As the country scrambles to control the rapidly spreading coronavirus, government agencies are putting in place or considering a range of tracking and surveillance technologies that test the limits of personal privacy.
The technologies include everything from geolocation tracking that can monitor the locations of people through their phones to facial-recognition systems that can analyze photos to determine who might have come into contact with individuals who later tested positive for the virus, according to people familiar with the matter.
Data-mining firm Palantir Inc., which was credited with helping to find Osama bin Laden, is working with the Centers for Disease Control and Prevention to model the virus outbreak. Other companies that scrape public social-media data have contracts in place with the agency and the National Institutes of Health, documents show.
The push is in part being coordinated by a task force working in conjunction with the White House, and includes startups as well as tech giants such as Alphabet Inc.’s Google unit, Facebook Inc. and Amazon.com Inc. The task-force discussions involving the White House and tech companies were reported by The Wall Street Journal on Sunday.
Other efforts are more grass-roots, with tech companies pitching state agencies and governments.
Tech and government officials are struggling to find a balance between deploying technology and keeping patients’ data—particularly medical information—safe. Some privacy advocates worry that little has been disclosed about what is being planned or implemented.
Technology executives spent much of an hour-long call Sunday discussing ways to track hospital-bed availability across the country using geolocation data, but also how the data could be aggregated so that personal information of cellphone users wouldn’t be shared, according to people familiar with the call. It isn’t clear which companies would handle that kind of tracking.
Other countries have already deployed location-tracking systems and other tech solutions to fighting the pandemic, but many such efforts could run afoul of U.S. privacy laws.
In China, telecommunications companies helped the government track and contact people who had traveled through Hubei province during the early days of the virus. Location data was funneled to China’s National Health Commission and other agencies, allowing them to re-create the steps of virus carriers and people that they may have encountered and issue warnings via social media.
As part of the task-force discussions, Facebook and Google are exploring ways to use data to help the U.S. government track outbreaks of the disease, according to a person familiar with those discussions.
Facebook is already sharing disease-migration maps to help combat the spread of coronavirus, a company spokesman said.
In the U.S., the government could legally request location data from telecom carriers or from Google, which has access to more-precise data belonging to its Android and Google Maps users, said Al Gidari, director of privacy at Stanford Law School. This information can’t typically be released without user consent or a court order, but the government has broader authority to request such data in the event of an emergency, he said. “I don’t think anybody would dispute that this is an emergency,” he said.
White House and CDC representatives didn’t respond to requests seeking comment.
Camber Systems, a Washington, D.C., location-tracking startup founded by former government officials, says on its website that it leverages “data, machine learning and artificial intelligence” to help cities manage transportation and infrastructure. The company is among the firms in talks with the White House, according to people familiar with the matter. The company hopes to work with state and local agencies to use its data.
“If we’re to leverage commercial technology to save lives, how do we put in the policy framework so we’re not South Korea or China or Israel?” said Ian Allen, Camber’s chief executive, in an interview.
Sen. Ron Wyden, a Democrat from Oregon, is among the lawmakers who is investigating this activity. In a statement, Sen. Wyden said the efforts are sensible as long as the appropriate conditions are in place. “There must be procedures to keep this information safe, to delete information once it’s no longer in use, and to ensure it isn’t used against Americans by law enforcement,” he said.
Some privacy advocates worry that the crisis of the moment could create a new paradigm.
“We understand that given we are in this crisis, that some temporary adjustment of our digital liberties may be necessary, however it’s really important that those adjustments be temporary,” said Adam Schwartz, a senior lawyer at the Electronic Frontier Foundation, an advocacy organization for civil liberties and technology. It is crucial, he added, for governments to be transparent about the technology they are using and to put safeguards for consumers in place.
Clearview A.I. Inc., a facial-recognition startup that has sparked controversy among privacy advocates over its use by police departments, is in discussions with state agencies about using its technology to track patients infected by the coronavirus, according to people familiar with the matter.
The technology has yet to be adopted by any agency, but the New York-based company hopes it will be helpful in what’s known as “contact tracing”—figuring out who else might have been with a person known to have the virus.
Palantir is working with the CDC on data collection and data integration related to disease tracking, according to a person familiar with the company,
During the cholera outbreak in Haiti in 2010, the CDC used Palantir to “monitor the situation and inform their response efforts,” according to a white paper later published by Palantir. The company’s technology allowed government analysts to “explore text messages” between Haitians and a text platform built by an outside technology company.
The company said it is making privacy a priority.
“Data-driven responses to the Covid-19 pandemic must treat good data governance, including privacy and civil-liberties protections, as guiding concentrations along with the mission objectives, not as afterthoughts,” says Courtney Bowman, head of Palantir’s Global Privacy and Civil Liberties Engineering team, in a statement.
Crimson Hexagon, now part of Brandwatch, has a $30,000 contract with the CDC that was initiated last fall, according to government records. Crimson provides companies and governments with “social listening” tools, meaning it scrapes public Facebook, Instagram and Twitter posts in part to gauge sentiment.
Before its merger with Brandwatch in 2018, the company ran afoul of Facebook’s privacy policies, and former employees told the Journal at the time they were concerned government agencies used the service for surveillance.
A Brandwatch spokeswoman said the CDC contract encompasses the National Center for Injury Prevention and Control, which uses the company’s technology to “gain an understanding of historical and recent trends in injury prevention topics.”
New York-based K Health Inc. said it is speaking to the CDC about providing aggregated data that would help the agency map where patients in the U.S. are showing the symptoms most indicative of Covid-19, including shortness of breath, fever and cough. The company gathers such data because it offers a chat function powered by artificial intelligence to suggest potential diagnoses for consumers who enter symptoms and other information. The company already offers a version of its map publicly.
“This gives you a handful of days’ warning” of where a Covid-19 outbreak may be growing, said Allon Bloch, chief executive of K Health. “It’s a powerful kind of canary-in-the-coal-mine indicator of changes.”