In a time of emergency, how much access should governments have to our data? As COVID-19 cases surge across the United States Sun Belt, it may be time to admit that traditional public health measures have, for a variety of reasons, failed. Information generated by smartphones can help stop the spread of COVID-19 and save lives, but much of the debate in the United States about how this would work has focused on the problem of whether we should have more, or less, government.
Americans are scared about encroachments on their data privacy, and rightly so. Prior to 9/11, most advocated limiting the government’s ability to gather and access data in the name of civil liberties. Faced with the threat of terror, however, citizens resigned themselves to encroachments on privacy made in the name of national security. Republican senators have recently gone so far as to introduce legislation to ban data encryption.
Problems of state surveillance are real — especially in times of mass protest — but our political climate makes it difficult to even discuss the issue. The engagement of American corporations and government with privacy questions has been marked by a persistent rhetoric of market freedom. Some critics have offered plans to defend data privacy. These tend to reinscribe the claim that data is a kind of property, for instance, arguing that corporations should simply pay individuals for the use of their data. Focusing on freedom from surveillance has led individuals such as former presidential candidate Andrew Yang to think about privacy as a personal right and data as a kind of property that individuals uniquely possess.
However, the assumption that data is something that pertains to individuals — rather than to a community — can generally lead us astray. Claims that data is private property pose a barrier to seeing how data, collectively owned, could help to protect lives in a time of pandemic. The ideal way of fighting COVID-19, for example, would be to leverage data within a framework of transparency and democracy.
Consider the case of Taiwan.
In mid-April, 200,000 people around the island received an SMS alert from Taiwan Central Epidemic Command Center (CECC) informing them that they had been in contact with someone infected with COVID-19. This was an alarming development: despite the island remaining open, spread of the virus was under control, with fewer than 400 cases and only 6 deaths. Indeed, only days earlier, the lack of any new cases was celebrated on an electronic billboard reading “zero.”
But in mid-April, a Taiwanese Naval defense flotilla returned from a “friendship mission” to Southeast Asia and docked in the southern Naval port in Kaohsiung. From there, 744 sailors spread out across the island via trains and busses, staying in hotels and visiting coffee shops, bars, and restaurants. Of those sailors, 36 were found to be infected.
Although effective, Taiwan’s electronic initiative also demonstrated that the government was privy to everyone’s whereabouts in a way that would strike many observers in Western democracies as ethically wrong and inherently dangerous. Using cellphone data, Taiwan’s CECC mapped the movement of the infected sailors with a timeline of their exact locations. This was cross-referenced against citizens’ cellphone data: if your phone indicated that you were on a train from Kaohsiung to Taipei with one of those sailors, you received an SMS alert from the CECC.
Rather than making ill-informed generalizations about cultural tendencies towards collectivism or authoritarianism, as some observers have proposed, Taiwan’s use of its citizens’ data represents a potentially rich dialogue about personal freedom and the appropriate limits of data use.
In fact, we argue that Taiwan has modeled a public conversation that the United States sorely needs to follow, and that assertions about data as a privately-owned commodity prevent.
Of course, Taiwan’s actions were also legal, in a way that they are not here — at least, for public health campaigns. The government was able to respond quickly and efficiently because specific laws were in place to allow the use of cell-phone data in medical emergencies. The laws date from Taiwan’s encounter with the SARS epidemic in 2003, when its legislature passed a data law authorizing the government to use data, but only to protect an individual or others from harm.
While laws can be vague and subject to manipulation, a relationship of trust developed between the surveilled and the surveillant can mitigate the distrust and conspiracy theories that such a campaign would generate in the United States. In Taiwan, recent forums, public briefings, and direct conversations between the Taiwanese public and government promoted a consensus on what defined a medical emergency and how data collected for emergency purposes could and could not be used.
Concern about state use of data was quickly put to rest with a forceful public information campaign from Taiwan’s government and health officials, who have assuaged skepticism about the possibility of abuse. In short, accountability and transparency have facilitated “trust in each other,” as health minister Chen Shih-chung continues to emphasize. Taiwan’s case proves that it is possible for a government to use data to fight the pandemic and simultaneously manage a conversation about the appropriate scope of data-use within a transparent and democratic framework.
The efforts at democracy and transparency that have been central to Taiwan’s efforts to fight COVID-19 are not unique to the culture of either the island nation or East Asia. Rather, they represent a movement towards greater democracy and collective data ownership that have been visible over the last decade in nations such as Ireland, Iceland, and Britain as well. Taiwan’s recipe of public debate, careful legislation, and widespread information mirrors the ideals held up by contemporary social movements and by nations that have moved towards government transparency and consensus building from below.
