Tag Archives: privacy

New paper: Civil liberties or public health, or civil liberties and public health?

A new paper by Rob Kitchin has been published in Space and Polity examining the implications to civil liberties of using surveillance technologies to tackle the spread of COVID-19.

Civil liberties or public health, or civil liberties and public health? Using surveillance technologies to tackle the spread of COVID-19

PDF of paper

Abstract

To help tackle the spread of COVID-19 a range of surveillance technologies – smartphone apps, facial recognition and thermal cameras, biometric wearables, smart helmets, drones, and predictive analytics – have been rapidly developed and deployed. Used for contact tracing, quarantine enforcement, travel permission, social distancing/movement monitoring, and symptom tracking, their rushed rollout has been justified by the argument that they are vital to suppressing the virus, and civil liberties have to be sacrificed for public health. I challenge these contentions, questioning the technical and practical efficacy of surveillance technologies, and examining their implications for civil liberties, governmentality, surveillance capitalism, and public health.

Keywords: coronavirus; COVID-19; surveillance; civil liberties; governmentality; citizenship; contact tracing; quarantine; movement; technological solutionism; spatial sorting; social sorting; privacy; control creep; data minimization; surveillance capitalism; ethics; data justice.

 

Will CovidTracker Ireland work?

The coronavirus pandemic has posed enormous challenges for governments seeking to delay, contain and mitigate its effects. Along with measures within health services, a range of disruptive public health tactics have been adopted to try and limit the spread of the virus and flatten the curve, including social distancing, self-isolation, forbidding social gatherings, limiting travel, enforced quarantining, and lockdowns. Across a number of countries these measures are being supplemented by a range of digital technologies designed to improve their efficiency and effectiveness by harnessing fine-grained, real-time big data. In general, the technologies being developed and rolled-out fall into four types: contact tracing, quarantine enforcement/movement permission, pattern and flow modelling, and symptom tracking. The Irish government is pursuing two of these – contact tracing and symptom tracking – merged into a single app ‘CovidTracker Ireland’. In this short essay, I outline what is known about the Irish approach to developing this app and assess whether it will work effectively in practice.

CovidTracker Ireland

On March 29th 2020 the Health Services Executive (HSE) announced that it hoped to launch a Covid-19 contact tracing app within a matter of days. Few details were given about the proposed app functionality or architecture, other than it would mimic other tracing apps, such as Singapore’s TraceTogether, using Bluetooth connections to record proximate devices and thus possible contacts, together with additional features for reporting well-being. The HSE made it clear that it would be an opt-in rather than compulsory initiative, that the app would respect privacy and GDPR, being produced in consultation with the Data Protection Commission, and it would be time-limited to the coronavirus response. It was not stated who would develop the app beyond it being described as a ‘cross-government’ effort.

On April 10th, the HSE revealed more details through a response to questions from Broadsheet.ie, stating that the now named CovidTracker Ireland App will:

  • “help the health service with its efforts in contact tracing for people who are confirmed cases;
  • allow a user to record how well they are feeling, or track their symptoms every day;
  • provide links to advice if the user has symptoms or is feeling unwell;
  • give the user up-to-date information about the virus in Ireland.”

Further, they reiterated that the app ‘will be designed in a way that maximises privacy as well as maximising value for public health. Privacy-by-design is a core principle underpinning the design of the CovidTracker Ireland App – which will operate on a voluntary and fully opt-in basis.’ There was no mention of the approach being taken; however the use of the HSE logo on the PEPP-PT (Pan-European Privacy-Preserving Proximity Tracing) website indicates that it has adopted that architecture, an initiative that claims seven countries are using their approach, with reportedly another 40 countries involved in discussions.

As of April 22nd the CovidTracker Ireland app is under development, with HSE stating on April 17th that it was being tested with a target of launching by early May when it is planned that some government restrictions will be lifted.

