Reducing Privacy Impacts of Surveillance During COVID-19


Until scientists discover a vaccine or treatment for COVID-19, our economy and our privacy will be at the mercy of imperfect technology used to manage the pandemic response.

Contact tracing, symptom capture and immunity assessment are essential tools for pandemic response, which can benefit from appropriate technology. However, the effectiveness of these tools is constrained by the privacy concerns inherent in mass surveillance. Lack of trust diminishes voluntary participation. Coerced surveillance can lead to hiding and to the injection of false information.

But it’s not a zero-sum game. The introduction of local community organizations as trusted intermediaries can improve participation, promote trust, and reduce the privacy impact of health and social surveillance.

Building Trust with Transparency

Privacy technology can complement surveillance technology when it drives adoption through trust borne of transparency and meaningful choice.

We can try to understand privacy technology from the perspective of decentralization. Decentralization keeps all personally identifiable information under the user’s control, therefore offering total transparency over its use and total choice over how it is used.

Ideally, managing contact tracing, testing, test interpretation, symptom reporting, health records, relationships, and location history should be decentralized. This information should be entirely under the control of the individual, and contribute only aggregated learning to the collective — using differential privacyhomomorphic encryption, and split learning.

While these technologies are still too immature and expensive to be useful for the present pandemic, current technology does not force a binary choice between absolute decentralization and coerced government surveillance. Partial decentralization of technology and technology policy at the level of a cooperative, community, or town can leverage the trust many have in their local relationships and the peace of mind that comes from the ability to choose what information to share with whom.

Focus on the Community

Technology for contact tracing and immunity monitoring requires widespread adoption to be effective. But this adoption, like access to physicians and testing, often happens locally.

Still, a community that adopts technology A with policies B can benefit even if, 20 miles away, another community implements technology C with policies D. To the extent that these technologies share some common standards, they can effectively report valuable statistics to state and national entities without the release of significant personal information.

Technology for contact tracing, symptom reporting, and checking immunity status can be incrementally deployed, one community at a time, and customized to the prevalence of virus, demographics, and employment profiles of each community. Local hospitals, physician practices, and pharmacies, together with the local board of health can suggest appropriate policies, and community leaders can issue the call to action that leads to adoption. Large employers can contribute resources appropriate to the local situation as a matter of self-interest.

There are hundreds of groups around the world developing contact tracing, symptom reporting and immunity status apps. They range from state actors to hobbyists to private finance. Many of them introduce new privacy technology based on cryptography, blockchain-based decentralized identifiers, and digital credentials. Apple and Google are planning to update their mobile phone operating systems to launch a decentralized contact tracing platform, an attempt to improve privacy that all the while gives them surveillance power that will impact society long after the pandemic is over. A shift in power from the state to private multinational corporations in the name of privacy seems unwarranted. Can we do better?

Building on Decentralized Health Records

A volunteer group led by physicians, nurses and health industry professionals, including Dr. Michael Chen and myself, has been exploring decentralized, patient-controlled health records for over 5 years.

In a homeless health record project with Emory Healthcare, we demonstrated how a trusted shelter could support their constituents’ adoption of privacy-preserving health records technology while also providing convenient access for authorized clinicians and the Medicare database. Our work has also influenced, and been cited in, official plans by the Indian government.

Our community-led decentralization approach to building trust can reduce anxiety in contact tracing and add context to immunity reports. We treat sensitive personal data (e.g., lab results, location history, and risk factors) as part of a connected but patient-controlled health record much as our assets are connected through a bank account we control. We allow credentialed clinicians, including doctors, pharmacists, and public health officers to issue immunity credentials the way they would write a prescription. We call this the Trustee® Immunity Passport. It is standards-based, free and open source software that can be used by any app developer and any community as a trust-building framework.

Our technology has uncovered the importance of community support for building trust by shifting control over sensitive personal information away from federal, state, and corporate networks. Technology that leverages trusted local institutions and trusted clinicians can promote both health and economic recovery during and after the COVID-19 pandemic.

9 thoughts on “Reducing Privacy Impacts of Surveillance During COVID-19

  1. Serious question

    Is it somehow possible to do contact tracing without tracking individuals?

    This seems like a contradiction in terms

    What are you supposed to do with the aggregated data?

    1. It is a contradiction in terms.

      To have aggregated data, you first need to have data. Somewhere, some machine, controlled by somebody, will have the data. You can choose to trust it will be temporary and not abused, just like we chose to trust the PATRIOT Act… 20 years ago…

      1. Tracing individuals isn’t the bad part; its the lack of guardrails and scope creep. If we could trust the govt agencies and/or corps to be overseen and whistle-blown if they cheat or unfairly apply these emergency powers id be more comfortable.

  2. To privacy people:

    How are you with *opt in* contact tracing?

    The argument in adrian’s post seems to be that people should share data with those they trust.

    Some people don’t trust tech companies. Some people don’t trust the government. Other people do .

    I happen to trust healthcare providers .. I don’t necessarily trust tech companies, but I think the trade offs may be worth it in this case
    My instinct is that for now people want the power to make up their own minds

    1. What’s the alternative to *opt-in* contact tracing?
      a) coerced contact tracing
      b) lying to the public health officer when they call and ask for information
      c) [ your alternative here ]

  3. all I can say is a society that allows b in a pandemic is broken.

    my right to privacy does not allow me to potentially kill my neighbors or endanger innocent bystanders any more than it allows me to store nuclear weapons in my home, or experiment with toxins …

    1. Asian countries have a phone camera image of your surroundings as a check in for quarantine tracking.

      1. sure, you can lie, but if you do, you can and should face criminal penalties

        Believe it or not ..

        There are people who will do this *not because they believe in lofty political principles* but because they are selfish and just don’t care about anybody else

      2. …exactly, so *society* needs to do its best to get opt-in from as many people as possible.

        Our experience with #COVID19 is that communities seem to be more likely to do the right thing than the government.

        Hence my post.

Leave a Reply