|
COVID-19 AND PRIVACY
With at least $500M on the table, a scramble to propose and debate location tracking for the pandemic — then what?
The privacy landscape was dominated over the last week by many dozens of stories about an announced Google/Apple joint initiative to embed a form of tracking technology within the operating systems of both iPhones and Android devices. (see Privacy Beat, April 10.)
The news stories and blog reports added new details about how the system might work, and multiple reporters and activists raised privacy concerns. One of the privacy experts, a former Obama administration official, Ashkan Soltaini, noted one reason for all the attention — one of the COVID-19 economic-stimulus bills requires the Centers for Disease Control to suggest within 30 days to Congress at least $500 million worth of “data surveillance and analytics infrastructure modernization.”
One of the deepest-dive analyses and “how-it-works” descriptions of the proposal was published April 17 at Wired.com by senior writer Andy Greenberg who concluded: “The result is a complicated picture — a unproven system whose imperfections could drive users away from adopting it, or even result in unintended privacy violations.” But Greenberg continued: “And yet it may also preserve privacy in the most important ways, while also serving as a significant tool to help countries around the world prevent new outbreaks.”
COVID-19, GOOGLE AND APPLE
-
How Apple and Google are tackling one of the toughest parts about tracking COVID-19 exposures | Casey Newton, The Verge
-
Answering the 12 biggest questions about Apple and Google’s new coronavirus tracking project | Russell Brandom, The Verge
-
Apple, Google to terminate COVID-19 tracking tools once pandemic ends | Alfred Ng, CNET
-
Android phones will get the COVID-19 tracking updates via Google Play | Dieter Bohn, The Verge
-
Apple sends letter to senators in response to privacy concerns about its coronavirus app | Oliver Haslam, iMore
-
Apple responds to senators’ privacy fears over COVID-19 screening tools | Adi Robertson, The Verge
-
Government can’t force people to use tech Google and Apple created to trace coronavirus cases | Kif Leswing, CNBC
-
Privacy Safeguards in Apple-Google Platform Could Be Abused, Experts Say | Jeff Benson, Digital Privacy News
-
German tech startups say sovereignty of corona-tracking apps can’t be left to Google, Apple | Reuters, Daily Sabah
-
How Apple and Google will cure COVID-19 and how you can opt into it if you want to keep your job | Aral Balkan
-
Apple and Google Announced a Coronavirus Tracking System. How Worried Should We Be? | Jennifer Stisa Granick, ACLU
-
Apple and Google’s Coronavirus Feature Might Be an Offer You Can’t Refuse | Will Oremus, OneZero
PANDEMIC TRACKING
-
How Contact Tracing Works And How It Can Help Reopen The Country | Selena Simmons-Duffin, NPR
-
Coronavirus mobile tracking app may be mandatory if not enough people sign up, Scott Morrison says | SBS News
-
When Privacy Meets a Pandemic | Elizabeth Renieris, One Zero
-
We Saw NSO’s Covid-19 Software in Action, and Privacy Experts Are Worried | Lorenzo Franceschi-Bicchierai, Vice
-
Cellphone tracking could help stem the spread of coronavirus. Is privacy the price? | Kelly Servick, Science Mag
-
Automated contact tracing is not a coronavirus panacea | Jason Bay, Medium
-
Virus-era decisions: Way too many, and each with high stakes | Ted Anthony, Associated Press
-
How Digital Privacy Protection Can Become Compatible With COVID-19 Location Data Tracking | JET Law
-
Commission COVID-19 data sharing aims to be operational ‘as soon as possible’ | Samuel Stolton, Euractiv
-
CHR seeks careful handling of COVID-19 patients info | Llanasca Panti, GMA News
-
How Coronavirus Is Eroding Privacy | Liza Lin, Wall Street Journal
IDENTITY SURVEILLANCE
-
Privacy Cannot Be a Casualty of the Coronavirus | Editorial Board, The New York Times
-
Snowden Warns Governments Are Using Coronavirus to Build ‘the Architecture of Oppression’ | Trone Dowd, Vice
-
How Coronavirus Is Eroding Privacy | Liza Lin in Singapore and Timothy W. Martin, Wall Street Journal
-
Story: How the Singapore contract-tracing app works | Jon Evans, TechCrunch
-
I’ve read the plans to reopen the economy. They’re scary. | Ezra Klein, Vox
-
China rolls out software surveillance for the COVID-19 pandemic, alarming human rights advocates | Ali Dukakis, ABC News
-
After 9/11, we gave up privacy for security. Will we make the same trade-off after Covid-19? | Casey Ross, STAT
-
Surveillance Won’t Stop the Coronavirus | Petra Molnar and Diego Naranjo, New York Times
-
‘This could be abused.’ Privacy experts take cautious approach to Apple and Google’s coronavirus contact-tracing technology | Elisabeth Buchwald, MarketWatch
