Civil Liberties Are At Risk in Rush to Track Coronavirus, Data Analysis Firm Warns

As this novel coronavirus has rapidly spread through dozens of states this past week, the daily lives of Americans have been upturned to such an extent that many people have grasped for a comparable time in history to look back to in terms of its likely impacts on society as a whole.

For many Americans, that's Sept. 11, 2001.

The comparison comes with a worrisome dark side, which privacy advocates have started to sound the alarm on.

That's because as Americans grieved the terrorist attacks on their homeland nearly 19 years ago, they also called for swift action. Lawmakers moved quickly to craft the USA Patriot Act and the president signed it into law just over a month after the attack. The civil liberties and privacy repercussions of the act, and what it later wrought, are still felt today.

With governments and the private sector both rushing to stop the spread of COVID-19, governments such as South Korea's have used massive tracking initiatives — including a mandated GPS-tracking app, designed to keep its people safe from those who break quarantine and punish those who do. Privacy advocates warn that much like worries about the spread of this new coronavirus, once citizens begin worrying about the loss of privacy, it's probably already too late.

The Electronic Frontier Foundation, a nonprofit digital rights advocacy group, is asking the public to keep in mind protections for their own civil liberties when asking the government for better tracking of the virus's spread.

"As our society struggles with how best to minimize the spread of this disease, we must carefully consider the way that 'big data' containment tools impact our digital liberties," their staffers wrote on March 10. "In the digital world as in the physical world, public policy must reflect a balance between collective good and civil liberties (but) extraordinary measures used to manage a specific crisis must not become permanent fixtures."

A seemingly strange bedfellow on this issue is Palantir Technologies, a private software company that does data integration and analysis, with co-founders that include Peter Thiel, its chairman, and Alex Karp, its CEO. The company's early ties to the intelligence community provides a cloak-and-dagger mystique as well as fuels concerns surrounding the use of its software by the U.S. government. In-Q-Tel, the Central Intelligence Agency's venture capital arm, helped Palantir get its start roughly 15 years ago through an early $2 million total investment.

On Tuesday, the company released a recommended set of principles for organizations battling COVID-19 to follow in order to "use data effectively yet responsibly."

"We are already starting to see in this country and other countries a growing chorus for action, and in exigent circumstances the impulse is to move quickly and to set aside any normative concerns that may otherwise create reasonable impediment," said Courtney Bowman, who heads up Palantir's global privacy and civil liberties engineering team. He spoke by phone with dot.LA on Monday night.

Bowman said that in the wake of 9/11 there was a real need for national security and intelligence agencies to parse and organize vast silos of data, which is ultimately what Palantir decided to tackle. With that early history in mind amid the outbreak of COVID-19, Bowman decided to outline the "best practices for using data during a crisis" and plans to publish it online on Tuesday.

It's "a way to make the problem more tractable to agencies," Bowman said. "Particularly those reeling from shock."

The software firm said it's also having conversations with a number of local and state jurisdictions to provide them with services, which may be one reason it's willing to discuss its privacy principles but it could also explain the broad range of entities that use its software.

Today the private company works with multiple departments of the U.S. government, including the justice, defense and homeland security departments, where it was most recently criticized for allegedly allowing its software to be used to help with the Trump administration's deportation efforts. (Palantir has strongly denied that.) But also, the Department of Health and Human Services, which includes the Centers for Disease Control, where helps with human disease outbreak response, and the National Institutes of Health. It also works with multiple companies, nonprofits and NGOs, including Merck, Sanofi, the United Nations, World Food Program, National Center for Missing and Exploited Children, and Mercy Corps.

Bowman shared his recommendations with dot.LA (below). First, a major caveat from the data integration and analysis firm: "Data is not a panacea," Bowman said. It's merely a tool.

• Focus on decisions that need to be made, not the insights that you hope will be discovered: Focus only on data that is necessary to help make those decisions so you aren't overwhelmed.
• Start with the data you have: Do not amass all the data. Instead, identify gaps in the data you have, who has what you need and why it is or isn't helpful. Only once you've identified critical gaps should you reach out for more data.
• Beware the shiny new object: Don't rush to adopt the newest technique, whether that's AI or facial recognition, without knowing how accurate, reliable or biased it is. Instead, invest in strong data-management, which may be more valuable for critical analysis.
• Look beyond quick wins: Try to build a unified set of data that lets you quickly adapt to changing and possibly related concerns. For example, a look at national supply-chain investments could be potentially repurposed for anticipated hospital shortages.
• Set rules on data use from the start: Make sure you establish and enforce rules on how the data should be used and who can access what in order to prevent misuse. "Even the most well-meaning or problem solvers sometimes are blinded to the risks of the solutions they create," Bowman writes.
• Establish safeguards: Put protections in place so that you can tell who input the data and how it is used. Make sure that individuals are held accountable for decisions they make that may impact peoples' health, safety, privacy and civil liberties, especially during a pandemic when stakes are high and time pressure is significant
• Secure data before sharing it: Cyber criminals are also cooped up at home and online during a pandemic and aren't taking a break. Scammers have already tried targeting those worried about the coronavirus with malware and phishing scams. Remember that once data is distributed, it's hard to pull back. Look at the risks and benefits and figure out how to enforce security, privacy and minimize what's shared. "Technology should enable data sharing only to the extent needed and, critically, only for the time period needed," Bowman adds.
• Build a data governance body: Bring a dedicated body of experts together to give advice on managing data access and recommend measures for mitigating potential abuse.
• Serve the patient and respect human dignity: "Societies must emerge from a health crisis with their values intact," Bowman writes. While authoritarian responses to pandemics may be more effective in the short term, it comes at the expense of individual privacy and liberty. This doesn't have to happen.

"Exceptional actions carried out under exigent circumstances often define new norms, for good or ill," Bowman writes. "This is an emergency – perhaps the defining one of our age. In acting decisively to defeat this pandemic, we must do so in a way that we will recognize ourselves when it's done."

__

Do you have a story that needs to be told? My DMs are open on Twitter @latams. You can also email me at tami(at)dot.la, or ask for my Signal.