|
by Katitza Rodriguez, Svea Windwehr and Seth Schoen
June 15, 2020
from
EFF Website
Spanish version
Italian
version
In their efforts to contain the spread of the pandemic, governments
around the world are rolling out body-worn devices ("wearables") to
assist in fighting the virus.
Some governments want a technological
silver bullet to solve the public health crisis.
But many of the
tools aimed at solving problems come with a host of other problems
that will undermine the public health goals for which they are
adopted, and create new unintended consequences for privacy,
association, and freedom of expression.
These electronic devices,
are usually worn on the wrist or ankle.
Their use can be mandated by the government or voluntary (although
users don't always understand exactly what it is they're being asked
to wear).
We might tend to associate the idea of a "wearable" with
either a smartwatch or an ankle monitor, but governments are also
using wrist-worn "bracelets" for a broad range of different purposes
amid the
COVID-19 pandemic.
Wearables may use
an electronic sensor to collect health information from the wearer
(by measuring vital signs) and act as an early warning to identify
likely COVID-19 patients before they show any symptoms.
They can
also be used to detect or log people's
proximity to one another (to enforce social distancing) or
between a person's bracelet and that person's own mobile phone or a
stationary home beacon (to
enforce home quarantine).
For quarantine
enforcement, the devices might also use a GPS receiver to inform
authorities of the wearer's location.
Some use Bluetooth radio
beacons to let authorities confirm when the wearer is within range
of a phone that itself is running a
contact tracing app (rather than leaving the phone at home and
going outside in violation of a health order).
And some may be
low-tech wristbands that are no more than a piece of paper with a QR
code, which authorities may regularly ask the user to photograph
with a mobile app (among other uses of photo demands for quarantine
enforcement).
Like other
technologies deployed for pandemic-related tasks, they vary along
several dimensions, including whether they are voluntary and/or
under control of the user, and whether they are used to surveil
whether a person is doing what the state told them to do, or merely
to provide the user with health information to assist the user's
decision-making.
Some impose significant privacy risks.
And,
particularly because of the haste with which they've been deployed,
they also vary in terms of their apparent suitability for their
purpose.
Here, we will
highlight a range of devices that different governments are
currently asking or telling people to put on their wrists or ankles
to fight the pandemic.
Early Warning System to
Identify COVID-19 Patients
In
Liechtenstein, the Principality is financially supporting a
medical study called "COVI-GAPP" by the Swiss medical testing firm
Labormedizinisches Zentrum Dr.
Risch.
In this voluntary
trial, 2,200
persons (about 5% of tiny Liechtenstein's population) are being
given "Ava"-brand bracelets to determine whether these wearables can
identify COVID-19 pre-symptomatic cases (i.e. before the patient
shows any symptoms).
The bracelets, which were supplied by Swiss
fertility start-up Ava,
are worn at night and record biometric data such as movements, body
temperature, blood flow, breath, and pulse rate.
The clinical trial
will study the biometric data to see whether an
algorithm can
spot indicators that a person might have developed COVID-19 symptoms
- increased temperature, shortness of breath and cough - even before
patients notice these themselves.
Participation in the clinical
trial is
voluntary, and the
collected data is pseudonymized.
The collected data
is still subject to Europe's General Data Protection Regulation (GDPR),
which applies in
Liechtenstein.
As a general rule, the processing of biometric
data is strictly prohibited for the purpose of uniquely identifying
a person, unless the person
gives explicit consent
to such processing.
While the study is government-funded, the
Principality stated that it does not have access to the research
data.
We should be careful not to lose sight of or take shortcuts on
data protection principles for biometric data, such as express
consent, data minimization, transparency, and security.
Personal
medical data gathered from wearables and machine learning should be
used in a way that patients can understand and agree to, and should
be deleted when it is no longer needed.
Workplace Monitoring of Social
Distancing
Many employers are
showing interest in making their staff wear electronic bracelets in
the workplace, often to mitigate risks by enforcing social
distancing rules.
The port of
Antwerp, Belgium, has
started to use wristbands
to enforce social distancing rules on the workfloor, requiring a
specific minimum distance between any two workers.
The
wearables, supplied
by the Dutch company Rombit, are equipped with Bluetooth and
ultra-wideband technology and give off warning signals when workers
come within a specified distance from each other.
But enforcing
social distancing is not the only functionality of the bracelet:
as
the wristbands are Bluetooth-enabled, they also allow for contact
tracing, with all personal data collected for that purpose centrally
stored at Rombit's servers.
