COVID-19 has served as the pretext for widespread surveillance
Mass data collection, geo-location tracking and facial recognition have become normalised in the climate of widespread fear of contagion. Yet these threats to privacy, liberty and democracy will only deepen with the imposition of contact tracing apps.
The COVID-19 response across Europe has seen the widespread introduction of technological surveillance and tracking measures which infringe on civil liberties and human rights, and while some drastic actions could be justified in an unprecedented situation, the broader concern is that the various aspects of digital authoritarianism that have been imposed will remain intact beyond this crisis.
Under a climate of widespread fear and uncertainty, measures which would have previously seemed unthinkable and likely to have faced strong opposition in any other circumstance have been introduced without appropriate scrutiny as to whether they are proportionate to counter-epidemic efforts and thus worth the security-liberty trade-off at hand.
As has already been witnessed amid the lockdown period, the measures taken thus far allow plenty of room for abuse of power and are only to intensify under the constant threat of the virus re-emergence.
Tech-based measures seen in Europe
Among the first hi-tech measures widely deployed was drone surveillance, introduced in Belgium, Croatia, France, Greece, Hungary, Poland, Spain, Turkey and the United Kingdom, to monitor the public’s compliance with lockdown regulations and social distancing.
France’s highest administrative court soon found the use of drones unlawful due to privacy infringement as the data collected made it possible to unveil the identity of the person being tracked, and drones used by Greek law enforcement were deemed insufficiently regulated to prevent breaches of privacy.
In Poland, the government introduced an application which prompts those under quarantine orders to upload selfies within a 20-minute window to confirm they are at home, verified using facial recognition combined with location data, yet there is no explanation as to why images are to remain in government servers for six years, if it is a temporary solution.
Russia installed a network of 100,000 facial recognition cameras to keep track of quarantined individuals. Many who stepped out merely to buy groceries were contacted within minutes by authorities and subsequently fined for breaching the rules, indicating that the technology is linked with a vast network of other personal data.
A law in Slovakia passed which allows the Public Health Office to use location data from smartphones to track those in quarantine, yet despite government claims that only limited data would be collected and used only in connection with the outbreak, information containing people’s gender, age and street name was published . Serbia has taken things a step further, with president Alexandar Vucic admitting to tracking phone numbers to follow the movements of individuals, particularly foreign nationals, and warned citizens to “not try to trick us by leaving the phone in one spot [while moving] because we have found another way to track who violates the rules”.
Police in Bulgaria were able to request and obtain information from telephone and internet operators concerning citizens’ private communications to monitor those under quarantine, from which authorities could trace their actual location and see with whom they spoke and which websites they visited.
Romania , Germany and Liechtenstein have already tested biometric bracelets on quarantined citizens which, in the former’s case, provides the location of the wearer and informs authorities as to whether they stayed at home or stepped outside.
Journalists and human rights defenders under threat
While the threat of false information amid a pandemic is of course concerning, the virus has served as a convenient pretext in many countries to prosecute dissenting journalists and human rights defenders.
Council of Europe’s Commissioner for Human Rights, Dunja Mijatovic mentioned that, in the Czech Republic, Serbia and Italy, journalists have been “prevented from attending press conferences, obtaining information from health authorities or documenting the operations of law enforcement officials” and urged for proportionate measures in regards to disinformation.
In Hungary, where the government suspended EU data protection rights amid the crisis, anyone who publishes “false” or “distorted” facts could face up to five years in prison, while numerous citizens , and even an opposition party member , have already been visited by police for posts made online. A similar law has been adopted in Bulgaria , which the government intends to keep in force even after the crisis. Romania enforced an emergency decree which, among other measures, allowed the order of take-down notices for websites and news reports containing “fake news” without the possibility to appeal while in Turkey , numerous journalists are facing criminal investigation and detention for reporting on COVID-19.
More surveillance through contact tracing apps
Yet the last few months have served as the foundation for the further expansion of surveillance that will arrive through government-issued contact tracing apps – to be pushed more aggressively upon a more-than-likely second wave – as they will incorporate much of the above and allow room for wider violations of privacy, freedom of expression and human rights.
