Version of 12 May 2021
General Context
Technological means for assisting with contact tracing and the containment of COVID19 have been heavily promoted and mandated throughout Australia. Many of these measures utilise the data collection and analysis potential of mobile phones, and represent forms of surveillance that would be unacceptable under other circumstances.
Given the protracted nature of the COVID19 pandemic and the plausibility of further pandemics occurring in the future, we assert the need for a concrete framework for assessing and regulating government policy in this area, with the overarching goal of upholding privacy and civil rights.
One of the core concerns with the implementation of novel surveillance regimes in times of exception is that, in many cases, governments are reluctant to dismantle systems of surveillance enacted during the crisis, seeking to justify their continued access to surveillance data after the immediate public health threats have subsided.
Acknowledging the substantial risk for data breaches, third party abuse and second party purpose creep (for example, where personal data is used for purposes unrelated to the public health response), any surveillance programmes enacted as part of the pandemic response must be independently justifiable, and subject to rigorous standards of transparency and accountability.
Three Categories of COVID19 Surveillance
In Australia, we identity three principal categories of relevance with respect to COVID19 surveillance policies: ‘Proximity Tracking’, ‘Attendance Tracking’ and ‘Entitlements’.
(1) ‘Proximity Tracking’
The COVIDSafe app was proposed in 2020 as an aid to contact tracing. The app draws on Bluetooth signals to create records of ‘contact events’ between devices which a) have the app downloaded, b) have Bluetooth activated, and c) are within Bluetooth range.
There was a brief but robust public debate around the app’s implications for privacy during the couple of weeks from its release until legislation was enacted. Given that use of the app has been entirely voluntary, significant but deficient efforts were made by the government to assuage privacy concerns and promote the kind of trust required for a significant participation rate.
Despite continuing problems with transparency, accountability and data security, the COVIDSafe experiment was extraordinary in stimulating a broad public discussion around data privacy and bringing about an addition to Australia’s 1988 Privacy Act: the COVIDSafe Act (Part VIII Privacy Act 1088).
(2) ‘Attendance Tracking’
Unlike the COVIDSafe app, QR ‘check-in’ codes have effectively become mandatory for Australians, owing to their enforcement in most venues and indoor spaces. Despite carrying greater potential risks of privacy violations from both state and non-state actors, QR systems been introduced with far fewer protections and assurances than those that accompanied the COVIDSafe app.
(3) ‘Entitlements’
Recent changes made to the Australian Immunisation Register Act, along with the expected rollout of an app-based ‘vaccine passport’ raise important ethical concerns around the privacy of personal health information, the rights of individuals in the face of discrimination on the basis of health information, and the potential for digital identification systems to become a perennial means of controlling and managing individuals within and across borders – with some similarities to China’s ‘social credit’ system (Birtles 2019).
General Principles
To protect against the various threats to privacy and civil liberties that these policies and programs might entail, we propose a set of general principles to guide policy and decision-making in this area.
- The use of surveillance technologies to manage the COVID19 pandemic often runs contrary to the protection of privacy and civil liberties.
- Health, location and behavioural data are inherently sensitive.
- The need for digital surveillance tools to manage COVID19 cannot be assumed.
- IT surveillance policies must be problem-oriented rather than tool-oriented.
- Pandemic management policies should aim for privacy by design.
- COVID19 surveillance regimes must be subject to regular, independent evaluation.
- The scope of the COVIDsafe act should be expanded to cover all current and future pandemic surveillance policies.
- The benefit of surveillance programmes must outweigh individual privacy and security threats.
General Principles (Extended)
- The use of surveillance technologies to manage the COVID19 pandemic often runs contrary to the protection of privacy and civil liberties.
- A ratcheting-up of government-on-population surveillance should not be taken lightly. While governments may be tempted to ‘throw the kitchen sink’ at a problem in the midst of an acute crisis, this approach is not defensible in Australia.
