Privacy breaches add insult to Covid-19 injury
Too many data points and not enough oversight suggests the damage inflicted by the response to the pandemic will stick around even after the disease is eradicated
The Internet is full of hope for 2021 and the end of what some have considered possibly the worst year for humanity in recorded history.
But 2021 may not be that better, if the vaccines don't work as effectively as promised, or if various governments can't competently roll out the various vaccines as per their timetables. The United States, for example, fell substantially behind its vaccine goals for 2020.
And it may even be worse when it comes to data privacy.
That vaccine rollout, regardless of whether it's botched or not, could bring with it a new privacy-related data-point to track. In Los Angeles, for example, the city is providing a digital smartphone receipt to those who receive a Covid-19 vaccine that could ultimately morph into some sort of vaccine/immunity passport. Such a system could be potentially required to show proof of immunity for airline access, shopping, or dining opportunities, creating a short-term (or possibly longer) class divide between the protected and unprotected. With numerous startups and established multinationals working on the problem of how to optimally create an immunity passport, we will likely see some form of a 'digital yellow card' in the coming months.
Whether that passport will also discriminate based on the source of the vaccine, such as from the U.S., UK, China, Russia, or Iran, will further create division based on nationalities and class. Once we begin using immunity passports for Covid-19, one can only imagine what other vaccinations or health-related data might be rolled into the platform.
Another Covid-19 related data point that is increasingly tracked is the proximity between potential virus carriers to be used in things like contact tracing. Sports leagues like the U.S. National Football League and more recently, the National Basketball Association are requiring their players, coaches, and staff to wear stand-alone contact-tracing devices throughout the day. While the devices do not record actual location data, they do record all the contact between each individual and the duration of each of those contacts throughout their day.
In another emerging attack on our data privacy, unrelated to Covid-19, there has been an increasing appreciation for the private data housed in our cars and other internet of things (IoT) devices. A recent criminal case involved the Kalamazoo Michigan Sheriff's department extracting voice information from the hands-free entertainment system on the car radio to solve a cold-case. It turns out that simply registering your phone with your vehicle could transmit a lot of private information that doesn't benefit from the strong encryption and privacy protections standard on most of today's smartphones.
And cars are not the only vehicles experiencing a crisis in privacy. The U.S. Federal Aviation Administration (FAA), just announced its program to create a digital license plate for most drones. This system of remote identifiable information will require all pilots of drones, including recreational toys, to both broadcast the identifying information and location of the drone and also the location of the drone operator, to the relevant authorities. Fortunately, this new concern will be unlikely to fully come into force until 2022 or 2023.
There are some silver linings though. 2021 will ultimately usher in a world where we are on the way to 65% of us have some form of data privacy protection regulation by 2023. This is a significant rise from the only 10% of the population in 2020 that benefited from data privacy regulations.
However, one Covid-related drastic change that was likely unappreciated by much of this privacy legislation was the mass transition to remote work. Large corporations are increasingly realizing that working from home worked in 2020 and they stand to benefit greatly from reducing their office-space costs in 2021 and possibly beyond by allowing workers to work from home permanently. Unfortunately, working from home on less secure infrastructure like home wifi networks, desktops, tablets, and phones could create gaping privacy holes for many databases housing private information.
But the news isn’t all bad for data privacy on tablets and phones. Apple announced in June that it is aiming to roll out an application tracking transparency (ATT) program designed to notify iPhone and iPad users when one of the user's applications collects information to share with third parties. It is also supposed to provide those users with some control over the amount of data that their phone will collect about them. These changes have expectedly upset many in the advertising world that particularly benefit from the ability to personalize advertising particularly Facebook. While the announcement happened in the summer, the emerging animosity between Facebook and Apple has only recently begun to play out in public.
Responding to this recent media onslaught by Facebook, Tim Cook, Apple's CEO, responded that they have not taken away any of the tools that advertisers use, rather it is just that users will have to grant permission for advertisers to use them, effectively pulling away the curtain on the huge of amounts of data that are hoovered off of our smart devices.
We believe users should have the choice over the data that is being collected about them and how it’s used. Facebook can continue to track users across apps and websites as before, App Tracking Transparency in iOS 14 will just require that they ask for your permission first. pic.twitter.com/UnnAONZ61I— Tim Cook (@tim_cook) December 17, 2020
But some of those ads might be provided targeted help to the potentially increasing amount of citizens suffering from mental health-related concerns. With all of the unemployment, frustration, and other pent up emotions from the past year, it is expected that there will be an increase in mental health issues across all demographics. To this end, Facebook will provide another datamining opportunity for mental health professionals to mine through user data on the hunt for signs of emerging mental illness, perhaps even suggesting that users reach out for help. In a paper released at the end of 2020, New York-based researchers were able to use machine learning algorithms to predict the diagnosis of mental illness a year in advance of the ultimate hospitalization for the illness. Facebook is notably not the only source of this information, we can expect all areas of social media to be increasingly mined for telltale signs of mental health concerns.
In a final send-off to 2020, it was disclosed that a famous actor who unfortunately suffered from mental health issues later in life, was able to maintain his privacy even in the afterlife. James Doohan, who played Scotty in the original 1960's Star Trek television series, successfully had his ashes concealed under the floor of the International Space Station in 2008 by space tourist Richard Garriott. This private data dating back 12 years was finally disclosed in December, ending more than a decade of rare privacy for such a momentous mission.
Dov Greenbaum is a director at the Zvi Meitar Institute for Legal Implications of Emerging Technologies, at Israeli academic institute IDC Herzliya.