How to (Carefully) Use Tech to Contain the Coronavirus

https://www.nytimes.com/2020/03/25/opinion/coronavirus-privacy-phone-data.html

Version 0 of 1.

Across the world, countries have ramped up technological efforts to contain the spread of the coronavirus. South Korea and Singapore have used cellphone location information to identify possible infections. Russia is using facial recognition to enforce quarantines. In China, a smartphone app is being used to assess people’s contagion risks. Israel has turned to a previously undisclosed database of location data to track infections.

The United States is also considering using personal data to help policymakers address the pandemic, and is working with tech companies including Google, Facebook, Clearview AI and Palantir to figure out what kinds of data and tools can be leveraged to aid public health.

Given the seriousness of the pandemic, we should use personal data to help us track coronavirus infections and alert people who are at risk. But it would be a grave mistake to throw all of our data at the problem without considering the potential long-term privacy risks. The United States has a chance to learn from the countries that have done this well, and those that have done it poorly, to ensure that the extraordinary measures we take during this pandemic do not have repercussions for privacy that last long after it ends.

Ideally, people’s location and health information would be shared with a trusted third party for these purposes on an opt-in basis. Many people — myself included — would permit our recent location history to be analyzed in exchange for both receiving and helping provide information about our risk level. And we might feel more comfortable if the analysis was done by a company that already had access to our location information, such as Google or our cellphone providers. For the most part, these companies don’t need our permission to analyze our location data, but an opt-in program or app might reassure people that their privacy preferences were being respected.

Most important, every effort should be made to respect the privacy and anonymity of infected individuals. If my location data shows I have been in close contact with someone infected, I don’t need to know that person’s age or gender or where I came into contact with him or her — I just need to know that I have an increased risk of infection.

We can learn from the mistakes of South Korea in this regard, where coronavirus alerts have included far too much unnecessary information about infected individuals’ characteristics and movements. That information may be useful in aggregate, but there is no need for it to be attached to individual reports of coronavirus cases.

We should also put into place restrictions on how location data will be used and mandate when it will be deleted. This will require limiting the analysis of personal data to individuals’ location data and coronavirus test results, anonymizing that data to the extent possible when it is shared with the public, limiting who has access to the raw data and securing those databases.

Understandably, many people fear that governments could use this access to advance other agendas besides stemming the spread of disease. So when these efforts lead to new uses of personal data by government agencies, it is essential that they include specific timelines for how long the data will be used or stored by those agencies and what exactly those agencies can do with that data.

Israel, for instance, has just approved emergency powers to track location data of infected individuals and ensure they are adhering to quarantines as well as alerting people they have come into contact with. The Israeli government has limited its use of that data (at least initially) to a 30-day period, which is a good first step, but has not made any guarantees about when, or if, that data will be deleted by health officials, or whether it could be employed for any other uses during that 30-day period.

There are also a few things we should be wary of.

No government should rely on facial recognition to enforce quarantines, track infected patients or for any other coronavirus-related measures. Facial recognition technology is still too unreliable to be used for public health purposes and it is unnecessarily invasive. The movements of infected individuals and their contacts can be tracked much more reliably through their cellphone location data — there’s no need to collect camera footage of their faces.

The United States government’s engagement with the facial recognition company Clearview AI on coronavirus tracking is especially worrisome in this regard. Before the pandemic, Clearview AI had drawn heavy criticism for scraping photographs from websites such as Facebook and YouTube and then selling their facial recognition tools to law enforcement agencies and individuals. The company’s product is still every bit as dangerous, invasive and unnecessary as it was before the spread of the coronavirus.

Also troubling are apps, like the Alipay Health Code that China is requiring its citizens to use, that make determinations of individuals’ risk levels based on an opaque algorithm that allows users no insight into what factors are being analyzed. Apps like Alipay Health Code, which issues color-coded QR codes that indicate risk level and dictate when quarantine is needed, undermine people’s privacy without giving them any useful information in return.

We can and should use people’s location data both to track the spread of the coronavirus and to alert people who have been in close contact with infected individuals. But just because there may be good public health reasons to share this data right now with researchers, health professionals or government agencies doesn’t mean we should do so without any regard for people’s privacy.

The Times is committed to publishing a diversity of letters to the editor. We’d like to hear what you think about this or any of our articles. Here are some tips. And here’s our email: letters@nytimes.com.

Follow The New York Times Opinion section on Facebook, Twitter (@NYTopinion) and Instagram.