Critique and concerns

From the date it was announcement concerns have been expressed about the CovidTracker Ireland, particularly by representatives of Digital Rights Ireland and the Irish Council for Civil Liberties. A key issue has been the lack of transparency and openness in the approach being taken. An app will simply be launched for use without any published details of the approach and architecture being adopted, consultation with stakeholders, piloting by members of the public, and external feedback and assessment.

There are concerns that a centralized, rather than decentralized approach will be taken, and there is no indication that the underlying code will be open for scrutiny, if not by the public, at least by experts. It is not clear if the app is being developed in-house, or if it has been contracted out to a third-party developer and if the associated contract includes clauses concerning data ownership, re-use and sale, and intellectual property. There are no details about where data will be stored, who will have access to it, how will it be distributed, or how it be acted upon. There is unease as to whether the app will be fully compliant with GDPR and fully protect privacy, especially given that a Data Protection Impact Assessment (DPIA), which is legally required before launch, has seemingly not yet been undertaken. Such a DPIA would allow independent experts to be able to assess, validate and provide feedback and advice.

Critics are also concerned that CovidTracker Ireland merges the tasks of contact tracing and symptom tracking which have been pursued separately in other jurisdictions. Here, two sets of personal information are being tied together: proximate contacts and health measures. This poses a larger potential privacy problem if they are not adequately protected. Moreover, critics are worried that CovidTracker Ireland might become a ‘super app’, which extends its original ambition and goals. Here, the app might enable control creep, wherein it starts to be employed beyond its intended uses such as quarantine enforcement/movement permission. For example, Antoin O’Lachtnain of Digital Rights Ireland has speculated that we might eventually end up with an app to monitor covid-19 status that is “mandatory but not compulsory for people who deal with the public or work in a shared space.”

As Simon McGarr argues, the failure to adequately engage with these critiques and to be open and transparent means that “the launch of the app will inevitably be marred by immediately being the subject of questions and misinformation that could have been avoided by simply overcoming the State’s institutional impulse for secrecy.”

Internationally, there is scepticism concerning the method being used for app-based contact tracing and whether the critical conditions needed for successful deployment exist. Bluetooth does not have sufficient resolution to determine two metres or less proximity and using a timeframe to denote significant encounters potentially excludes fleeting, but meaningful contacts. There are also concerns with respect to representativeness (for example, 28% of people do not own a smartphone in Ireland), data quality, reliability, duping and spoofing, and rule-sets and parameters. The technical limitations are likely to lead to sizeable gaps and a large number of false positives that might produce an unmanageable signal-to-noise ratio, leading to unnecessary self-isolation measures and potentially overloading the testing system.

There is a concern that app-based contact tracing is being rushed to mass roll-out without it being demonstrated that it is fit-for-purpose. Moreover, the app will only be effective in practice if: there is a program of extensive testing to confirm that a person has the virus and if tracing is required; and 60% of the population participate to ensure reach across those who have been in close contact (c.80% of smartphone users). The symptom tracking relies on self-reporting, which lacks rigour and, as testing has shown, a large proportion of the population who were tested because they were experiencing symptoms returned negative. This is likely to lead to a large number of false positives and it is doubtful that these data should guide contact tracing.

At present, while Ireland is ramping up its testing capability towards 100,000 tests a week, it might need to increase that further. The Edmond J. Safra Center for Ethics at Harvard University suggest that in the United States: “We need to deliver 5 million tests per day by early June to deliver a safe social reopening. This number will need to increase over time (ideally by late July) to 20 million a day to fully remobilize the economy. We acknowledge that even this number may not be high enough to protect public health.” The equivalent rate for Ireland would be 300,000 tests per day. In Singapore, only 12% of people have registered to use the TraceTogether app, which raises doubts as to whether 60% of the population in Ireland will participate, especially since the public are primed to be sceptical given media coverage about the app have raised issues of privacy, data security and data usage.

Will CovidTracker Ireland work and what needs to happen?

