Recently released documents from the Department of Homeland Security reveal that a coalition of tech companies are interested in the surveillance capabilities of contact tracing apps.
As political leaders across the United States begin to make use of contact tracing apps the public is promised that privacy is being considered. However, newly released documents reveal that a private task force made up of Big Tech companies has expressed interest in surveillance capabilities of such apps. Additionally, controversial Fusion Centers appear to be preparing to make use of the data gathered by contact tracing apps as well.
Contact tracing is a process of identifying individuals who may have come into contact with an infected person, collecting information about their contacts, and then tracing the contacts of infected individuals. All persons who may have come into contact with an infected individual are tested for infection, treated for the infection, and their contacts traced as well.
During the COVID-19 pandemic there have been calls for digital contact tracing using cell phones to notify individuals when they may have come into contact with an infected person or visited a hot spot of infection. Digital contact tracing apps use Bluetooth to track encounters, a move which is supposed to anonymize actual location data. Other forms of contact tracing apps involve the use of location data gathered from cellular networks. Critics believe the apps will be used to expand government surveillance.
The new documents (1, 2, 3, 4) were released by the Office of Science and Technology Policy in response to a Freedom of Information Act Request by the Electronic Privacy Information Center (EPIC).
“The records show that a tech sector task force closely aligned with the White House sought to aggregate “non-clinical location data” for “disease surveillance,” including cell phone location data, Uber trip data, and Google search data,” EPIC wrote.
The so-called “COVID19 Tech Task Force” is a private task force including representatives from AWS, Camber, ESRI, Facebook, Google, Harvard School of Public Health, Microsoft, Mozilla, R4, SAP, and Salesforce. The reference to “non-clinical location data” comes in a section entitled, “Goals and opportunities.” It reads:
To assist researchers at the CDC, academic institutions, and other public-health officials, capture non-clinical location data to assess contact rates, social distancing, effectiveness of policy interventions, and disease surveillance.
In an email exchange on contact tracing, members of the Office of Science and Technology Policy described the proposals on geolocation as “certainly interesting.” However, Lynne Parker, Deputy Chief Technology Officer with the OSTP told the task force that the White House was “not engaged in any activities relating to location data.”
Interestingly, Parker reminded the Tech Task Force that they are “a private sector group with no government affiliation.” Parker thanked the Task Force for their work, asked to be removed from the emails and calendar invitations, and said the OSTP inclusion in ongoing conversations “may be confusing to your members, and be misinterpreted as the USG endorsing this effort or it being a joint effort.” While the emails make it clear the White House has a close relationship with the Tech Task Force, the statements by Parker appear to be an effort to put distance between the two entities.
Another disturbing revelation in the documents relates to controversial Fusion Centers. Fusion Centers are centralized systems that pool and analyze intelligence from federal, state, local, and private sector entities. The National Network of Fusion Centers was created after the 9/11 attacks to provide for more streamlined communication for federal and local agencies. The Fusion Centers have been criticized as violations of civil liberties and a danger to separation of federal and local governments. Most infamously, in 2009 it was revealed that the Missouri Information Analysis Center (MIAC) was targeting supporters of third party candidates, Ron Paul supporters, anti-abortion activists, and “conspiracy theorists” as potential domestic extremists.
One of the newly released emails show that in March, an executive director of the National Fusion Center Association, a lobby group for fusion centers, proposed an “automate[d] contact tracing and notification” system to the White House. This would mean that the Trump administration would receive automatic updates on the contact tracing efforts, and potentially, the data gathered by tracking apps.
After EPIC obtained the records and published them online, the White House ordered the organization to delete the records from the Office of Science & Technology Policy. EPIC was contacted by a White House attorney who ordered them “to immediately cease using and disclosing” one set of records and to “destroy all electronics copies.”
The OSTP told EPIC they had “inadvertently and erroneously” provided EPIC with an unredacted copy of the records. EPIC had already performed their own redaction of personal contact information so they decided to make the records available to the public. “Under the Freedom of Information Act, a federal agency is not entitled to “claw back” a record that it discloses to a requester,” EPIC wrote.
While some sections of the emails mention “de-identification” and “anonymizing” the data, the suggestions by the Tech Task Force and the Fusion Center lobby make it clear that there are attempts to use the data gathered by contact tracing apps for surveillance purposes. Also, despite the White House effort to distance themselves from the task force, it is abundantly clear that the tech companies involved are in regular communication with officials from the Office of Science and Technology Policy.
As we have previously noted, government officials are also calling for an “army” of contact tracers to help identify potentially ill people and ensure they are quarantined and isolated. Now that the apps are beginning to roll out Americans are likely to see yet another increase in invasions of civil liberties and privacy.