Key Indicators — Who will control your personal data?
Governments and private organisations have been taking never-before-seen measures to track and contain the spread of the novel coronavirus. Data plays a massive part in this; everything from the widely discussed contact-tracing apps to the management of hospital resources is being meticulously tracked in an effort to combat this virus.
There is no doubt that reliable, up-to-date information is critical to our ability to solve complex, time-sensitive challenges. However, the proliferation of technology-enabled ways to track us, our movement and our behaviour leaves us with some questions. Who actually owns our data? How much individual freedom are we trading for healthcare security? Is this level of surveillance here to last?
The future of Personal Data
Rather than just thinking about all this by ourselves, we asked you guys to give us a hand.
As part of the speculative study we designed to launch Transformative Times, we place people in 2021, inviting them to think about how society has been adapting over the past months. The use of Personal Data for public good and private gain has been becoming more and more ubiquitous and we are curious to find out how you think this might evolve as a result of the pandemic. Looking at the answers so far, it seems that we are divided: 43% of participants think data will be open and 48% private. These results are by no means conclusive but, as mentioned above, the purpose of this series is to dive a little deeper into each sub-topic, exploring what is happening today to try and find some clues as to what might happen in the near future.
The study is still open, so if you haven’t taken part already, you can do so here.
So, what out there gives us some clues?
One of the advantages we (in the West) have had over the past couple of months is the strange ability to glimpse into the future. We have been able to look towards our friends in the East, judge their approaches to the pandemic and adjust ours accordingly. Or at least that’s the theory. I remember, at the beginning of all of this, questioning how the narrative of personal freedom vs public health would play out in America compared to how it was in China. It’s long been known that our culture shapes the way we understand the world, with (in general) Western culture being considerably more individualistic, and I was curious to know what this could mean in the face of a global pandemic.
Things started to become a little clearer when we saw the way South Korea managed COVID-19. Their strategy actually started back in 2015 after they suffered the worst MERS outbreak outside the Middle East and, in response, set up a series of clear-cut policy measures to protect themselves against future epidemics. Including legislation that allows the Korean Centre for Disease Control and Prevention to use private data from 28 companies (including smartphone location and credit card information) to accurately track any contact citizens may have had with infected individuals. This legislation has clear upsides when it comes to navigating a crisis such as this: South Korea went from the second-most affected country to the 57th (at time of writing). That being said, these measures bring up some serious questions about data privacy and individual freedom.
The level of control exercised in South Korea is something we might be surprised to see in the global West. However, at a Downing Street press conference, Professor Angela McLean — deputy chief scientific advisor to the UK — stated that South Korea was a ‘fine example’ and that the UK should try to emulate their approach. The first steps along this path appeared to have been taken, with the UK initially rejecting Google & Apple’s database-free strategy in favour of a centralised contact tracing app. This approach would have allowed for region-specific information to be gathered, helping the country tailor its response to where it was needed most. NHSX (the digital unit that works across the NHS and the Department of Health) maintained that this data wouldn’t have been shared with other government agencies or private companies and would be deleted after the pandemic. While I believed this to be true, it presented another issue; if the barrier to mass-surveillance isn’t technological, it becomes only a matter of policy. And in that case, I am left with a simple question: do we want this kind of power to exist in today’s impulsive, divisive political climate? It seems we don’t have to answer this question just yet, with the BBC reporting today that in a ‘major U-turn’ the UK will adopt the Google-Apple model.
Speaking of this unusual partnership, Google and Apple find themselves in a powerful position; because they control the operating systems for all Android devices and iPhones worldwide, they control distribution. Remember back in 2014 when all iPhones automatically downloaded that U2 album? That sense of frustration at not being able to delete it? I imagine policymakers worldwide are experiencing a similar thing, though we could argue there is a little more at stake here. The partnership is certainly flexing its muscles, often pushing back against proposals from elected officials, they are setting the conditions for the use of their technologies. While the purpose of these efforts is admirable — to make malicious use of these systems incredibly difficult — the idea that we should trust Big Tech over government institutions scares me. After years of demanding better, more secure treatment of our data from these kinds of companies, turning to them now as gatekeepers of privacy seems a little ironic.
