In terms of privacy, the past few months have brought about a tidal wave of actions by governments that a short while ago would have been seen deeply tinged with dystopian undertones. Placing entire cities, countries and regions in lockdown and creating digital applications to track movement have been swift and (perhaps) necessary actions by governments. At the same time, these measures have had clear and dire implications for privacy and democratic freedoms more generally. What is done now can lay a long lasting foundation for how we see the role of data and privacy in the relationship between people and governments long after the pandemic. In our view, it is trust, not surveillance and control, that should lead the way forwards.
Digital contact tracing applications that can track and isolate the suspected cases are core solutions in the fight against Covid-19. South Korea’s and Singapore’s strategies, based on large testing and personal data-based applications, have worked as examples for other countries. In Europe, the UK, Finland, Germany and Austria and several other countries are also using or starting to use digital tools to manage the spread of the virus. Some, like the UK, have proceeded with a centralized version that collects contact data to a server and some with decentralized models such as the initiative by tech giants Apple and Google, where data is stored on individuals phones. China is using color-coded health-rating application, which tracks who is allowed to leave the house and Poland has an app that requires coronavirus patients to take selfies to prove they are indoors.
Government applications such as these have raised concerns about privacy and the fear of a dark future of techno-totalitarian state surveillance. With contact tracing pertaining to information at the very core of privacy – where we go, who we see and how our health is – the dystopian visions are right in raising the alarm: these steps are not to be taken lightly. Just as factories changed the way we interpret time, so too can this new watershed moment change the way we see privacy. The technological capabilities are there, but how will we delineate the boundaries between vital things such as public health and privacy in times of crises and – especially – beyond them?
The concerns about new technologies are not new. The Oxford Dictionary selected the term “techlash” as the word of the year in 2018. The term refers to a strong and widespread negative reaction to the growing power and influence of large technology companies. Will this heightened awareness of privacy and data extractivism be the surging leitmotif in our relationship to governments’ data use and collection as well? Or will we see a more benign attitude, underscored by an understanding of the necessity due to security or public health reasons?
For the latter, the gist is of course how far to go, with examples of the authoritarian surveillance state par excellence rearing its ugly ahead in China well before Covid-19. Authoritarian is also the word that popped up into the minds of many, when just last week in the wake of wide protests after the death of African American George Floyd, Minnesota Public Safety Commissioner John Harrington told that “contact tracing” will be used to investigate arrested protesters. Yet, as Evgeny Morozov argues in his Guardian column, tech-authoritarianism comes in many forms, and slipping into the “solutionism” of market-led, privately owned digital solutions for problems from pandemics to the climate crisis might not be a future any more rosy.
Trust and transparency as building blocks for the way forwards
Techlash and distrust is of course not the only possible outcome of the new deal of data, privacy and the public sector. Yes, Covid-19 related examples are a rather mixed bag, with authoritarian being the right word for some but at the same time, with many governments taking privacy seriously and, perhaps surprisingly, with experts giving the green light for the privacy-first approach taken by Google and Apple in their massive contact tracing push.
At the core of the not-so-ghastly approaches is decentralization, transparency and citizen empowerment – control to opt-in, be anonymous and know what the data one has chosen to supply is used for. The global MyData movement has for example kept an eye and lively discussion on how such principles are being held up by different tracing solutions.
Such principles are, of course, not merely related to the current crisis. One strand of technology development that follows a similar ethos within government is the forays into Distributed Ledger Technology (DLT).
DLT (of which perhaps the most known example is blockchain) is shorthand for a broad set of technologies and applications referring to a digital system for recording the transaction of assets in which the transactions and their details are recorded in multiple places at the same time. Unlike traditional centralized databases, distributed ledgers have no central data store or administration functionality. In distributed ledger systems, all transactions are written immutably and can be traced. Think many people constantly writing the same things down in their own notebooks, with no one able to erase or tamper with a line because you can always check from another notebook.
To give a couple of examples from the current crisis: DLT is used to both help quickly share verified information and detect outbreaks as well as share data without revealing personal information. In the MiPasa project, the WHO and various technology companies are working together to enable trusted sharing of coronavirus related data by individuals, state authorities and health agencies. In essence, this is a DLT-based global control and communication system for more precise early detection of COVID-19 carriers and infection hotspots, all whilst ensuring privacy. In Honduras, the government has been rolling out an application called Civitas that allows medical professionals to share confidential data, enabling patients to travel to hospitals by allowing the police to check on permission to travel – the police do not have access to the medical record itself but can verify the rights.
These are just examples, but both show that the underlying principles are something quite far from a centralized cache of data in the hands of a single actor (private or public) with opaque motives and an unsure (or at least unverifyable) policy on how the data is used. Not just for times of crises, but DLT can provide a new type of infrastructure enabling the transformation of public services, where different actors can create public value by sharing, interacting and collaborating with each other, boosting public engagement in developing public services through transparency and in general promoting openness.
What is encouraging, is that this is not new – transparent, privacy-ensuring and trust-fostering DLT-based public services are being tested and scaled, not only in corona related areas but for example the management of public accounts, digital democracy, last-mile logistics and public funding distribution. It is examples such as these that can show the way forward for not only public services, but the whole relationship of government, people and the use of data, well after the global pandemic has finally come to a halt.
Johannes Mikkonen, Demos Helsinki
Johannes Anttila, Demos Helsinki
Illustration by Centers for Disease Control and Preventio