Privacy doesn't have to be sacrificed in order to protect citizens from the coronavirus - it too must be protected
The Ministry of Health’s “Magen” (“Shield”) app tracks individuals’ exposure to identified coronavirus carriers using location data from their mobile phones. As such, it allows us to overcome the foibles of human memory; who among us can remember where we were, and when, and who was around us in the course of the last two weeks? However, the use of such tracking technology by the state raises fears of a “Big Brother” scenario, which can be easily understood.
When installed by a user, the app begins to collect his or her phones location data and compiles a history of its connections to wireless networks. In the future, it is possible that it will also collect data about proximity to other networked devices. These data are stored locally on the user’s phone, and are not passed on to anyone else. On an hourly basis, the app unilaterally downloads anonymous location data of confirmed coronavirus carriers, as updated by the Ministry of Health, and cross-references them on the device itself with the data it has collected about the user’s movements. Users may also choose to remove the app from their phone, at which point all the data that has been collected is deleted.
If the app determines that the user has been exposed to a coronavirus carrier, the user receives a notification offering two options: To record this as an erroneous notification, since they were not in fact present at the exposure location; or else are referred to the Ministry of Health website to receive instructions about self-isolation.
The Magen app is not the only example of its kind being deployed by countries in the worldwide fight against the coronavirus epidemic. It is now widely accepted that the best way to curb the spread of the virus is to isolate anyone exposed to a confirmed coronavirus carrier as quickly as possible. And the easiest and fastest way to accomplish this is by using location data on people’s cell phones.
In South Korea, citizens’ movements are tracked by cross-referencing location data provided by cellular phone companies, and sending individual notifications to the phones of anyone likely to have been in proximity to a coronavirus carrier. These notifications include information about the carrier’s movements in the days prior to being found positive for the virus, though the identity of the carrier is kept confidential. However, the level of detail on the carrier’s movements makes it relatively easy for others to identify them, which has led many South Koreans to be more fearful of their movements being made public, than of the coronavirus itself. In Singapore, the government has released a voluntary app that collects data about the user’s proximity to other devices in an encrypted format that is kept locally on the phone itself, and is only transmitted to the government if an epidemiological investigation becomes necessary.
It is true that about a week after the release of the Magen app, reports of erroneous notifications began coming in, causing confusion and panic among users. These seem to have been the result of errors in the input of data on confirmed coronavirus carriers by the Ministry of Health, and naturally - did not contribute to the public’s trust in the app and to its willingness to use it. However, in terms of the level of privacy protection it provides, the Magen app can serve as evidence of the fact that invasive surveillance is not truly necessary, and that use can be made of sensitive personal information with minimal harm to an individual’s privacy and enabling the individual to maintain control over his or her data. The app’s design reflects the understanding that in order to overcome the coronavirus crisis, we need to secure the full cooperation of the public, and that this can only be accomplished by gaining public trust, based on transparency and on respect for the fundamental right to privacy. For this reason, the app is also garnering interest from other countries, such as Italy, with a view to using the technology in their own coronavirus campaigns.
Magen is proof that, despite the sense of emergency that led to involving the ISA in dealing with the coronavirus epidemic, and in contrast to what technology companies have been telling us for years, privacy is not dead. Indeed, maintaining privacy is essential in order to secure the trust and cooperation of the public in democratic states. This is a conclusion that is worth remembering and applying in normal times as well.
The article was published in the Times of Israel.