That isn’t to say that the other end of the spectrum is any less frightening. It was reported last week that Singapore is developing a wearable contact-tracing device which may be sent to all citizens. While this combats the compatibility issues experienced by a lot of government-led tracing efforts, it takes our conversation about privacy to the next level. Last year, a study by Comparitech ranked Singapore as the 11th most surveilled city in the world (and the 3rd outside of China), this could be the first step towards significantly limiting the individual freedoms of Singaporean citizens based purely on data. A Change.org petition against these devices (which has over 50,000 signatures) states:
“All that is stopping the Singapore Government from becoming a surveillance state is the advent and mandating the compulsory usage of such a wearable device… We — as free, independent, and lawful members of the public of Singapore — condemn the device’s implementation as blatant infringements upon our rights to privacy, personal space, and freedom of movement.”
This leads us back to one of the questions posed at the beginning of this article, how much freedom are we willing to give up for healthcare security? When discussing Singapore’s earlier attempt at contact tracing, Christopher Gee — senior research fellow at Singapore’s Institute of Policy Studies — stated that Singaporeans would “implicitly understand the idea that personal liberties and rights would have to be subordinated in the public interest”. But how far might the concept of public interest be stretched?
Imagine a world where a comparable initiative was launched in the United States. The implicit control that the government would have through something like this, coupled with nonsensical measures like Antifa being designated a terrorist organisation, has the potential to stop social justice movements before they even begin; perpetuating the systems of inequality and antiquated power structures that have been brought back into the limelight during the Black Lives Matter movement. Jamie Susskind explores the concept of power and how it is amplified through technology in his incredible book, Future Politics, which I would strongly recommend to anyone that wants to go deeper into this topic.
During our insightful interview, Andrea Bauer stated, “Digital systems need to be carefully set up because they can give governments enormous power over citizens”. If this virus is around for the mid-long term, this could be a perfect opportunity for blockchain technologies to be put to use. A decentralised, digitally-sovereign solution could find the delicate balance between safety and control. But, as discussed in our conversation, by placing too much trust in digital systems to govern our lives, we risk corrupting the very concept of trust as a social contract.
One thing should be made clear, the point of contact tracing is to accurately track real people’s movements and interactions in order to limit the spread of a disease or virus. Privacy is nothing more than a design constraint. So, the question doesn’t lie in the effectiveness of measures such as these, but in the way that they are designed. In the current climate of disinformation, political manipulation and the weaponisation of data, how can we be certain that the systems we design for public good today aren’t exploited tomorrow?
Public vs Private?
It seems that there are two distinct approaches here, (1) state-run & centralised and (2) private & decentralised. While the goal of both is clear — to track and slow down the spread of COVID-19 — I am concerned about what might come as a result of either.
With the former (as with any mechanism of mass-control), there is always a fear of bad-actors using it to infringe on the rights, freedoms or opportunities of a given group of individuals. In the short-term, it is an issue of coercion; perhaps taking the form of discouraging voter participation in a given area by spreading false claims of a spike in infection rates. Longer-term, if these measures were to continue, it may become an issue of force, with freedoms only being granted to individuals if they meet certain criteria. This is what I think Tim Cook meant when he referred to privacy as a fundamental human right.
But where do we turn when we think about privacy? If we have learned anything from the past few years, probably not to technology companies. With these private approaches, there is a danger that the goal of stopping the coronavirus is secondary, with shareholder value as the ever-present primary concern. This moment, then, may just be a glorified positioning statement, cementing Big Tech as indispensable to our lives and ‘too big to fail’. We are already seeing the beginning of this with Jeff Bezos’ bid to vaccinate Amazon’s supply chain. I’ll leave it to Kara Swisher & Scott Galloway to think on how this may impact us in the mid-long term but if something can be exploited for financial gain, history tells us that it will be.
Does the answer, then, lie in the combination of these two approaches? The World Economic Forum points to a data marketplace model where individuals could opt-in and provide anonymised data for free to accelerate efforts in areas of their choosing (fighting a pandemic, for example). If private organisations want to use data commercially, they would need to be certified — similar to the App Store model — and then “owners (or data trusts acting on behalf of the owners) can opt-in explicitly, and get paid”. This way, data would become a commodity and can be managed with the help of blockchain-enabled smart contracts ensuring anonymity and that the data cannot be used for anything other than the previously agreed upon purpose(s).
While this may seem a little far off, it is these kinds of public-private partnerships that will enable the kind of innovation that I dream about. Innovation that exists to serve all stakeholders, not just a precious few. By using the efficiency and know-how of the private sector, and the stability and accountability of the public, we might just get somewhere.