As employers' surveillance of workers
has become
increasingly
widespread, records of worker-to-worker interactions could be
abused for many purposes, like
union busting.
It can also be used for other purposes like surveilling
workers to reduce "unplanned downtime".
While wearing
tracking bracelets at the workplace might not (yet) be mandatory in
most places, it is more than questionable whether workers - with
their livelihoods at stake - can exercise real choice when their
employer tells them to strap it on.
Under the GDPR, consent can't be
freely given if there is a clear imbalance between the data subject
and the data controller.
In other words, consent can't be a valid
legal ground to process the data when the employee has no real
choice, feels compelled to consent, or will endure negative
consequences if they do not consent.
Wearable Device Proximity
Tracking
EFF is wary about
mobile-based
Bluetooth-based
proximity
tracking
apps.
Now such automated tracking might be migrating from phone
apps to wearable devices.
Reuters
reported that the Singaporean government is switching its
centralized contact tracing technology focus away from its
existing
TraceTogether
smartphone app (which uses Bluetooth to detect and log close
proximity of other smartphones).
Instead, that
nation will deploy a new centralized TraceTogether Token standalone
wearable device, which the government plans to eventually distribute
to all 5.7 million Singapore residents.
While the TraceTogether
Token uses a broadly similar technology to the TraceTogether app, it
will not rely on participants to own or carry a smartphone.
Like
the app, the new token will trace proximity between users (not
location).
According to
MobiHealth News, only users who test positive for COVID will be
told to hand their wearable to the Ministry of Health in order to
upload data to a centralized server about who they have been in
contact with.
EFF objects to such
centralized approaches to automated contact tracing, whether by
means of a phone app or a wearable device. Further details about how
the Singaporean device will work are scarce
Press reports did not
initially confirm if the wearable tokens will interoperate with the
mobile TraceTogether app.
If they do, which seems likely, the
government will continue to collect a great deal of sensitive data
about interpersonal associations, and regularly upload that
information to a centralized government server.
The centralized
TraceTogether mobile app collects data that links device IDs to real
contact information like phone numbers, which means the government
can use it to determine which individuals have come into contact
with one another.
This makes TraceTogether app incompatible with
decentralized exposure notification systems like
Apple and Google's API, where those who have been exposed to an
infected person get only a notification but their personally
identifying data never leaves the infected persons' device.
There is
no centralized server where people upload the data.
EFF opposes the
centralization feature of the Singaporean mobile app, and will
likewise oppose this same feature if it is part of the new wearable
token system.
Since the token
will be a single-purpose device, users may not have the same amount
of control over how it works. App users can always turn off
Bluetooth on their phone, but they may not be able to stop a
wristband from broadcasting or collecting data.
Finally, a weakness
of app-based exposure notification systems is that many people
do not own a smartphone, especially in rural areas. Allowing
users to decide whether to use a wearable token or a mobile app (or
to use neither) might improve participation rates.
But these systems
remain an unproven technology that might do little to contain the
virus, and should at most be a supplement to primary public health
measures like widespread testing and manual contact tracing.
And
everyone should have the right not to wear a tracking token, and to
take it off whenever they wish.
Mandatory Apps and Wearables
to Monitor Patients Under Quarantine Orders
Some countries have
started to make tracking wristbands or apps a mandatory element of
their efforts to enforce quarantine orders of persons who are or
might be infected with
COVID-19.
EFF
opposes such coercive surveillance based solely on infection.
In
Bahrain, persons in medical isolation are compelled to download
the government-mandated contact tracing app "BeAware," turn on
Bluetooth, keep their Internet on, and set their quarantine
location.
They are also compelled to wear
GPS-enabled
bracelets that track their whereabouts and connect it to the
app.
iPhone users are
obliged to turn on the "allow access to the app" setting to "always
allow." If this system shows the bracelet is 15 meters away from the
phone, it sends a notification to the government's monitoring
station.
In addition, the government
can request
selfies at any time from the patient, clearly depicting both the
isolating person's face and bracelet in the same image.
Attempts to
remove or tamper with the electronic bracelet can
result in
steep fines and imprisonment for not less than three months.
Similarly,
Kuwait
requires individuals returning home from abroad to wear tracking
bracelets.
Linked with the country's official contact tracing app, Shlonik, the bracelets notify health officials when individuals
subject to isolation orders appear to break quarantine.
