About the debate on Covid19 apps
[See updates here [ES]: https://xnet-x.net/inteligencia-artificial-datos-covid19/]
How our data is being used
Regarding the applications that are emerging and the use of people’s data in the fight against Covid19, there are two opposing positions.
At one extreme, intensive use of data. The cases of China, Singapore or South Korea are, as far as we know, where the most intensive use of data has been made (https://www.nature.com/articles/d41586-020-00740-y).
Its applications combine self-diagnosis with geolocation and its subsequent processing. That is to say: the population have to download an application on their cellphones; the user self-diagnoses with the app. If the diagnosis is positive, it leads automatically (in theory and depending on the country) to medical help. At the same time, through your geolocation data, all the people with whom you have had contact in the previous 15 days can be traced and warned (and sometimes also watched) so that they remain in confinement (https://coronamap.site; https://bit.ly/3e0sUeN).
The above-mentioned countries (but also Slovakia and others) have gone to the extreme of putting all those infected on a map, creating stigma and even persecution, which constitute serious violations of people’s privacy. However, from a coldly analytical and purely theoretical point of view, this system, when combined with another approach that is being used in some countries – preventive tests to identify the vast majority of asymptomatic people – would permit the identification of non-infected people. This in turn would allow them to move freely and ensure the operation of the most essential services, which means that those carrying out the services would shoulder less risks than they currently do.
Naturally, we repeat, this is all purely theoretical, not realistic (“…despite our good contact tracing, for nearly half of these cases, we do not know where or from whom the person caught the virus”) and it’s based on ex post facto studies (https://bit.ly/2UQzSet).
At the other extreme – an extreme necessary because of the constant scandalous abuses of our personal data – you have people saying that the data can hardly be used without seriously and irreversibly compromising individual rights (https://bit.ly/2USgeih ; https://bit.ly/2x0JdYl).
(Here are the opposing positions: https://bbc.in/2XkDkQb and https://bit.ly/3bXQff9).
As we have recently seen in our area, some of these apps are in the hands of companies devoted to exploiting people’s personal data (https://bit.ly/2Ro5QNk). Governments even pay them to take advantage of that data in times of crisis, allowing them to operate on a dubious legal footing and extract a large amount of information, far beyond whatever might be necessary for the meager benefits they offer.
Self-diagnosis serves helps relieve the emergency hotlines of calls from worried people. It’s useful and necessary. Now, self-diagnosis can be done with an online questionnaire (something like the chat bot announced by the Spanish government). If a positive self-diagnosis results in a direct connection to emergency services followed by adequate medical intervention, then it makes sense to collect (some of) the data. But what’s the use of collecting so much data, if the result is only “Call this emergency number”? If the data collected does not automatically reach an emergency channel that triggers actions, it’s not necessary. An online questionnaire with a final statement and the number to call would be good enough.
Certainly there are other predictive uses of the collected data that we will not analyze, all of them related to geolocation: mapping the areas of contagion on the one hand (https://bit.ly/2RjdYi7) and tracking adherence to confinement protocols on the other (https://bit.ly/2UPOevS ; https://bit.ly/39QElCj).
How our data could be used
We’d like to return to the initial example of China, Singapore and Korea, to talk more about geolocation. It’s important to keep in mind the possibility of retroactively tracking the movements of infected people in order to save lives and avoid further contagion among those they’ve been in contact with, and among the latters’ contacts, etc – especially when the authorities haven’t acted swiftly to purchase or develop diagnostic tests for preventive use. This kind of tracking could also save resources. Obviously we are opposed to it being done in an authoritarian and invasive way. But on the contrary, there’s a factor at the basis of digital culture and technopolitical action that the authorities seldom take into account, even though, as we are seeing, it’s the key to the future. It’s distributed citizen contribution: proactive citizenship as an essential condition for democratic, ethical and agile governance in the digital age.
Let me explain: according to the European Data Retention law, telephone companies are obliged to keep all our data (including travel) for a period ranging from six months to two years depending on the country. Then they must be erased to avoid creating a permanent profile of people for analysis of our inner selves, as in the Stasi era. The reason these data are held is to solve police cases. They are used to reconstruct a trip or to identify when two or more people have been in the same place, because their mobile phones were in the same place at the same time. Fortunately, the law only provides this option for use without the consent of those affected, even in emergencies, to avoid temptations of authoritarian surveillance (https://bit.ly/2UOKrPo ; https://bit.ly/2UOUkwm).
[Here you can compare the criteria of different Data Protection Authorities in the EU:
Nonetheless, any of us has the right to request our full data file from the telephone company, which is obliged to give it to us. The handling of this data by third parties would be a serious intrusion into the private life of people since it reveals whom we have contacted, whom we have met, the places where we have been and for how long. In other words, the data reveal intimacies, vices, habits, etc. But the handling of this data by its owner would not be invasive.
We suggest to hack Data Retention as we have hacked copyright with copyleft.
Each person with a confirmed case could quickly have a clear picture of all their activities over the previous 15 days. This information would be very useful to be used during the contact tracing interview with the doctor.
[Note: this text has been written before the Bluetooth contact tracing option. Nevertheless it is still valid for the mapping of the movement of a Covid19 positive person to be used both during the contact tracing interview and the mapping of contagious areas].
The important thing would be to automate this process so that it is done by the interested party voluntarily and privately, according to their will and criteria.
