Pandemic surveillance will become a new normal for our society

Umberto Bacchi, Reuters

The two-year fight against COVID-19 has turned technology into a weapon of choice to defeat the virus but experts now worry that tech will outlive the pandemic and normalise mass surveillance. From contact tracing apps to facial recognition, technology has become part of the arsenal used to protect public health. While this might have helped save lives, rights advocates say intrusive solutions could already be so entrenched that personal privacy is the long-term price many people may yet pay. “Once a big system is introduced into a society, it is difficult to fundamentally fix it, even if a problem is found afterwards,” said Chang Yeo-Kyung executive director of South Korea’s Institute for Digital Rights. The country has largely been a COVID-19 success story, partially thanks to aggressive testing and tracing.

This year, as cases of the highly infectious but less deadly Omicron variant surged, it scrapped contact tracing and mandatory isolation for vaccinated people in favour of self diagnosis and at-home treatment to free up medical resources. Yet, in December, it announced a nationally funded pilot to use artificial intelligence, facial recognition and thousands of CCTV cameras to track the movement of infected people — a move that raised privacy concerns. The project was set to start in January in Bucheon, one of the country’s most densely populated cities on the outskirts of Seoul, but it has reportedly suffered delays.

“There are concerns that surveillance will become a ‘new normal’ for our society after COVID-19,” Chang told the Thomson Reuters Foundation via email.

For example, he said people have already grown accustomed to showing proof of identity before entering a venue. Government, too, has stretched boundaries, Chang said, in one instance using cell towers to identify thousands of people at a given location — then encountering only meek resistance.

Elsewhere in Asia, countries from Singapore to India, from Thailand to Taiwan continue to use contact tracing apps to track local residents, as well as keep tabs on tourists. Singapore, Thailand and others also extensively use QR codes for check-ins at malls, restaurants, airports and other sites.

Last year, Singapore said it would allow police to use personal data from its contact tracing app in “serious” criminal investigations, and introduced a bill that mandated penalties, including jail time, for misuse of the data. The Indian state of Jammu and Kashmir said last year that it had shared data from a contact tracing app with local police.

App-based food delivery firms, such as Zomato and Swiggy, began sharing workers’ names and body temperatures with clients. Several Indian cities have also made it mandatory for municipal workers to wear tracking devices, while teachers in New Delhi have filed a lawsuit to stop the use of biometrics in an attendance app they say invades their privacy. The increase in surveillance has spawned heightened debate and some legal action, according to digital rights experts, as fears grow that surveillance has already gone too far. “We have been asked to give a lot of data for the purposes of controlling the virus. Sometimes it was necessary, sometimes it was not,” said Carissa Veliz, a professor at the Institute for Ethics in AI at Oxford University in Britain. “On the other hand ... we are seeing more of a backlash than we used to and more awareness.. I think people are tired of feeling spied on.” Estelle Masse, global data protection lead at rights group Access Now, said contact tracing apps in Europe fared relatively well in terms of privacy protection, in part due to greater public discourse. “A lot of the potential privacy risk that could have existed did not materialise,” she said.

European apps, for example, largely stored data on people’s phones rather than in one central database, she said, while the extent of info logged only stretched to the need-to-know.

But not everything went to plan — not when authorities used private data designed to stem the virus for other reasons. In Germany, prosecutors in Mainz apologised after it was revealed that police surreptitiously obtained the details of people gathered by a privately-developed contact-tracing app, Luca, as part of a probe into the death of a man. Luca said the app had worked as police only got access to its data about a restaurant visited by the man after getting the health department to pretend it was the site of an infection. Similar cases caused a stir in Australia, where two states trialled facial recognition software that let police check whether people were home during quarantine. And in Britain, reports that the terms and conditions of some QR code check-in apps used by pubs and restaurants allowed client data to be held for years and shared raised eyebrows. That underlined the importance of minimising the amount of data that can be collected, and of putting in place strong legal frameworks over its use, said Masse.