Social movements the world over are demanding and winning increased accountability from elected officials and citizen through enhanced engagement with legislation and governance on everything from data to abortion. This has produced astonishing results. In Ireland, a largely Catholic nation, a citizens’ assembly amended the constitution to overturn the government ban on abortion. In France and Iceland, citizen assemblies are now a regular part of government policy-making. In Britain, the environmental movement Extinction Rebellion demanded similar forms of democratic policy-making. Even in West Virginia, Stephen Smith’s gubernatorial campaign is informed and directed by citizen assemblies.
Overall, the United States has lagged on political initiatives that promote either transparency or governance from the grassroots. American standards for transparency on state collection and use of data have been abysmally low since the bipartisan passage of the Homeland Security (Patriot) Act in 2002. Claims that the state was fighting global terrorism created a culture of public acceptance that stifled critical conversation and promoted ignorance about data privacy.
This attitude has, in turn, also furthered cultural apathy about how the main offenders — corporations — deal with data. To a far greater degree than in Taiwan, the European Union, or — most recently — California, corporations in most of America have little accountability to citizens for explaining what data they collect or how they manage it.
The last major movement for government transparency centered around promises made during Obama’s first presidential campaign. These efforts were, however, hastily abandoned early in Obama’s presidency, and the current administration has made no moves to develop transparency plans or articulate what constitutes appropriate uses of data, a failure that has taken on enhanced significance in the face of the current pandemic. Indeed, discussions of data sharing continue to be governed by fears about personal privacy, fear of state surveillance, and the recognition that dangerous legislation could give government access to data under vague conditions and subject to manipulation.
The United States needs a program for the public use of data, supported by institutions and procedures that ensure a public voice in the decision-making process. Taiwan’s experience gets us halfway there but it is premised on something that does not yet exist in the United States: enlightened leaders making a Herculean effort to ensure that the public is involved in, and trusts, the conversation. This must be complemented by a nonpartisan approach that removes the burden of success and criticism from those who happen to hold office at any given time, shored up by privacy laws.
We want to emphasize that one aspect of a safe data policy is good law-making that is consistent with Constitutional precedent. A law akin to Taiwan’s privacy act could confine public access to data to times of emergency and only when the safety of individuals and the public is at stake. In order to avoid abuse and privacy invasion, such a regulation would have to articulate what criteria constitute an emergency to necessitate a data-driven response. A good example is the General Data Protection Regulation, passed by the European Union in 2018, which governs how corporations gather, store, or share data about individuals. For instance, a company holding individual data and violating the privacy of citizens will be fined and required to alert the citizens in question. Although is aimed at corporations, it could be scaled up to address state data collection too.
Creating public debates around such issues allows citizens to articulate principles in a way that can reflect the variety of democratic experiences and personal vulnerabilities around data. Through mechanisms such as citizen assemblies the public can begin to lay out the terms of data collection, access, and use. The public should also engage in a broad discussion about issues such as what government actions constitute abuse of authority and how to navigate hypothetical and real cases such as mobilizing data to target political minorities, punishing opposition leaders or supporters, feeding a political campaign, tilting an election, or gerrymandering voting districts to influence future results.
Through such debates citizens could reach consensus on appropriate regulations to approve or deny governments the power to collect data on their citizens. Debates might also review best practices and standards for anonymizing data. For example, they could implement processes that make it impossible to identify individuals, or set standards that require data used for analysis to be anonymized in advance. Furthermore, citizens might set forth criteria for regulations on data storage and processing that keep pre-anonymized data out of the direct control of the government.
Without a national effort reflecting standards and practices that allow systematic data collection, contact tracing is cumbersome America is fighting an unwinnable war against COVID-19. Piecemeal, local efforts at reopening of the kind pursued in Florida and Texas have led to a resurgence of the virus. Anything less centralized or less data-driven cannot stop the virus. Any scheme less explicit about the limits of the state’s use of data, represents a threat to democracy and personal liberty. Beware of data-free approaches to reopening: as wave of infection follows wave, data-free governance means a potentially unending delay to the nation’s economic recovery.
We have the tools to stop the virus in its tracks: what we need is political will created through an open and lively debate. Such a debate should put first and foremost the question of what kind of data protection will guard the public from abuse of its data, while tracking COVID-19 until its extinction. The standard for public safety has been set by Taiwan, which has remained open throughout the pandemic and is one of the safest places on earth right now.
Jo Guldi is an associate professor of history at Southern Methodist University.
Macabe Keliher is an assistant professor of history at Southern Methodist University.