We can't cure COVID-19 by giving up our right to privacy
"Having served as lead White House technology adviser on Sept. 11, 2001, I've been down this path, and I know its peril far too well."
As fast as we've gone from patient zero to pandemic in this country, so have we sped from the mere suggestion of "sentinel surveillance" to our leaders demanding what some call a Patriot Act for health care. Having served as lead White House technology adviser on Sept. 11, 2001, I've been down this path, and I know its peril far too well. But before I go there, let's first take stock of where we are.
Get what matters in tech, in your inbox every morning. Sign up for Source Code.
While there are some early indications that social distancing is working, the American acceptance of isolation — and the economic uncertainty attached to it — is wearing thin. Any positive signs will likely ignite anxious anticipation of going back to life as we knew it. But when we do open the economy back up, we must do so without trading in our values.
Plans such as the "National Coronavirus Response: A Roadmap to Reopening" lay out comprehensive phased approaches to containing the pandemic and ultimately opening society back up. In order to move out of this necessarily first isolation phase, they also argue for the creation of "new national surveillance infrastructure" and the widespread use of individual contact tracing.
Indeed, a system that tracks individual movements and health conditions in real time would accelerate the removal of physical distancing requirements. South Korea used this kind of tracing to successfully slow the spread of coronavirus there, and China's more draconian version also appears to have worked.
However, such surveillance systems clearly conflict with American values and the right to privacy. In the U.S., numerous "smart" tracking efforts have popped up to inform the public, such as Unacast's Social Distancing Scoreboard or Kinsa's fever heat map, with new apps released almost daily. The information is valuable, but much of it is powered by our private data, which lacks critical protections and which we have no ability to control.
The question is: How do we serve the critical need while preserving the inalienable right?
In my time at the White House, I bore witness to a number of the early decisions that had significant, unintended negative consequences. For example, new FISA court processes allowed domestic wiretapping, and Patriot Act provisions enabled mass data capture of citizens who were not under any criminal investigation. The lessons many of us learned were that the benefits in the fight against terrorism were marginal, while the privacy and data security consequences were large and lasting. Further, we learned that because there was little transparency in the deliberations, people lost trust in public institutions.
Today, we have an opportunity to learn from the past and make smart decisions that can both accelerate "reopening" society and also enhance our civil liberties and the public trust. Surveillance sentinel systems and contact tracing will be mission-critical for a sustainable solution to COVID-19, but they must not evoke fears of "1984" or "The Minority Report," much less "Citizenfour."
Data privacy must be a foundational and transparent component of our response to COVID-19. We must lead the world in innovative strategies that enhance both safety and trust. The solution demands giving the American public actual technical control over their data so that people don't have to rely on the promises of technology companies or the government for how they will use (and reuse) personal data.
The good news is that recent technology advances make possible near-instant contact tracing in a way that protects privacy and enhances actionable intelligence. We have the capability today to create an open, interoperable and encrypted data-sharing and surveillance platform that empowers each of us to be a sentinel — to share our most sensitive data for both individual and societal benefit, while at the same time knowing that we can ultimately control the scope and timespan of usage of our own data. I know this because I run a company that makes such a platform, but our tools are open-source and they and other open-source offerings can be used for free by governments and any of the emerging contact tracing efforts (e.g., the World Health Organization, MIT and scores of regional initiatives).
In February, Secretary of Health and Human Services Alex Azar called for "a completely different kind of health care system: where you, as the patient, are at the center and in control, with seamless access to the data you need to make decisions." This vision could not be more urgent, and I call on the White House immediately to convene the CDC, CMS and our country's leading epidemiologists, technologists and privacy experts to develop an open, secure data-sharing and surveillance framework that actually puts the public at the center of control.
In so doing, we can regain the moral authority lost after 9/11 and help lead the world out of this crisis and prevent the next. Privacy is a human right, grounded in trust, and there is no sustainable solution to COVID-19 without it. Today, only 35% of Americans are comfortable with sharing data with government to fight the virus. This makes sense, particularly given the continuing, daily examples of corporate and government data leaks, misuse and abuse.
That's why we must move quickly and aggressively to adopt open and interoperable surveillance platforms that verifiably demonstrate that data is used only for its intended purpose and that give individuals the power to approve or revoke access to their sensitive information at any time. With smart technology and policy decisions now, we will have the confidence to freely share our most sensitive data for the common good, reopen our economy more quickly, and get back to the life and freedoms that make us Americans.