It was HARD to read through this whole article, but I did it anyway and I totally disagree.
The argument that private companies are already tracking you doesn't exactly hold up, you don't have to install Facebook, Instagram, TikTok, Messenger, Google Chrome, or whatever else on your phone. There's ways of limiting tracking by private companies (not always easy for every user but there are options).
I believe ENOUGH people have these apps for this approach to be effective.
What I don't understand about this article is that the author assumes the data has to flow through a government entity. I don't see why the company holding your data, eg Google, can't just have their own pandemic-tracking analytics that they can publish for everybody, including the government.
Among other things, to be most effective there has to be two-way information flow with public health authorities who do contact tracing. When somebody is found to be positive, that info needs to propagate into the app and through the likely-spread network. I believe that simply cannot be done by private entities under the framework of existing health privacy regulation.
Similarly, when the tracking system identifies someone as high risk, they need to be referred to testing by public health at the least. It also makes sense that a high risk person be isolated or quarantined, and it's possible the benefits of enforcing that through police outweigh the risks. If so, that's clearly a government function, not something that can be done by Google.
SNI information is really, really limited though. Besides physical location tracking has been possible since the existence of phones. That's nothing new.
They don't need to. Your IMEI and IMSI is enough to keep you tracked. Personal attribution doesn't require much third party publicly available data for most cases.
I basically agree with this. We've already collectively decided to give up our surveillance / tracking information for the purpose of making ad targeting more effective. I wish we had a competent, trustworthy set of institutions who could take that data and repurpose it for stopping the spread of Covid-19.
Unfortunately, I am not very optimistic about this. There are also people who would misuse this data, and how can we protect the institutions against them? I wish the urgency of the situation could create the will to do this right, but I'm not seeing a lot of positive signs.
The takeaway I got from it is that some kind of bold action is necessary - creating a voluntary, opt-in tracking app will likely have almost no effect at all.
A few other thoughts I want to get across here (I've been thinking about this a lot, and have started drafting a blog post, but probably won't post it because I don't really have answers, only want to encourage people to ask the right questions).
A computerized tracking system can't do a lot by itself. It needs to be integrated into deployment of health care services, including testing and treatment for people who get the virus, supporting a small army of people doing contact tracing using a combination of low-tech and high-tech methods, not to mention equipment and supplies.
Lastly, I'm surprised Maciej didn't bring up China's experience, as they do have some of this surveillance in place, and it also seems to help them be effective. I've been trying to learn more, but there's precious little in English. There's a "mini program" that is deployed in Alipay called sui shen ban (随申办), seemingly voluntary but with strong incentives.
I'm not what the best way forward is for the US, but I do strongly feel we should be talking and thinking about it. If there is a tool that can help significantly and we're not using it, that's a tragedy.
I am also a privacy activist and this post has really made me think about my convictions. The most convincing argument here is that the infrastructure is already there and already used by private companies for "bad," why not let the government use it for "good?"
This is the crux of all technological advancements. I still truly believe that a hardline for privacy is the only thing that will keep it alive. Everything else is a slippery slope.
The Benjamin Franklin quote is still applicable:
“those who would give up essential liberty to purchase a little temporary safety deserve neither.”
The proposed actions are exactly giving up essential liberty to purchase a little temporary safety.
Maciej includes that quote. He also proposes organizing the program with significant protections and limitations. I know it's very likely politically infeasible to competently create such a program, but I ask you: with these protections and limitations in place, and if there is evidence that this program would save many lives (in addition to getting the economy back online more quickly), would you still be opposed to it?
I'd still be opposed to it on principle because no matter what protections and limitations are in place initially, if they're put in place by a centralized (aka corruptible) organization, they can just as easily be replaced or removed. Even if there is evidence that such a program would save many lives (and arguably such evidence is starting to come about) it still remains to be seen whether those lives saved even out versus the amount of lives that would be upended in the future because the "privacy line" has been redrawn. All change is incremental, and we don't know what an incremental change away from privacy as a basic right to be respected no matter what could lead to as a next step.
It's entirely possible that even with all these considerations, a democratic society still chooses to implement such a program. In such a situation I still think it's necessary for someone like me to stick to privacy as a principle even if only for the sake of philosophical discussion and keep parroting: "We're on a slippery slope!"
The argument that private companies are already tracking you doesn't exactly hold up, you don't have to install Facebook, Instagram, TikTok, Messenger, Google Chrome, or whatever else on your phone. There's ways of limiting tracking by private companies (not always easy for every user but there are options).