Many governments in western democracies wish to use our mobile phones to track social-distancing compliance during the coronavirus pandemic. William H. Hampton of the TechX LabExternal link at the University of St Gallen explains how the authorities can get the information they need while minimising invasions of personal privacy.This content was published on April 17, 2020 - 09:21
One of the goals of our research lab is to understand how technology can be used to better understand and improve peoples’ lives. In our studies we often collect mobile data, including mobile tracking information, and in the process have learned much about the advantages and downfalls of this emerging technology.
The world's governments have also been examining mobile phone dataExternal link, with a timely goal of tracking compliance with Covid-19 mandates. In contrast to our studies, in which we obtain informed consent, governments have been tracking populations at large and without notice—sparking concerns of privacy violations. Some have argued obtaining these geo-specific compliance data has been invaluable in guiding health policy action. They argue that by knowing that a certain area is non-compliant, we can predict with some accuracy that that area will be more likely to see a spike in cases and take critical early steps to address the anticipated surge in infections.
Despite these potential advantages, not everyone has been welcoming of Covid-19 mobile tracking. Individuals and privacy watchdogs have voiced concerns that allowing such tracking may be a step down a slippery slope toward an Orwellian future in which the government permanently and pervasively tracks our every move. This sentiment is part of a larger ongoing discourse about digital rights and related movements championing the right to privacy. To assess the pros and cons of using mobile data as a tool to aid disease tracking, it is important to first understand how mobile tracking works in the first place.
Contemporary mobile smart phones contain hundreds of sensors, some of which are well-known such as microphones, cameras, and global position systems (GPS). Others are less conspicuous and include Bluetooth modules, accelerometers, gyroscopes, proximity sensors, and ambient light detectors. Although governments have not explicitly disclosed which sensor data they have been monitoring, we can infer from public statements that they have been examining GPS data.
Your mobile phone contains a GPS chip that communicates with satellites, often integrating this data with other information from cellular base stations and WiFi networks to triangulate your location to within about 5 m (16 ft).
For the Covid-19 pandemic, governments have used GPS data to estimate adherence to Covid-19 travel guidelines. Not surprisingly, some have objected to having their location tracked without consent. The governmental entities engaging in GPS tracking have largely eschewed such complaints, arguing that they anonymise data. Yet none have specified how data are anonymised. This is troubling as location data can be difficult to make truly anonymous.
Imagine that your house is over 50 m from any other house; because your phone detects your location to within 5 m, your GPS location would essentially be interchangeable with your street and house number. Scrubbing your name from such GPS data might therefore be no more effective in protecting your identity than removing your name from your mailbox at the end of your driveway. New research has also shown that because movement data is highly unique—comparable to a fingerprint— such that even individuals in densely-populated urban areas could theoretically be readily identified.
Next, to track congregation behaviour or more subtle interpersonal physical distancing, our studies suggest that governments might look to mobile Bluetooth data. You may know Bluetooth as the technology that allows you to listen to your music with wireless headphones or speedily transfer a video to a friend. You may not know, however, that Bluetooth also regularly checks your vicinity for other Bluetooth devices, tucking the results of these checks away in timestamped log files in your mobile. Your phone can therefore “sense” how many other phones are in the vicinity, as well as how far away they are by measuring the signal strength between any two devices (stronger signal in most cases indicates less distance). In this way, in the days after issuing a distancing mandate, agencies would be hoping to see your phone detect fewer devices and with weaker signals as an indication that you are following the rules.
So far no government has admitted to using Bluetooth data, but the UK's National Health Service announced it is developing an opt-in appExternal link that will leverage Bluetooth sensor technology.
Remember that both GPS and Bluetooth chips can easily be deactivated in your mobile system settings. In this sense, any individual is free to ‘opt-out’ of all such tracking, though many users might miss the associated mapping and transfer functions.
So how can governments get the information that they need to track disease and make policy decisions that could save lives while minimising invasions of personal privacy?
First, they can be much more transparent about their mobile tracking programmes. The more we know about what information they are collecting and how it is being anonymised and analysed, the better we can evaluate the ethical and legal implications of their actions. Second, it might be best to give governments access to only aggregated mobile tracking data. As the name implies, aggregated data only provides information at the group level, as a kind of summary, not per individual. This is what Google has done with their Covid-19 Community Mobility ReportsExternal link, which notably will only be accessible for a limited period during the pandemic. In theory, this should allow governments information that they need, without providing tracking data on any single person. From a privacy perspective, this approach would be far superior to simply “de-identifying” data (for example switching a name for a random number), which does not lead to true anonymisation.
Ultimately, as with any new technology, it is how we use it that matters. As Noam Chomsky eloquently put it, technology is “like a hammer, which can be used to build a house or to destroy someone’s home. The hammer doesn’t care. It is almost always up to us to determine whether the technology is good or bad.” We hope to see governments using mobile tracking to hammer the spread of viruses, and not to shatter our personal privacy.
The views expressed in this article are solely those of the author, and do not necessarily reflect the views of swissinfo.ch.
In compliance with the JTI standards