- Health, location and behavioural data are inherently sensitive.
- The categories of data targeted by COVID19 surveillance programmes carry specific and serious risks for various vulnerable groups, with harms associated with potential data breaches, discrimination, and access by government and law enforcement for purposes unrelated to public health.
- Likewise, the collection and use of these data classes impacts on everyone’s privacy by restricting our ability to control the information that circulates about ourselves.
- The need for digital surveillance tools to manage COVID19 cannot be assumed.
- Some investments in IT surveillance solutions have not only presented limitations and risks for privacy and civil rights, but have delivered minimal returns relative to resources expended.
- In the case of contact tracing, for example, manual methods have proven far more effective than the much-hyped digital solution of ‘proximity tracking’ through the COVIDSafe app.
- Likewise, it is uncertain how useful vaccination passports will be in facilitating travel and other activities. Emerging evidence has shown that while vaccines are effective in lowering the risk of severe illness, they may not reliably stop individuals from spreading the virus itself. This concern is particularly relevant in the context of new and emerging variants of the virus.
- IT surveillance policies must be problem-oriented rather than tool-oriented.
- In their preoccupation with the functionality and promise of digital solutions, policymakers often neglect to analyse the context and specifics of the problem that is being targeted.
- To prove their worth, IT surveillance measures must not only boast impressive functionality, but be strategically targeted to a specific problem area in which less invasive means have, or are very likely to prove ineffective.
- Pandemic management policies should aim for privacy by design.
- The QR code ‘attendance tracking’ systems implemented in the UK and New Zealand might provide best practice examples of how this might be achieved, if evidence is available that they are also effective in contact tracing. In both cases, governments opted for an entirely de-centralised system where data is stored only on individuals’ communication devices, creating a ‘digital diary’ that contact tracers can access directly in the event of an infection.
- Without a centralised database, there is little to no temptation for governments to use data for unrelated purposes, and minimal risk of data breaches by private actors.
- Systems constructed with privacy in mind have the benefit of requiring far fewer protections, safeguards and risk management protocols.
- While it may be too late to adopt this approach for Australia’s already implemented ‘proximity tracking’ and ‘attendance tracking’ programmes, this should be a core priority of future pandemic-management policy, if evidence becomes available that these approaches.
- COVID19 surveillance regimes must be subject to regular, independent evaluation.
- Independent assessments should be legally mandated and carried out by scientific, privacy and health experts.
- Experts must be given sufficient access to information, and legislators legally required to disclose any findings or professional advice to the public.
- Preliminary assessments should be made public well before any new legislation is put to parliament, allowing for a timely debate and consideration from the public.
- If the benefit of a given measure is found to be minimal and does not clearly outweigh the impact on privacy and civil liberties, it should be discontinued.
- All ongoing policies that limit privacy or civil rights must be subject to regular independent assessments to determine both whether the measure has been effective, and continues to satisfy the principles of necessity and proportionality considered against the risks to privacy and civil rights.
- The scope of the COVIDsafe act should be expanded to cover all current and future pandemic surveillance policies.
- In the absence of constitutional privacy rights or a strict requirement to adhere to the international treaty obligations, Australian states and territories require a legal regime to ensure that all surveillance policies proposed to manage COVID19 are subject to a consistent set of conditions and parameters.
- With small amendments, the COVIDsafe act (or equivalent State or Territory acts) could be adapted to perform this function. The objective is to create a set of legal conditions, protections and safeguards to which all current and future surveillance programmes must accord.
- The benefit of surveillance programmes must outweigh individual privacy and security threats.
- The potential benefits of any new or ongoing surveillance regime for pandemic management must be carefully considered and weighed against the risks and harms to privacy and civil rights.
- Evaluations of benefit should be made by independent scientific and health experts rather than government ministers.
References
Bill Birtles, ‘China Uses Social Credit Surveillance System to Ban Millions from Buying Plane and Train Tickets’, ABC News, 23 February 2019