-
The tech ‘solutions’ for coronavirus take the surveillance state to the next level | Evgeny Morozov, The Guardian
-
Data PrivacyNews ·4 min read Civil Society Raises Alarm at COVID-19 Digital Surveillance | Byron Mühlberg, CPO Magazine
-
Balancing data privacy and tracking coronavirus via smartphones | Seattle Times
-
Pandemic Data-Sharing Puts New Pressure on Privacy Protections | Ben Brody and Naomi Nix, Bloomberg
-
Can Only Surveillance Can Save Us From Coronavirus? | Bruno Macaesg, Foreign Policy Magazine
-
We need mass surveillance to fight covid-19—but it doesn’t have to be creepy | Genevieve Bell, MIT Technology Review
-
Gov. recruited private engineers to analyze Colorado cellphone data during coronavirus crisis | David Migoya, Denver Post
-
2 Decades of Dubious Surveillance Will Make It Much Harder To Track COVID-19 Now | Scott Shackford, Reason
-
Coronavirus: Are we trading privacy for security? | EU Observer
-
Google tracked his bike ride past a burglarized home. That made him a suspect. | Jon Schuppe, NBC News
-
Whistleblower Edward Snowden warns governments are building tools of ‘oppression’ | Rob Waugh, Yahoo
-
Experian Is Tracking the People Most Likely to Get Screwed Over by Coronavirus | Shoshana Wodinsky, Gizmodo
-
Coronavirus: NHS contact tracing app to target 80% of smartphone users | Leo Kelion, BBC
-
NHS in standoff with Apple and Google over coronavirus tracing | Alex Hern, The Guardian
|
|
Does your organization need customized privacy compliance solutions? ITEGA can help.
|
|
We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.
|
|
|
PERSONAL PRIVACY
Could co-operatives check power of tech platforms over individual data? Panelists and MIT professor see somewhat similar visions
Why does the public have to be content with personal data being under the control of governments or investor-owned corporations? A new approach is suggested in a panel discussion — the “the platform co-operative.”
“We need platform co-ops now more than ever,” writes talk-show host Laura Flanders in a written introduction to an April 14 audio podcast featuring Stacco Trocoso, Micky Metts and Ela Kagel.
“We need to be the keepers of our own information,” says Kagel, rather than have it controlled by Facebook, Google or other technology platforms.
Since after World War II, progressive economists have been touting the Mondragan co-operatives in northern Spain — a group of successful companies owned by their workers. In the United States, agricultural co-operatives emerged in the 1930s. There are thousands of co-operatively owned banks and credit unions in the United States, and a growing world of co-operative food markets, owned by their customers. Why not a data co-operative?
The idea of a data service largely controlled by the consumers whose data it contains in an idea also advanced by Alexander “Sandy” Pentland, at MIT. Pentland, talking about data co-operatives, makes an analogy to the power of corporations in the 1800s and early 1900s that went largely unchecked. One response was the creation of labor unions — to assert collective rights. That lead to legislation.
It’s the same today, Pentland told an MIT gathering last year. Digital platforms have a lot of date about users and governments are concerned. A data co-operative that represents a lot of people could influence the platforms’ behavior, Pentland said, making it possible for the public to push back, on how data about them is used.
Another idea for affecting the control of platforms like Googe and Facebook over user data is advanced by emeritus Prof. Soshanna Zuboff of the Harvard Business School. She sees an opportunity for other companies to collaborate.
|
|
|
PRIVACY RESEARCH
Use of ‘differential privacy’ to adjust databases could prejudice minority rights, researchers say in new paper
Researchers at the University of Massachusetts and two other institutes are warning that a commonly used technology for shielding the privacy of individuals in massive databases may inadvertently be prejudicial to minority rights, the school reports.
The researchers, lead by Gerome Miklau at the University of Massachusetts-Amherst, focused their student on data gathered by the U.S. Census. The technology is called “differential privacy” and it refers to the practice of slightly scrambling data to make it harder to identify an individual it is associated with. Differential privacy is used by Apple Computer and others.
For example, a database including the ages of individuals might be adjusted so that ages are reported in ranges rather than a specific value. This is referred to as “noise,” by the researchers. It could be applied to other attributes, such as ethnic origin.