There is unanimous agreement that contact tracing is a cornerstone measure for tackling pandemics. Assuming that the privacy and data protection issues can be adequately dealt with it, it would be good to think that CovidTracker Ireland will make a difference to containing the coronavirus and stopping any additional waves of infection.

However, there are reasons to doubt that app-based contact tracing and symptom tracking will make the kind of impact hoped for unless:

  • its technical approach is sound and civil liberties protected;
  • there is testing at sufficient scale that potential cases, including false ones, are dealt with quickly;
  • the government can persuade people to participate in large numbers.

The government might also have to supply smartphones to those that do not own them, as they did in Taiwan. Persuading people to participate will especially be a challenge since the government is not being sufficiently transparent at present in explaining the approach being taken, the app’s intended technical specification, how it will operate in practice, its procedures for oversight, and how it will protect civil liberties.

It is essential that the government follow the guidance of the European Data Protection Board that recommends that strong measures are put in place to protect privacy, data minimization is practised, the source code is published and regularly reviewed, there is clear oversight and accountability, and there is purpose limitation that stops control creep.

If implemented poorly, the app could have a profound chilling effect on public trust and public health measures that might be counterproductive. As a consequence, the Ada Lovelace Institute, a leading UK centre for artificial intelligence research, is advising governments to be cautious, ethical and transparent in their use of app-based contact tracing. Ireland might do well to heed their advice.

Rob Kitchin

Using digital technologies to tackle the spread of the coronavirus: Panacea or folly?

Update: a revised version of this working paper has now been published as open access in Space and Polity.

A new paper by Rob Kitchin (Programmable City Working Paper 44) examines whether digital technologies will be effective in tackling the spread of the coronavirus, considers their potential negative costs vis-a-vis civil liberties, citizenship, and surveillance capitalism (see table below), and details what needs to happen.

PDF of working paper          (PDF of revised version in Space and Polity)

Using digital technologies to tackle the spread of the coronavirus: Panacea or folly?

Abstract
Digital technology solutions for contact tracing, quarantine enforcement (digital fences) and movement permission (digital leashes), and social distancing/movement monitoring have been proposed and rolled-out to aid the containment and delay phases of the coronavirus and mitigate against second and third waves of infections. In this essay, I examine numerous examples of deployed and planned technology solutions from around the world, assess their technical and practical feasibility and potential to make an impact, and explore the dangers of tech-led approaches vis-a-vis civil liberties, citizenship, and surveillance capitalism. I make the case that the proffered solutions for contact tracing and quarantining and movement permissions are unlikely to be effective and pose a number of troubling consequences, wherein the supposed benefits will not outweigh potential negative costs. If these concerns are to be ignored and the technologies deployed, I argue that they need to be accompanied by mass testing and certification, and require careful and transparent use for public health only, utilizing a privacy-by-design approach with an expiration date, proper oversight, due processes, and data minimization that forbids data sharing, repurposing and monetization.

Keywords: coronavirus; COVID-19; surveillance; governmentality; citizenship; civil liberties; contact tracing; quarantine; movement; technological solutionism; spatial sorting; social sorting; privacy; control creep; data minimization; surveillance capitalism; ethics; data justice.

coronavirus tech issues

New book: Understanding Spatial Media

USM3A new book, Understanding Spatial Media, edited by Rob Kitchin, Tracey Lauriault and Matt Wilson has been published by Sage. The book started life as a conversation at the launch of the Programmable City project. It includes 22 chapters detailing forms of spatial media and their consequences, including discussions of the geoweb, neogeography, volunteered geographic information, locative media, spatial big data, surveillance, privacy, openness, transparency, etc.  Here’s the back cover blurb:

“Over the past decade, a new set of interactive, open, participatory and networked spatial media have become widespread.  These include mapping platforms, virtual globes, user-generated spatial databases, geodesign and architectural and planning tools, urban dashboards and citizen reporting geo-systems, augmented reality media, and locative media.  Collectively these produce and mediate spatial big data and are re-shaping spatial knowledge, spatial behaviour, and spatial politics.

