they become ubiquitous, where does this new scrutiny end? When does it stop being helpful? Will we look back at 2020 as the moment privacy finally evaporated?
'Mission creep' feared

Few privacy advocates doubt the seismic nature of this moment. Some experts fear mission creep, while others see this as a chance to finally have our laws catch up with the digital age.

Privacy International called Covid-19's impact on privacy "unprecedented."

"9/11 ushered covert and overt surveillance regimes, many of which were unlawful," said Edin Omanovic, the campaign group's advocacy director. The surveillance industry "understands that this is an opportunity comparable to 9/11 in terms of legitimizing and normalizing surveillance. We've seen a huge willingness from people to help them as much as possible. However, helping health authorities fight the virus is different to helping security authorities use this moment as an opportunity for a data grab."

The way in which technology chooses to adapt to the moment may also define its success after it. The urgency of action after 9/11 -- and the things that were done "just for now" that became commonplace and permanent -- carry valuable lessons that governments may still choose to ignore. Edward Snowden and other whistleblowers exposed how huge amounts of phone or email data had been hoovered up by governments routinely, leaving some unsure if their democratic way of life was being eroded or protected by their security agencies.

Professor Jon Crowcroft, who pioneered one of the first influenza monitoring mobile apps at Cambridge University in 2011, said governments' introduction of apps, such as those in the UK, should be explicit about "sunsetting" -- the removal of data after a defined period.

"Just having a clear position on deleting that data after, say, 30 days, when it is clearly of no use for anyone -- because contacts will have recovered, epidemiologists will have improved their models -- would really help the public trust," he said.

Crowcroft fears two areas of "mission creep": the first being if the app or data is used to enforce isolation on people, and the second in imposing the need for an "immunity certificate" on a person who has the virus antibodies (though the science on this is far from settled).

But he added that, as we have seen in the past, practicalities may triumph over privacy: we will perhaps be less fascinated by how the apps technically gather and store data, "but will like the idea of being able to get out (to work & socialize) more safely and possibly sooner."

It's the same practical payoff that lured billions into social media; life was made better by platforms that did not appear to ask anything of you, yet created a trillion-dollar industry boosted by the commercial and predictive power of observing social media users. Despite growing privacy concerns, some 2.5 billion people use still use Facebook every month.
'Nothing here is inevitable'


The title of Shoshana Zuboff's book "The Age of Surveillance Capitalism" referred to the power and wealth accrued by tech companies who amassed huge amounts of data over the past two decades. She thinks Covid-19 could mark a moment not of the continued, inevitable dominance of these giants, but instead of people reasserting their rights in the way they should have done when these new online hyperpowers emerged.

"9/11 compromised our democracies in relationship to tech companies and their growing capabilities," she said. "We ended 2019 with people around the world in the process of waking up and appreciating the fact that surveillance capitalists have amassed these immense empires of unaccountable power. They have been given a free pass to do whatever they wanted: to steal our experience secretly, and combine that data to predict our behavior, then sell those predictions and become trillion-dollar companies."

This is a moment for better-informed societies to create the legal framework they've lacked to master the power of technology for their benefits, she said. Public health has always had an element of surveillance and tracking in it to monitor the spread of a disease, even before big-tech came along, she added.



"For people who are charged with tracking disease, surveillance systems are very important," she said, adding that we should permit some of our movements to be tracked for the good of common public health, a sacrifice of our privacy similar to how we choose to vaccinate children. But, she argued, new hi-tech surveillance has blighted that old, desperately needed health monitoring as being from the same intrusive fold.

"What's happened now is that we're so fearful of the other kind of surveillance that these things are conflated," she said. "We're hitting this wall of mistrust, because we have failed over the last 20 years to create the institutions, legislation, and regulatory paradigms that allow us to trust in this new invasive world."

Zuboff said the current vacuum in leadership in some Western countries meant tech giants could try to insert themselves into the problem as the only and obvious solution. "The dominant surveillance capitalists want us to believe and feel that in the vacuum that our leaders -- certainly in the UK -- have left in their wake, they are the ones to come and fill it."

But the pandemic could also present an opportunity to re-assert -- or finally assert -- regulation over the new digital age. "Nothing here is inevitable," she said. "We have a responsibility to society as well as to the privacy of individuals. And we can do both. The answer to that question is entirely up to us."

Yet, like 9/11, the moment is one of panic, coping, and rush for a return to normality, and less of a nuanced discussion about how the crisis can become an opportunity to fix the wrongs of the past. Without that discussion, our new normals may become a world in which a little bit more of our inner selves is out there in the ether, at risk of misuse.


No comments: