Big Tech shouldn’t profit off of the coronavirus

By Pat Donnelly

In a recent briefing on California’s response to the coronavirus pandemic, Gov. Gavin Newsom hinted at “significant modifications to the stay at home order” in the coming weeks. While it remains unclear exactly how state and local authorities will relax the current shelter-in-place restrictions, any efforts to reopen California must include large-scale contact tracing: the identification and tracking of persons infected or exposed to COVID-19. At the same time, we must ensure that any data collected for the purposes of contact tracing will be used only to stop the spread of the virus, not exploited for profit.

The comprehensive monitoring of personal health data has alarmed privacy advocates and opponents of mass government surveillance. Less attention has been paid to an equally troubling development: the acceleration and normalization of an economy in which application users regularly and unconsciously surrender intimate personal information in exchange for access to services.

To be clear, contact tracing is absolutely necessary to ensure the safety of all persons when social distancing measures are eased. But such measures must be accompanied by strong, enforceable legislation: not only to ensure user privacy, but to protect users from the monetization of their health, geolocational, and demographic data.

We should keep a close eye on the use of partnerships between government agencies and for-profit companies to respond to the pandemic. The privatization of government services, regressive tax policies, and skyrocketing tech salaries have concentrated data infrastructure and engineering talent in the hands of wealthy private-sector firms. And with over 99% of mobile applications running on Google’s Android or Apple’s iOS operating systems, it has become impossible to build effective contact tracing software without the support of two of the world’s four richest companies.

The California Governor’s Task Force on Business and Jobs Recovery is a “who’s who” of Silicon Valley billionaires who have profited enormously off of user data, from Apple CEO Tim Cook to Salesforce CEO Marc Benioff to Priscilla Chan, pediatrician and wife of Facebook CEO Mark Zuckerberg. Many of these companies stand to profit heavily from their involvement in the development and deployment of contact tracing software. Apple and Google’s collaboration to build Bluetooth-based “exposure notification” software isn’t simply a charitable gift. It’s an entry into the trillion-dollar healthcare market, a trial run for providing users services in exchange for their private health data.

California isn’t alone in its reliance on partnerships with for-profit companies to deliver contact tracing solutions. Salesforce’s software is being deployed in Massachusetts, New Zealand and Rhode Island. The value of Salesforce stock increased by $2 billion after New York City mayor Bill de Blasio announced that the company will open a call center and use their customer relationship management software to assist the city with identifying persons exposed to Covid-19. New York State, in collaboration with New Jersey and Connecticut, launched a contact tracing program designed and funded by Michael Bloomberg, the billionaire former New York City mayor and Democratic presidential candidate.

Data-driven partnerships between government and the private sector aren’t just an opportunity for companies to profit off of user data. They’re also unjust. Algorithmic solutions tend to exacerbate existing inequalities, concentrating policing in communities with large populations of racial and ethnic minorities, making it increasingly difficult for low-income persons to secure loans, and charging higher insurance premiums for residents of poor neighborhoods. This is a natural consequence of “black box” algorithms that have free rein to discriminate on the basis of race, sex, and other demographic attributes.

Armed with data on Covid-19 infection status, along with the host of other metrics collected by contact tracing applications, insurance and pharmaceutical companies would have the means to raise the cost of healthcare on vulnerable individuals and communities. This isn’t alarmist speculation. The market for “big data in healthcare” was valued at over $14.7 billion in 2018 and is projected to grow to $42.8 billion by 2024.

San Francisco has partnered with Dimagi, a for-profit social enterprise that developed a contact tracing app to monitor persons exposed to the Ebola virus during the 2014-16 outbreak in West Africa. Dimagi’s CommCare software is primarily a data collection and notification system and lacks the precise tracking features of the software currently being developed by Apple and Google.

Just as Apple and Google have affirmed their commitment to user privacy and consent, Dimagi’s Privacy Policy states that the company will “never sell [user data] to advertisers or other third parties.” However, Dimagi does share user information with “trusted third parties” such as Salesforce, as well as with “analytics partners such as Google Analytics” and others.

Yet as Shoshana Zuboff, author of “The Age of Surveillance Capitalism,” writes, privacy safeguards are “all bait and switch without law to make it so.” How far might government authorities go in tracking the spread of cases? For advocates of civil liberties, the nightmare scenario is China, where the data of all exposed persons is shared with the central government, and citizens must scan a code to “prove they’re at low risk” of having the coronavirus in order to access public spaces. 

Taiwan and Poland have used mobile applications to confine quarantined persons in their homes, alerting the police if such persons attempt to leave their property. While the United States has a legacy of pervasive surveillance, it is unlikely that governments here will go as far as China in monitoring and restricting the movements of exposed individuals. The extent to which authorities will provide effective oversight and legal protection for user data is far less certain.

Organizations such as the Electronic Frontier Foundation and the center-left Center for American Progress advocate for user consent, limited scope, security, and transparency in deploying contact tracing applications. While these ideals are admirable, many state and local authorities are ill-equipped or unwilling to legislate or enforce the sorts of constraints necessary to protect user data.

Technological security and privacy safeguards aren’t enough. We need legislation, coupled with effective oversight, to ensure that any data collected to track exposure to Covid-19 is used only for that purpose. If it is necessary to outsource platform and application development to companies in the private sector, we need to guarantee that user data is not monetized or shared with third parties in any way.

But the issues of privacy and data exploitation won’t ultimately be solved by short-term legislative action or even aggressive regulation. These problems are structural, and reflect the specific nature of what Zuboff calls “surveillance capitalism.” The danger of data exploitation will persist as long as email, navigation, and social networking services are provided by private companies for the sole purpose of generating profits through extraction of user data. If we want the economy of internet services to work for its users, an application that uses data to save lives in a secure, private, and non-monetized manner would be a promising place to start.