It’s important that the design of a democratic system be updated to allow essential citizen cooperation, recognized and effectively taken on board by the authorities who, as we are seeing, cannot cope with the situation alone. [Civil society has already gotten activated, check it out: https://bit.ly/2JPcA2o]
As we’ve remarked elsewhere (https://bit.ly/2JMlJZs), the use of massively gathered data about the population is not only positive, it’s the future, as long as that data is strongly anonymised, so that not only governments and corporations but also citizens can use it. Big data must be subject to democratic rules: it must be a common good at the service of citizen science and innovation and not the property of governments and corporations. On the other hand, transparency should govern the formulas with which the data is aggregated and anonymized so that its use does not devastate people’s lives. Algorithms are like recipes. It is not enough for us to be told “Don’t worry, to exploit your data we will apply an anonymization and aggregation recipe.” We need to know the recipe, the ingredients, the quantities and the order in which they will be combined.
The display of raw power that Google has accomplished with the publication of a study that any government in the world would like to have done is a humiliating blow that will bring stars to the eyes of many politicians, who will simply fall dazzled into their arms (https://bit.ly/2VcrFk0 ; https://bit.ly/2yGFDCZ). We are not saying that this information should be wasted, but it is necessary to reflect on the power that companies like these are allowed to have and on the proper conditions of any collaboration, whether it comes from companies or from the people: human rights, privacy, open data as a common good, open science and citizen innovation.
All this leads us to a final consideration that is undoubtedly clear to everyone: before this crisis, for years, political leadership has carried the administrative structure into the digital age in a highly circumstantial and irregular way, and we are paying for that very dearly. The steps that have been taken, with some exceptions, have been more for the sake of show, and they’ve been done out of incompetence, self-interest, laxity or credulity, often by getting into bed with corporations that promise miracle applications – very expensive and exclusive solutions that we all pay for – things that look great in a politics of appearances, but nothing more.
When we get out of this, as the philosophy of the Network demands and has demonstrated, the obligation of companies and institutions to hand over the data they extract from our lives – in open and anonymized form, for innovation and citizen science – and the administration’s ability to keep up with an agile and democratic digital age placing the rights of people front and center will be compelling obligations that we will have to forcefully demand (https://on.ft.com/2Vfd2ME). We have seen that, as with medical research, for example with vaccines, technological initiatives with population-level data must be in the public domain if we want to move fast enough to overcome massive catastrophes (https://bit.ly/3e5P3ID ; https://bit.ly/2x0KC13).
This post has come out in a hurry and we are still investigating all this. Here is some interesting information that we are still studying:
1 – Comparison of apps and adaptation ES: https://github.com/open-coronavirus/open-coronavirus
2 – Open test that does not store data: https://celiavelmar.github.io/open-covid19-test/
3 – In line with what we propose, to study: https://www.pepp-pt.org
4 – The Singapore government app. They say that it makes contact-tracing using the bluetooth of the mobile phones that found around it, respecting privacy and without saving the location, which surprises us because the Singapore government is not exactly known for its respect for human rights (https://www.amnesty.org/en/countries/asia-and-the-pacific/singapore/).
To study: https://news.ycombinator.com/item?id=22702701
5 – Joint civil society statement: States use of digital surveillance technologies to fight pandemic must respect human rights:
6 – Protection of Civil Liberties During a Public Health Crisis:
7 – Coronavirus: Privacy in a pandemic:
8 – We need privacy and data laws to tackle this global pandemic:
9 – Data and privacy in times of covid19:
10 – Covidapp will share the user’s GPS location with the security forces:
11 – The Government will initiate the tracking of mobile phones with autonomous communities and operators to combat the virus:
12 – Tracked by the mobile to stop the coronavirus:
13 – Valencia prepares a pioneering project with mobile data to trace the movement of the coronavirus: https://elpais.com/tecnologia/2020-03-19/valencia-prepara-un-proyecto-pionero-con-datos-de-moviles-para-trazar-el-movimiento-del-coronavirus.html
14 – Of the right and the rules:
15 – What does the BOE say about geolocation in quarantine?
16 – Last updated: March 19, 2020 Hogan Lovells Coronavirus and data protection -Guidance by data protection authorities:
17 – All your movements will be tracked:
18 – The opacity with the data of the administrations hinders the work of the hospitals in the face of the pandemic:
19 – Google has made specific analysis of mobility guidelines since February 1:
20 – The Government gives the green light to the ‘app’ against coronavirus and mobile tracking:
21 – China, coronavirus and surveillance: the messy reality of personal data:
22 – In @nytimes how scientific cooperation is intensifying:
23 – Problematic announcement from Google, Telefónica and Ferrovial: they will make an app for #COVID19 Esp: https://twitter.com/X_net_/status/1239941258061242369
24 – #DatosPorLiebre – XNet Proposals on Privacy, Data Protection and Institutionalized Abuses:
25 – Open Coronavirus: https://github.com/open-coronavirus/open-coronavirus
26 – Pan-European Privacy-Preserving Proximity Tracing: https://www.pepp-pt.org
27 – Reform of the Law of Public Order of Singapore:
28 – Singapore to Open Source: https://news.ycombinator.com/item?id=22702701
29 – MoMo Team. CNE, March 24, 2020 Surveillance of excess mortality from all causes. MoMo:
EXTRA BALL – Regarding all this, it is important to read our report: #DatosPorLiebre – XNet Proposals on Privacy, Data Protection and Institutionalized Abuses:
The collective intelligence of the conversations on the EDRi and Nettime lists and with Felix Stalder and Brian Holmes have contributed to this text. Translation BH.