UMass reports that Miklau and colleagues found that introducing such noise “could lead to downstream decisions that would unfairly impact certain groups.” In one example, a community which has significantly higher Spanish-language representation than its immediate neighborhood communities could fail to qualify for a multiple-language ballot if its representation counts were partcially evened out with the communities around it.
Miklau and three doctoral-candiate researchers at UMass, Colgate University and Duke University presented a paper on the phenomenon at a conference in Barcelona earlier this year. It is entitled “Fair Decision Making Using privacy-Protected Data.”
OTHER RESEARCH
|
|
CCPA AND CALIFORNIA
Wesleyan computer scientist building “Do Not Sell” browser application in bid to follow CCPA; plans W3C and industry discussions and UX testing
A World Wide Web Consortium (W3C) study group is discussing a plan by Wesleyan University Prof. Sebastian Zimmeck to study and test how machine-enabled “Do-Not-Sell” instructions should be handled under the California Consumer Privacy Act (CCPA).
Zimmeck’s team has started building a web browser plug in that will create and send a “Do Not Sell My Data” signal automatically in an implementation of the CCPA.
The effort will produce a browser capability that is controversial. It is seen by privacy advocates as an obvious implementation of the CCPA — the idea that a consumer should be able to use technology to transmit a privacy preference automatically.
But virtually the entire U.S. advertising industry has told California’s attorney general they don’t think requiring the honoring of a “Do-Not-Sell” signal from a browser was intended by the Legislature nor would requiring it, they say, even be constitutional. Zimmeck acknowledgements the disagreements, but feels that, as a neutral party with no economic skin the game, his work can be a platform for discussion.
“What we will be doing going forward is usability studies of the different approaches that exist,” Zimmeck said in a chat with Privacy Beat. “We’ll take our own implementation and the DAA (Digital Advertising Alliance) and the IAB (Tech Lab) solutions and see how companies react and what users think.”
Zimmeck says he’s optimistic that by prototyping the DNS signaling, and discussing it within the World Wide Web Consortium (W3C) and among industry groups “we can find a solution in the end.” The first implementations will be for the Chrome and Firefox browsers.
EU AND THE WORD
-
ANALYSIS: Implications of Polish court overturning DPA’s first GDPR fine | Joanna Tomaszewska, IAPP.org
-
GDPR Do-Over: Thousands of Breaches, Millions in Fines Point to More Work Ahead | Tomas Honzak, CPO Magazine
-
The European Commission is Set To Review the GDPR | Emma Yaltaghian, National Law Review
-
How Europe Is Bumping Against Privacy Laws in Coronavirus Battle | Bloomberg Law
-
Europe Debates COVID-19 Contact Tracing That Respects Privacy | Benjamin Powers, CoinDesk
-
The ICO’s regulatory approach during the coronavirus public health emergency | ICO
-
Google consolidated market share after European privacy law: paper | Audrey Conklin, Fox Business
-
More Than 200 GDPR Fines Issued Totaling €144 Million, New Study by Privacy Affairs Finds | MarTech Series
-
BA and Marriott get GDPR fine reprieve | Alex Scroxton, Computer Weekly
-
Irish DPC seeks EU findings on Zoom’s privacy flaws | Sean Pollock, Irish Independent
-
How India’s loose data privacy laws open the door to hackers | unsigned, Deutsche Welle
-
White Paper – 2020 Global Legislative Predictions | IAPP
PRIVACY POLITICS
VIRTUAL EVENTS
PRIVACY LAW AND BUSINESS
ADVERTISING TECHNOLOGY
|
|
QUOTE OF THE WEEK
Lead engineer for Singapore’s mobile-phone contract tracing system is hubris and ‘technology triumphalism’
“If you ask me whether any Bluetooth contact tracing system deployed or under development, anywhere in the world, is ready to replace manual contact tracing, I will say without qualification that the answer is, No. Not now and, even with the benefit of AI/ML and — God forbid — blockchain 😂 (throw whatever buzzword you want), not for the foreseeable future.
There are critical factors (like ventilation — see below; update: or singing!) that a purely automated system will not have access to. You cannot “big data” your way out of a “no data” situation. Period. Any attempt to believe otherwise, is an exercise in hubris, and technology triumphalism. There are lives at stake. False positives and false negatives have real-life (and death) consequences. We use TraceTogether to supplement contact tracing — not replace it.”
– Jason Bay, product lead for TraceTogether, writing April 10 at Singapore’s Government Digital Services blog, “Automatic contact tracing is not a coronavirus panacea.“ |
|
ABOUT PRIVACY BEAT
Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker. Submit links and ideas for coverage to newsletter@itega.org.
|
|
|
|
|
|