COVID-19 data collection poses post 9/11 privacy abuse risks: CNAS, DataGovHub panel

Massive data surveillance, warrantless wiretapping, and the weaponization of intelligence agencies against private citizens were all conducted in the name of national security following the 9/11 attacks.

Threats to privacy and civil liberties now loom in the form of a national health crisis where the COVID-19 pandemic response has the potential for abuse and exploitation like those that occurred post 9/11.

On Thursday, the Digital Trade and Data Governance Hub, along with the Center for New American Security (CNAS) held virtual panel discussion to uncover why data has become a national security issue.

“History teaches us that once governments get that power, they’ve got the information, and they will not give it up that easily”

Broad, sweeping data collection is fully underway during the coronavirus pandemic, where big tech companies and governments alike continue to gather sensitive information on private citizens, but the public knows very little about how that data will be used and for how long.

“History teaches us that once governments get that power, they’ve got the information, and they will not give it up that easily,” said Susan Aaronson, Hub Director and Senior Fellow at the Centre for International Governance Innovation.

In the post 9/11 era, surveillance laws were enacted that gave the NSA sweeping powers to spy on individuals without warrant.

The American Bar Association concluded in 2011, “The most sweeping and technologically advanced surveillance programs ever instituted in this country have operated not within the rule of law, subject to judicial review and political accountability, but outside of it, subject only to voluntary limitations and political expedience.”

What are some of the privacy lessons we can learn from post 9/11 data governance in order to apply them to the current COVID-19 health crisis?

“One of the biggest lessons from the reaction to some of the post 9/11 surveillance activities was the lack of transparency about what the law was authorizing”

“I want to speak to a lesson from the post 9/11 surveillance framework,” said Carrie Cordero, Robert M. Gates Senior Fellow and General Counsel at CNAS.

“From a legislative and a governance perspective, for me, one of the biggest lessons from the reaction to some of the post 9/11 surveillance activities was the lack of transparency about what the law was authorizing.

“If we talk about the phone records program with the counterterrorism phone records — those activities, even though they were briefed to certain members of Congress  — the way that the law was being interpreted and used was not widely understood even amongst people who would consider themselves policy and legal experts in the broader academic and outside advocacy communities.

“I think legal authorities were being used in a way that were not transparent even amongst experts, and certainly not transparent to the public.”

The governance of data collection in response to COVID-19 needs to be transparent not just for policymakers, but for the general public as well, so all of society can be informed to make democratic decisions on what happens to their data.

At present, big tech companies like Google and governments like the Chinese Communist Party are tracking where citizens are going during the pandemic by analyzing location data from people’s mobile phones, but the public knows very little about how their information could be exploited.

“The more data that you have, the more likely you are to use it”

While Google’s Community Mobility Reports say their tracking data is anonymous, the Chinese government is using location data as a surveillance tool through a color coded app that determines whether or not a person can leave their home, all the while tracking their every move.

Speaking from her “policing background,” Colonel Sarah Albrycht, Senior Military Fellow at CNAS, told the panel, “The more data that you have, the more likely you are to use it.”

Even so-called anonymous data collection, like Google’s, can be twisted and exploited to serve special interests.

“When it comes to surveillance you have to think about what you’re actually collecting and from whom,” Albrycht added.

“If it’s an opt-in program, if it’s a ‘where are the hotspots‘ program, whose data is being collected, and is there an inherent bias being collected with that data?” she asked.

The lack of transparency in data collection is a major reason why privacy advocates are pushing for data privacy legislation now, especially in the wake of coronavirus.

“How are we putting a framework around this data? How long will it be kept? What will it be used for?” added Albrycht.

Absolute power corrupts absolutely, as they say, and big data presents a powerful temptation for those who wield it, be they companies or governments.

These data collection technologies give those that control them the power to do good or to behave nefariously under the cover of secrecy.

Cordero went on to say, “Where I think we’ll run into trouble, and where there will then be a backlash is if these technologies are used, and all of a sudden the incredible breadth of data that is available on citizens’ mobile devices — if that information is being provided to government entities that citizens are not aware of — if their private health information […] is being extracted without their knowledge, and without them actually understanding it — that for me is the larger governance lesson from that prior [post 9/11] era.”

The panelists concerns of privacy during the COVID-19 pandemic are backed by the enormous evidence of abuse perpetrated on the public following the attacks on 9/11.

Their words echo those of witnesses who testified last week in a Senate “Paper Hearing” where they revealed the privacy risks involved with using data to identify, track, and police individuals; the sharing of sensitive health data between companies; and how governments, businesses, and organizations can exploit the data once the pandemic is over.