Understanding Spatial Media brings together leading scholars from around the globe to examine these new spatial media, their attendant technologies, spatial data, and their social, economic and political effects.

The 22 chapters are divided into the following sections:

  • Spatial media technologies
  • Spatial data and spatial media
  • The consequences of spatial media

Understanding Spatial Media is the perfect introduction to this fast emerging phenomena for students and practitioners of geography, urban studies, data science, and media and communications.”

Contributors: Britta Ricker, Jeremy Crampton, Mark Graham, Jim Thatcher, Jessa Lingel, Shannon Mattern, Stephen Ervin, Dan Sui, Gavin McArdle, Muki Haklay, Peter Pulsifer, Glenn Brauen, Harvey Miller, Teresa Scassa, Leighton Evans, Sung-Yueh Perng, Mary Francoli, Mike Batty, Francisco Klauser, Sarah Widmar, David Murakami Wood, and Agnieszka Leszczynski.

Thanks to Lev Manovich for permission to use an image from the On Broadway project for the cover.

Details about the book can be found here.

Rob Kitchin

Emerging Technological Responses in Emergency Management Systems

The advent of discourses around the ‘smart city’, big data, open data, urban analytics, the introduction of ‘smarter technology’ within cities, the  sharing of real-time information, and the emergence of social media platforms has had a number of outcomes on emergency services worldwide. Together they provide opportunities and promises for emergency services regarding efficiency, community engagement and better real-time coordination.  Thus, we are seeing a growth in technologically based emergency response. However, such developments are also riddled with broad concerns, ranging from privacy, ethics, reliability, accessibility, staff reluctance and fear.

This post considers one recent technological push for the re-invention of the emergency call system (911bot) and another for the sharing of real-time information during a major event (Smartphone Terror Alert).

911bot

In recent years, there has been a significant move away from voice calls towards texting and internet based platforms (eg.WhatsApp and Twitter)(see figure 1), this is tracked regularly by the International Smartphone Mobility Report conducted across 12 countries by the data tracking company Infomate. In 2015, they found that in America the average time spent on voice calls was 6 minutes as opposed to 26 minutes texting, and worldwide,  internet based platforms were the main form of communication (Infomate, 2015 and Shrapshire, 2015).

 

cell phone communication

Figure 1: Cell phone Communication. Source: Russell (2015).

In light of this, there is a push by both the private sector and entrepreneurs to utilise mobile phones and  social media platforms in new ways such as within the emergency call system. Within my own field research, I have questioned first responders in Ireland and the US regarding the use of social media and apps as alternative means to the current telephone system.  For the most part, this was met with disdain and confusion from first responders.  Strong arguments were made against a move away from a call-dominated response system. These included:

a)      Difficulty in obtaining relevant and accurate information regarding the event, including changing conditions and situations.

b)      Not able to provide the victim or caller with accurate instructions and information.

c)      Restrictions in contacting the caller.

d)     The system would need an overhaul for it to work, i.e. a dedicated team ensuring that these messages are not missed, and require staff training.

e)      Call systems are established mechanisms for contacting the emergency services, why change it when it works?

f)       If you use something like Twitter or Facebook to report an emergency how do we ensure that it is reported correctly and not just tweeted or messaged to an interface which is not monitored 24/7?

And as can be seen through the following conversation with two operational first responders in Dublin, Ireland, they want new technology but are also highly hesitant as to its ability to ensure a quick response.

Conversation between researcher and two first responders

R1: See the problem with a tweet and a text, I can’t get any information out of that, like I could tweet and back and then you are waiting for them to send something back, when I have you on the phone, I can question you, “What is it?”, “What is wrong?”, “What is the problem?”.

R2: If you did go with something like [social media platform for emergency call intake], you would have to have the likes of, if you are the tweet man then you would have to be 100% on the phone looking at it

R2: It probably would work if it wasn’t an emergency as such, not a full emergency

R1: I think people need tobe re-assured that someone has seen it and really knows what is happening.

