The Coronavirus and the Surveillance State
Tech companies can track us and hand our data over to the government. It’s time to think seriously about better privacy protections.
For years now, epidemiologists have been working with tech companies to track infectious diseases using big data. Instead of laboriously analyzing health care providers’ weekly reports of symptoms and probable cases, researchers have increasingly used Internet usage data to identify and map new cases and predict the spread of disease. The use of personal data for this purpose raises important privacy questions, to be sure, but in the wake of the coronavirus outbreak, it’s fair to wonder whether the federal government is maximizing its access to data technology to stem widespread contagion and death.
As of this writing, eighteen countries across the globe—including European democracies like Germany and Austria—are using some form of digital tracking to get on top of the coronavirus. In their most modest forms, programs have ranged from using apps to identify people who have been exposed to infected individuals (e.g., Singapore and India); to using phone records, CCTV feeds, credit card transactions, and GPS systems to trace COVID-19 patients’ contacts (e.g., Poland and South Korea). Some countries are imposing fines and prison time for violating quarantine orders (e.g., Hong Kong). Italy has reportedly employed “an aggregated and anonymous heat map” to trace population movements in Lombardy. In some countries, governments have gone even further—adopting physical surveillance measures like facial-recognition cameras or surveillance drones (e.g., Belgium, Spain, Russia, and China), or censoring parties for publicizing false or misleading information on the Internet (e.g., Singapore, Iran, and Egypt).
Of course, none of these countries is bound by the U.S. Constitution, with its Bill of Rights protections from government intrusion on individual rights—including freedom of assembly (First Amendment), freedom from unreasonable searches and seizures (Fourth Amendment), and liberty of movement (Due Process Clauses of the Fifth and Fourteenth Amendments).
Does the Constitution prohibit the U.S. government from similarly harnessing big data in the fight against COVID-19? Maybe, but maybe not.
In the midst of a smallpox outbreak, the Supreme Court in 1905 indicated that the government can impose a mandatory vaccination law so long is it’s not “arbitrary, unreasonable,” or “beyond what is reasonably required for the safety of the public.” Similarly, in deciding the scope of First Amendment protections, the Supreme Court routinely employs cost-benefit analyses that account for the relative social costs and advantages of restrictions. The court has also required that the government “narrowly tailor” restrictions to achieve legitimate objectives. Likewise, the amount of due process an individual gets before the government can take away liberty or property can depend on the importance or urgency of the government’s countervailing interests, which courts must balance.
As for the Fourth Amendment, the critical wrinkle is that most big data is under the control of private companies rather than government agencies. With rare exceptions, the Constitution only curbs the government’s actions—not those of private parties. If a police officer barges into a home without a warrant, that’s an unconstitutional search, and the homeowner can go to court to seek an injunction or even money damages to compensate for that violation of an individual right guaranteed under the Constitution. But if the homeowner willingly invites a police officer into a home and consents to a look-around, the Fourth Amendment doesn’t apply. That person effectively waives his constitutional right to be free of an unwarranted police search.
When we click and swipe and post and tweet, we are willingly giving our personal data to Google or Facebook or Twitter—which, as private companies, are generally not bound by the Constitution’s restrictions. And unlike a police officer physically rifling through closets and drawers, the availability of big data makes surveillance possible through application of mathematical algorithms to many bits of information that are already swirling in cyberspace, untethered to a particular narrative. Rather than wiretap a home or follow a suspect around in a police cruiser, therefore, private companies—and, through the use of private data available for purchase from data aggregators, the government—can obtain a dossier of comprehensive personal information about an individual without a warrant or antiquated listening devices that only government could once use. Because that individual’s online personal data was willingly given to private companies, no Fourth Amendment protection attaches (or at least the Supreme Court hasn’t held so to date).
It is difficult in this moment of global anxiety and fear to identify silver linings. But if the COVID-19 pandemic focuses public attention on the privacy threats posed by big data surveillance—and the lack of unequivocal constitutional protections from government abuse of personal data—that may be a hint of silver in the gloom. As with many serious national issues predating the coronavirus, fixing this problem requires a functioning Congress, which has been in scarce supply for some time. But as the coronavirus spreads and the government inevitably takes steps to protect public health at the expense of individual constitutional rights, Congress might finally be forced do something about the dangers of virtually unregulated big data surveillance.