Governments across the world are galvanizing every surveillance tool at their disposal to help stem the spread of the novel coronavirus.
Countries have been quick to use the one tool almost all of us carry with us — our smartphones.
A new live index of ramped up security measures by Top10VPN details the countries which have already brought in measures to track the phones of coronavirus patients, ranging from anonymized aggregated data to monitor the movement of people more generally, to the tracking of individual suspected patients and their contacts, known as “contact tracing.”
Other countries are likely to follow suit. The US Senate’s trillion economic stimulus bill includes 0 million for the CDC to launch a new “surveillance and data collection system” to monitor the spread of the virus, though it’s not yet clear exactly how this system will work.
Samuel Woodhams, Top10VPN’s Digital Rights Lead who compiled the index, warned that the world could slide into permanently increased surveillance.
“Without adequate tracking, there is a danger that these new, often highly invasive, measures will become the norm around the world,” he told Business Insider. “Although some may appear entirely legitimate, many pose a risk to citizens’ right to privacy and freedom of expression.
“Given how quickly things are changing, documenting the new measures is the first step to challenging potential overreach, providing scrutiny and holding corporations and governments to account.”
While some countries will cap their new emergency measures, otherwise may retain the powers for future use. “There is a risk that many of these new capabilities will continue to be used following the outbreak,” said Woodhams. “This is particularly significant as many of the new measures have avoided public and political scrutiny and do not include sunset clauses.”
Here’s a breakdown of which countries have started tracking phone data, with varying degrees of invasiveness:
South Korea gives out detailed information about patients’ whereabouts
South Korea has gone a step further than other countries, tracking individuals’ phones and creating a publicly available map to allow other citizens to check whether they may have crossed paths with any coronavirus patients.
The tracking data that goes into the map isn’t limited to mobile phone data, credit card records and even face-to-face interviews with patients are being used to build a retroactive map of where they’ve been.
Not only is the map there for citizens to check, but the South Korean government is using it to proactively send regional text messages warning people they may have come into contact with someone carrying the virus.
The location given can be extremely specific, the Washington Post reported a text went out that said an infected person had been at the “Magic Coin Karaoke in Jayang-dong at midnight on Feb. 20.”
Some texts give out more personal information however. A text reported by The Guardian read: “A woman in her 60s has just tested positive. Click on the link for the places she visited before she was hospitalised.”
The director of the Korea Centers for Disease Control and Prevention, Jeong Eun-kyeong, acknowledged that the site infringes on civil liberties, saying: “It is true that public interests tend to be emphasized more than human rights of individuals when dealing with diseases that can infect others.”
The map is already interfering with civil liberties, as a South Korean woman told the Washington Post that she had stopped attending a bar popular with lesbians for fear of being outed. “If I unknowingly contract the virus… that record will be released to the whole country,” she said.
The system is also throwing up other unexpected challenges. The Guardian reported that one man claiming to be infected threatened various restaurants saying he would visit and hurt their custom unless they gave him money to stay away.
Iran asked citizens to download an invasive app
Vice reported that Iran’s government endorsed a coronavirus diagnosis app that collected users’ real-time location data.
On March 3, a message went out to millions of Iranian citizens telling them to install the app, called AC19, before going to a hospital or health center.
The app claimed to be able to diagnose the user with coronavirus by asking a series of yes or no questions. The app has since been removed from the Google Play store.
Israel passed new laws to spy on its citizens
As part of a broad set of new surveillance measures approved by Prime Minister Benjamin Netanyahu on March 17, Israel’s Security Agency will no longer have to obtain a court order to track individuals’ phones. The new law also stipulates all data collected must be deleted after 30 days.
Netanyahu described the new security measures as “invasive” in an address to the nation.
“We’ll deploy measures we’ve only previously deployed against terrorists. Some of these will be invasive and infringe on the privacy of those affected. We must adopt a new routine,” said Netanyahu.
Singapore has an app which can trace people within 2 meters of infected patients
Singapore’s Government Technology Agency and the Ministry of Health developed an app for contact tracing called TraceTogether which launched on March 20.
Per the Straits Times, the app is used: “to identify people who have been in close proximity — within 2m for at least 30 minutes — to coronavirus patients using wireless Bluetooth technology.”
“No geolocation data or other personal data is collected,” TraceTogether said in an explanatory video.
Taiwan can tell when quarantined people have left the house
Taiwan has activated what it calls an “electronic fence,” which tracks mobile phone data and alerts authorities when someone who is supposed to be quarantined at home is leaving the house.
“The goal is to stop people from running around and spreading the infection,” said Jyan Hong-wei, head of Taiwan’s Department of Cyber Security. Jyan added that local authorities and police should be able to respond to anyone who triggers an alert within 15 minutes.
Even having your phone turned off seems to be enough to warrant a police visit. An American student living in Taiwan wrote in a BBC article that he was visited by two police officers at 8:15 a.m. because his phone had run out of battery at 7:30 a.m. and the government had briefly lost track of him. The student was in quarantine at the time because he had arrived in Taiwan from Europe.
Austria is using anonymized data to map people’s movements
On March 17 Austria’s biggest telecoms network operator Telekom Austria AG announced it was sharing anonymized location data with the government.
The technology being used was developed by a spin-off startup out of the University of Graz, and Telekom Austria said it is usually used to measure footfall in popular tourist sites.
Woodhams told Business Insider that while collecting aggregated data sets is less invasive than other measures, how that data could be used in future should still be cause for concern.
“Much of the data may remain at risk from re-identification, and it still provides governments with the ability to track the movement of large groups of its citizens,” said Woodhams.
Poland is making people send selfies to prove they’re quarantining correctly
On March 20 the Polish government announced the release of a new app called “Home Quarantine.” The point of the app is to make sure people who are supposed to be quarantining themselves for 14 days stay in place.
To use the app first you have to register a selfie, it then sends periodic requests for geo-located selfies. If the user fails to comply within 20 minutes, the police will be alerted.
“People in quarantine have a choice: either receive unexpected visits from the police, or download this app,” a spokesman for Poland’s Digital Ministry said.
The Polish government is automatically generating accounts for suspected quarantine patients, including people returning from abroad.
Belgium is using anonymized data from telcos
The Belgian government gave the go-ahead on March 11 to start using anonymized data from local telecom companies.
Germany is modeling how people are moving around
Deutsche Telekom announced on March 18 it would be sharing data with the Robert Koch Institute (Germany’s version of the CDC).
“With this we can model how people are moving around nationwide, on a state level, and even on a community level,” a spokesperson for Deutsche Telekom told Die Welt.
Italy has created movement maps
Italy, which has been particularly hard-hit by the coronavirus outbreak, has also signed a deal with telecoms operators to collect anonymized location data.
As of March 18 Italy had charged 40,000 of its citizens with violating its lockdown laws, per The Guardian.
The UK isn’t tracking yet but is considering it
While nothing official has been announced yet, the UK is in talks with major telecoms providers including O2 and EE to provide large sets of anonymized data.
Google has also indicated it is taking part in discussions.
Like other European democracies, the UK doesn’t seem to be exploring the more invasive method of contact tracing. However, it is considering using aggregated data to track the wider pattern of people’s movements.