R1: Jesus you could have everyone tweeting saying I have a sore stomach and that would register as a call for us so the calls would just get worse and worse. [...] I think if you ring Domino Pizza now, it will know who you are, where you are and your order

R2: They can read the caller ID coming

R1:We haven’t got that

All of these are understandable concerns, but they also illustrate a resistance to innovative change that may result in cultural and institutional change which they oppose due to highly legitimate fears of effectiveness and reliability. Even so, they are welcoming of technology which has obvious benefits for them such as the “Domino’s Pizza” caller ID system, but are more reluctant towards innovations such as the 911bot whose value is overshadowed by fears of inefficiency, information gaps and reliability. However, the 911bot does potentially address some of these issues within its design.

The 911bot (figure 2) was developed during TechCrunch’s Disrupt Hackathon in New York in 2016.  It works through Facebook Messenger, which had a reported 1 billion users in July 2016 (Costine, 2016), to allow users to report an emergency.  Initially, one would be forgiven for immediately thinking of the arguments made against a transformation of the current system as presented above. However, the messenger app already offers location services based on the phones GPS thus, when reporting an incident, your exact location is immediately sent (although you can turn off your GPS signal and restrict your location being sent, when using this bot there is potential for that to be overridden).  The person reporting the incident can also send pictures or videos and the bot can provide information on what you should and shouldn’t do in that situation such as, how to do CPR during a cardiac arrest (Westlake, 2016).

Further, this bot has potential to feedback the location of the first responders to the reporter. It provides the control room with more accurate information coming from real-time videos and pictures meaning that they are not relying wholly on information from untrained and scared people.  And, most importantly, this system doesn’t take away from the control room interacting with the caller. From the information provided by the developers, it appears that once the messenger sends the request, the control room calls the phone and resumes their role but with more information.   Possibly, going forward this could even be done through Facetime so that the control room has live interaction with the event prior to the arrival of the first responders.  Although, the 911bot has only been developed and not deployed, in time and after much consultation and experimentation, it could prove very beneficial within emergency response.  For instance, if the control room operator can actually see how the person is conducting CPR, can see and hear their breathing, see the extent of the injury, fire, or road traffic collision in real time, it would inform decision-making that could create better and more efficient responses.  However, it would be remiss to discuss this without noting that there are potential privacy issues with the mass use of this type of technology outside of the remit of this post, that would need to be considered.

911BOT

Figure 2: 911bot. Source: 911bot online.

Smartphone Terror Alert

Another new use of mobile technology was the mass terror alert issued on September 17th 2016, after Chelsea, Manhattan was hit with an explosion.  The alert (figure 3) was issued by the Office of Emergency Management, New York Police Department and the FBI through all phone networks. It was received by an unknown number of people and provided information about the key suspect – Ahmed Khan Rahami.  The Press secretary for New York Mayor Bill de Blasio stated that it was the first use of this alert at a “mass scale” and as the suspect was caught within 3 hours, it presented the appearance that this alert was effective, with New York’s Police Commissioner stating “it was the future”(Fiegerman, 2016). Yet there is no evidence that the alert had anything to do with the catching of the suspect; these two factors could be circumstantial.

SMARTPHONE TERROR ALERT

Figure 3: Smart phone terror Alert. Source: published in Fiegerman (2016).