A May 2020 study by Ogury found a serious lack of trust in government to protect data on contact tracing apps in Europe’s five most populated countries. In France, where just 2 percent of the population downloaded the app, 33 percent of respondents would be willing to share data and 63 percent do not trust their government to protect their information. In Spain, 57 percent do not trust the government to store data securely while in Italy 59 percent have concerns about data security, with 62 percent of those surveyed unwilling to share any data.
Even in Germany, where contract tracing app downloads surpassed 6.5 million in 24 hours, similar numbers were seen with only 36 percent willing to share data and 60 percent do not trust their government on data security. The UK, whose centralised app was abandoned, has the greatest distrust of government to store data (60 percent).
And with some reason too. Norway was forced to pull the plug on its contact tracing app after the national data protection agency said it was too invasive of privacy while in Poland, a senior software engineer quit his government’s ProteGo Safe project after one meeting with the Ministry of Digital Affairs as officials wanted the app to link data with phone numbers which would simply enable users’ deanonymisation.
Some 170 researchers and scientists in the UK working in information security and privacy signed a joint letter about their concerns over this system to the National Health Scheme’s (NHS) app. “It is vital that, when we come out of the current crisis, we have not created a tool that enables data collection on the population, or on targeted sections of society, for surveillance,” the statement read.
“Such invasive information can include the ‘social graph’ of who someone has physically met over a period of time. With access to the social graph, a bad actor (state, private sector, or hacker) could spy on citizens’ real-world activities. We are particularly unnerved by a declaration that such a social graph is indeed aimed for by NHSX.”
Google and Apple – the global duopoly of all operating systems on which these apps will run and are in control of automatic API updates – stated that they will eventually allow them to “enable interaction with a broader ecosystem of apps and government health authorities” which would allow for the creation of the aforementioned ‘social graph’.
It is often defended that these apps will run on an ‘opt-in’ basis, but the inevitable social, and governmental pressure to use them, or the probability of making them a requirement for work places or for air travel, will make their voluntary status dubious, essentially coercing the public to subscribe to vulnerable fast-tracked software that would fundamentally alter the nature of our lives.
Even the WHO admitted that the “effectiveness of digital proximity tracking to assist contact tracing remains unknown” and that “currently, there are no established methods for assessing the effectiveness of digital proximity tracking” while Human Rights Watch has also questioned such apps, warning of its wider surveillance capabilities.
Applications running on a ‘voluntary’ basis does not necessarily mean that the processing of personal data is based on the user’s consent, with most public and private entities involved in such projects unwilling to disclose for how long people will be monitored or how data will be collected, nor mentioning whether data collection will cease once the pandemic subsides.
The fierce debate within the EU over whether such apps will be centralized or decentralized, opt-in or obligatory, GPS or Bluetooth, are thus redundant, merely a distraction from more important considerations.
From the constantly evolving data which indicates a far lesser threat than first envisaged, with the CDC updating its best estimate of COVID-19’s death rate for patients who show symptoms to 0.4 percent , to other studies on antibodies which show that far more have them in their system than those who actually have the virus, and other experts insisting that such apps would only be effective at the very start of pandemics, there are clearly wider considerations that such apps leave out.
Yet concerns from professionals who sway outside the consensus of the self-anointed ‘official’ voices seem to fall on deaf ears due to an ever-more controlled and conformed information stream, allowing the COVID-19 fear mechanism and the stringent technological measures that come with it, to be activated with the flick of a switch.
The constant threat of the virus’ re-emergence plays directly into the hands of governments which have shown to be keen to impose tighter control of their populations, backed by Big Tech companies with questionable track records on privacy who are among the biggest beneficiaries of the crisis .
As a result, contact tracing apps and other invasive technological measures, which will be intrinsically linked with just about every facet of our lives, make for a frightening new reality if left unchecked and under scrutinised.
Also available in the following languages:
This is Part I on a tech series by Andreas Vou for BigTechtopia in collaboration with VoxEurop and the European Data Journalism Network