Kuwait's app
was developed by Zain, a Kuwaiti telecommunications giant.
In 2016, Zain worked with Kuwait's Ministry of Awqaf & Islamic Affairs to
deploy wristbands and SIM cards to monitor the locations of
8,000 Kuwaiti Hajj pilgrims during the annual pilgrimage to Mecca.
Like in Bahrain, use of the new bracelet is
enforced through selfie requests, and violators risk being
transferred to a governmental quarantine facility, as well as other
legal actions.
As we
have previously said, forcing people to download and use an app
significantly undermines their ability to control their phone and
the data they share, undermining people's right to informational
self-determination.
Governments should not force people to hand over
control of their phones and data.
Also, mandating the use of an app
risks introducing significant security vulnerabilities and further
harming peoples' privacy and data security. Further, a punitive
approach to containment can break peoples' trust and thereby
undermine public health.
For example, people
may
avoid testing if they fear the consequences of a positive test
result.
Some governments
are turning to
electronic
ankle shackles, including Australia and two states in the United
States. These devices are commonly used to monitor individuals
considered to be dangerous and/or a flight risk both pre-trial and
during parole or probation.
They have been repurposed for quarantine
enforcement.
In
Western Australia, under the state's
COVID-19 response act, the police acquired 200 GPS-enabled ankle
bracelets. Individuals who fail to comply with quarantine orders can
be equipped with one of the bracelets.
Penalties for failing to
comply with orders to wear the shackles, or attempting to tamper
with them, can lead to up to
12 months in jail and fines or more than 10,000AU$, or
approximately 6,981 US dollars.
Courts in
Kentucky and
West Virginia have mandated electronic ankle shackles for
individuals who refused to submit to quarantine procedures after
testing positive for COVID-19.
Like in Australia, the shackles are
using GPS technology to locate individuals.
GPS ankle shackles
raise a series of concerns.
They are a grave intrusion in persons'
privacy and personal freedom.
Often, they are uncomfortable,
restrict a person's range of motion, and must
be paid for by the person forced to wear them.
This surveillance
to enforce quarantine is not justified merely because a person
tested positive or are deemed to have an elevated infection risk.
Low-Tech Bracelets for
Quarantine Enforcement
Hong Kong
uses yet another category of bracelets to enforce quarantine orders.
Individuals undergoing 14-day home quarantine procedures, such as
arrivals from overseas, are given bracelets with a unique
QR code. Users
register their bracelet with Hong Kong's official COVID-19 tracing
app.
The app prompts the
owner of the phone to walk the perimeter of their apartment,
assembling a unique "signature" made up of the various wifi,
Bluetooth, and other signals detectable in the home.
If they move
the phone outside of that "geofenced" perimeter, they trigger a
warning sound that can only be stopped by scanning the QR codes of
every household member's wristband.
Bracelet-wearers are also
expected to scan the codes regularly with a phone.
Punishments for not complying can be harsh and may lead to six
months in jail time as well as fines. Some technologically more
advanced bracelets have been deployed on a smaller scale in Hong
Kong.
Similar QR code bracelets are
reported to be used in Malaysia.
The most-used form
of the bracelet seems to be
little more than a piece of paper with a QR code.
These low-tech
wristbands are an interesting case since the QR code itself is an
easily copyable image and does not incorporate any electronics at
all.
This might seem comparatively benign when viewed against the
backdrop of more technologically intrusive alternatives.
But even a
low-tech, non-electronic bracelet with a unique code can play a
significant role in making new kinds of surveillance feel familiar
and normalized.
Conclusion
All of these
surveillance technologies, like many other COVID-19 mitigations, are
being rolled out rapidly amidst the crisis.
While proponents
may feel that they are taking an urgently needed step, governments
must begin by
showing the efficacy of each technology.
They also must address
the kinds of digital rights concerns raised by EFF on related topics
such as
proximity apps and
patients' right to privacy against quarantine enforcement.
Intrusive
monitoring tools adopted now may further normalize the surveillance
of individuals by governments and private entities alike.
History shows that
governments rarely "waste a good crisis," and tend to hold on to the
new powers they seized to address the emergency situation.
They can also
introduce a variety of serious privacy and security risks to
individuals that may be forced to wear COVID-19 surveillance tech.
Beyond the immediate risks, it is crucial to also consider the
long-term effects of tracking bracelets, including their cultural
effects.
It should not feel
normal to be tracked everywhere or to have to prove your location.
| 