Further, as illustrated by Anil Dash in Fiegerman (2016) how effective was it actually?  “Is there evidence that low-information untargeted push notifications help with any kind of crime? Seems they’re more optimised for panic”.  This is compounded by the lack of an all-clear alert, which would work to ease tensions and potential panic.  We live in a socially constructed risk society (Beck, 1992; 2009) and with innovations such as this, even if the intention is good, the potential for mass panic is created, which raises questions regarding the appropriateness of this mechanism. In this instance, sending an alert with little information, using just a name, makes everyone who could fit that name a potential target, and is an action that could create panic, fear and racial attacks under the illusion of “citizen arrest”.  However, this system has potential especially if it were utilised during severe weather events to provide information on evacuation centres and resources rather than during more sensitive events such as a manhunt.  Essentially, though, before it can be deemed thoroughly effective and safe there needs to be stringent supportive policy and agency and community training to ensure that response from agencies as well as communities is coordinated and effective rather than panicked and uninformed. So, I wonder, is this really the future, and indeed, does it need to be the future? Is it already the present with no sense of reflection on the potential consequences of such a system by the lead federal and local emergency agencies and institutions?  I don’t have the answers to these questions but examining the operational use of this alert even, at its small scale of use, provides opportunities to begin to tease out the danger of a dichotomy between effectiveness and panic and to explore issues around privacy, fear, reliability and usefulness.

In conclusion, this post has provided two different innovations within emergency management, one being experimented with and one which has been implemented. But what is clear is that changes in how we engage with control centres and emergency services are taking place, albeit slowly. But, one can only hope, especially in relation to the alert system, that lobbied criticisms will be engaged with and solutions sought.

 Bibliography

911bot (2016) 911bot. [Online]. Available at: http://www.911bot.online/) (Accessed 9th November 2016).

Beck, U., (1992). Risk Society: Towards a New Modernity. London: Sage.

Beck, U., (2009). World of Risk. Cambridge: Polity Press.

Costine, J. (2016) How Facebook Messenger clawed its way to 1 billion users. [Online].  Available at: https://techcrunch.com/2016/07/20/one-billion-messengers/ (Accessed 8th November 2016).

Fiegerman, S.(2016) The story behind the Smartphone Terror Alert in NYC. [Online].  Available at: http://money.cnn.com/2016/09/19/technology/chelsea-explosion-emergency-alert/ (Accessed 9th November 2016).

Infomate (2015) The International Smartphone Mobility Report [Online]. Available for download at: the International Smartphone Mobility Report (Accessed 7th November 2016).

Russell, D. (2015) We just don’t speak anymore. But we’re ‘talking’ more than ever. [Online].  Available at: http://attentiv.com/we-dont-speak/ (Accessed 9th November 2016).

Shropshire, C. (2015) Americans prefer texting to talking, report says. Chicago Tribune [Online].  Available at: http://www.chicagotribune.com/business/ct-americans-texting-00327-biz-20150326-story.html (Accessed 9th November 2016).

Westlake, A. (2016) Finally, there’s a chat bot for calling 911. [Online].  Available at: http://www.slashgear.com/finally-theres-a-chat-bot-for-calling-911-08439211/ (Accessed 7th November 2016).

 

New paper: The ethics of smart cities and urban science

A new paper by Rob Kitchin has been published in Philosophical Transactions A titled ‘The ethics of smart cities and urban science’ in a special issue on ‘The ethical impact of data science’.

Abstract

Software-enabled technologies and urban big data have become essential to the functioning of cities. Consequently, urban operational governance and city services are becoming highly responsive to a form of data-driven urbanism that is the key mode of production for smart cities. At the heart of data-driven urbanism is a computational understanding of city systems that reduces urban life to logic and calculative rules and procedures, which is underpinned by an instrumental rationality and realist epistemology. This rationality and epistemology are informed by and sustains urban science and urban informatics, which seek to make cities more knowable and controllable. This paper examines the forms, practices and ethics of smart cities and urban science, paying particular attention to: instrumental rationality and realist epistemology; privacy, datafication, dataveillance and geosurveillance; and data uses, such as social sorting and anticipatory governance. It argues that smart city initiatives and urban science need to be re-cast in three ways: a re-orientation in how cities are conceived; a reconfiguring of the underlying epistemology to openly recognize the contingent and relational nature of urban systems, processes and science; and the adoption of ethical principles designed to realize benefits of smart cities and urban science while reducing pernicious effects.

The paper is behind a paywall, so if you don’t have access and you’re interested in reading email Rob (rob.kitchin@nuim.ie) and he’ll send you a copy.