But different countries are balancing public health and individual privacy in very different ways. As new surveillance tools emerge, the choices governments make reveal how they assess the relative weight of public health and privacy — and how this balance might change as new challenges emerge. Here are three big questions.
Opt-in or compulsory compliance? Both have trade-offs.
Should surveillance be mandatory? That’s the first key question for many governments. Voluntary or “opt-in” surveillance programs give each person more control over how much personal information they share, and intrude much less on personal privacy. But voluntary programs generally provide less-high quality data than compulsory surveillance. Not everyone will opt in, and those who participate may not be representative of the broader population. This leaves gaps in the coverage of some communities.
That’s an acceptable trade-off, for some governments. U.K. officials are reportedly building an app for voluntary mass surveillance, asking citizens to temporarily share location data as an act of patriotic duty. Singapore has rolled out a similar app to augment its aggressive contact tracing strategy, boosting efforts to identify anyone who might have crossed paths with an infected person.
Other governments do not give citizens the choice to opt in to sharing their data. Mandatory surveillance programs claim sensitive information, like user locations, without the ability for citizens to opt out. This may provide better data to support efforts at contact tracing, but the downside is far greater intrusion into individual privacy.
In Israel, the government designated coronavirus an issue of “vital national security,” allowing its Internal Security Agency to tap a previously undisclosed database of highly detailed cellphone information. By tracking movement and communications of the entire population, authorities have more tools to retrace the past activities of all infected individuals and alert anyone who may have been exposed to a potential carrier.
Similarly, South Korea’s widely praised response to the coronavirus relies on the capacity to identify potential carriers through surveillance tools — like cellphone tracking, extensive CCTV analysis and re-creating purchase histories by mapping cashless transactions.
Who controls the data?
The second key design choice is whether to centralize data in government agencies, or leave it with private companies. If the data goes directly to government, it’s easier for authorities to collect, process and combine information from disparate sources.
However, this approach also makes it easier for the government to use this data in future, for other purposes. A recent opinion by the U.S. government’s Foreign Intelligence Surveillance Court, for example, found that the FBI has been unlawfully using communications data originally collected by the National Security Agency to identify foreign terrorists since 2008. Some privacy advocates accordingly prefer that private companies hold most personal data, producing it for governments only when legally obliged.
Many countries are prioritizing efficiency by centralizing information in government hands. Israel’s tracking system draws directly on cellphone data already collected by security agencies, while China’s even more comprehensive surveillance combines data collected by public and private entities in one smartphone app.
Or solutions can bypass the private sector completely. Officials in Hong Kong are forcing all incoming passengers to wear a location-tracking wristband, while Taiwanese authorities place an electronic fence around quarantined homes that detects when anyone so much as turns off their phone.
U.K. authorities took the opposite approach in partnerships with telecommunications providers O2 and EE. Both firms use location data to evaluate whether Britons are effectively socially distancing, but retain all identifying information and share only anonymized location data with government officials.
What about the United States? Tech giants like Google and Facebook are reportedly in talks to share insight from anonymized location data about their users with health experts, without actually handing over location data itself. This is likely to be part of a system for monitoring the spread of covid-19 to be built by the Centers for Disease Control, which was allocated $500 million in the recent emergency stimulus bill passed by Congress.
What are the long-term consequences?
For most governments the question right now is not whether to surveil their populations — but how to decide what form the inevitable surveillance should take. Choices made now will have consequences that last long after the crisis itself. One effect may be to make extensive mass surveillance seem a normal part of life in advanced industrialized democracies.
Until the coronavirus crisis, democracies have largely limited mass surveillance techniques that uniquely identify members of the population to intelligence and counterterrorism missions. But after the crisis abates, autocracies and democracies alike may find their citizens more willing to accept greater government oversight of their daily activities.
Recent brushes with infectious diseases helped normalize high levels of surveillance in much of East Asia. South Korea’s 2015 experience with Middle East respiratory syndrome (MERS), for example, laid the groundwork for its extensive public disclosure of information about potential carriers of the coronavirus.
But surveillance architectures created in haste could prove difficult to dismantle with anything like the same speed. Pro-privacy groups like the Electronic Frontier Foundation and STOP are already warning that the infrastructure of tools like facial recognition may not be dismantled. In all likelihood, the status quo has now changed forever — and the improvised solutions of today will inevitably shape the surveillance regimes of tomorrow.
Ben Power is a PhD candidate in political science at the University of Wisconsin-Madison.