Public Surveillance to Keep Us Healthy and Protect Our Privacy

If the Black Death in 1348 and the Spanish Flu in 1918 accelerated existing but nascent societal trends, what developments will the Covid-19 pandemic jump-start? While some developments will be revealed only retrospectively, one is immediately manifest: public health requirements will force us to decide just how much technology-fueled surveillance we really want.

Pending an effective vaccine or cure for the new disease, it is inescapable that we will need at scale and speed at least two tools we do not currently have: (1) contact tracing, to track the interactions of infected individuals so as to reduce the spread of the disease, and (2) testing, to determine who is currently infected as well as who has been infected (and presumably has some immunity). This will require gathering information about individuals on a massive scale, analyzing the enormous amounts of data with the help of artificial intelligence, and reporting the results. 

The anodyne approach is to call these activities public health monitoring, but from the vantagepoint of someone who dealt every day with technology-enabled surveillance issues, it is crucial that we recognize it as surveillance, in order to not shy away from important policy questions. In any case, we would use surveillance to achieve actual public health outcomes—ranging from simply alerting someone that they were in contact with a disease carrier to reallocating ventilators and personal protective equipment to anticipated virus hot spots. It is by no means clear, however, that our society will embrace the full potential that current technology has to offer.

Some Asian countries, with different cultures and government models, have been the most willing to utilize surveillance tools in aid of controlling the epidemic, but even Europe, with its strong privacy laws, has turned to technology to track individuals. Singapore does contact tracing through a government-sponsored smartphone app called TraceTogether; South Korea and Taiwan have aggressively monitored individual body temperatures in public spaces; parts of Italy are using phone geolocation data to track individual movements; and Germany and the United Kingdom are actively discussing the use of individual “immunity certificates” to determine who can go back to work. But the leader in relying on technology to make public health decisions in the pandemic is, not surprisingly, China, which (through an Alibaba affiliate) is assigning red, yellow, or green codes to its citizens, barring or entitling them to use public transportation or resume work, depending on whether they test positive or negative for Covid-19. 

Meanwhile, here in the United States, we are struggling with shortages of everything from testing kits to medical gear. But even belatedly, if we are to break free from current national stay-at-home rules, virtually every public health expert counsels us to undertake widespread monitoring and tracking coupled with effective utilization of the resulting data to curtail disease spread and to assist hospitals and their professionals. It remains to be seen whether the necessary surveillance will be in the form of cellphone Bluetooth contact tracking apps of the type recently proposed by Google and Apple; collection of resting heart rates from smartwatches and fitness bands (revealing incipient outbreaks of disease); detailed amassing of passengers’ air travel data; satellite-based or cellphone-generated tracking of individual and automobile movements to reveal shopping, commuting, or other patterns; or ubiquitous public testing with results centrally aggregated and analyzed. Technology is currently able to do all this, and more.

The goal here is not to prescribe or predict which types of monitoring and data collection would be best but to outline the challenges that will inevitably confront us and to offer possible solutions. The privacy and efficiency challenges include ensuring there is solid evidence that any surveillance and data analysis are effective, fair, and non-discriminatory, that there is no “mission creep” such that data ends up being used for other purposes, and that it complies with law. Using our decades-old and relatively refined set of principles governing surveillance for national security purposes, here are six interrelated considerations we must keep in mind for a new public health scheme: 

  • The most obvious one of course is determining the scope of collection, which is not so much a function of technology as it is of ascertaining precisely which data will be most effective and available. Ideally, the collection could be narrowly tailored to only that data that will generate the operational outcome needed, for example, telling us who sat within three rows of an infected individual on an airplane. Presumably, to fulfil public health goals, there would be multiple types of collection of data, some of which would be used on a stand-alone basis and some of which would be combined for more powerful individualized analysis. Determining the extent to which anonymized mass data can be cross-analyzed and enriched to reveal individual identities, say, to warn a particular person that they were exposed to a virus carrier, will of course be a fundamental issue to be resolved.
  • Who collects, analyzes, and maintains the data is an equally important issue and one which will in part turn on the type of collection. A threshold question is whether the government or private sector is doing the collecting, and the answer, explored further below, is likely to be both. We might well want Google and Apple to help us with cellphone data, and we might well want government to monitor individual body temperatures at airports. Collection is the easier part to decide since in most cases deciding what we want to surveil will tell us who has the ability to obtain that data. The more difficult question is who conducts the analysis and who keeps the data, and almost surely the answer should not be the collector.
  • Determining who is permitted to have access to the data and what types ofsearches of the database may be allowed will also be critical, to prevent misuse. In the national security context, for example, there are detailed rules allowing some telephone data to be searched by special government analysts for only bona fide security purposes, not for checking up on the calls made by the analyst’s spouse.
  • Getting rid of the data after it has served its original purpose, or perhaps moving it to highly restricted space for archival purposes if truly needed, will be important. Again, to use a national security example, almost all terrorist-related data the NSA collects is required by law to be deleted after a set period of time, in part to minimize the temptation to use it for other purposes.
  • A combination of public reporting and independent oversight will be crucial to inspiring public confidence and trust in whatever surveillance mechanisms are adopted for public health purposes. Transparency will enable the public to understand exactly what is being collected and for what purpose and thus to accept the associated invasion of privacy (however it may be perceived). Oversight similarly instills confidence that the rules are being followed and, in this case, that overzealous efforts will not be made in the name of public health to uncover other information that we are not consciously consenting to revealing about our personal and business lives.
  • Illustrating the interrelationship of all these considerations, the answers to the foregoing factors will enable us to determine what legal restrictions need to be met. Even though the private sector in the aggregate currently collects and analyzes far more data about individuals and businesses than the federal government does, there are relatively few legal restrictions on the private sector in that regard, as the United States does not have baseline national privacy laws—unlike Europe and Japan. Aside from a scattering of state laws, most of the meaningful privacy restrictions operating on Google, Amazon, Facebook, and the like are contractual (through user consent).

By contrast, for the federal government, electronic surveillance is subject to the Fourth Amendment to the Constitution, which in essence requires that the surveillance not be “unreasonable.” Applying a constitutional amendment adopted in 1792 to today’s technology involves considerable intellectual leaps, as was illustrated by the Supreme Court’s most recent pronouncement in this area, in the Carpenter case of 2018, which said that it was unreasonable for government (in the absence of a search warrant) to acquire more than seven days’ worth of cellphone geolocation data on a particular individual. Left unsaid was what other types or durations of surveillance might be reasonable. Suffice it to say that, at least on an anonymized or mass level, the general collection and analysis of data for public health purposes will not run afoul of the Constitution; and even if individual data were involved, it should be possible to construct a constitutionally permissible scheme. A clearly defined statute authorizing government surveillance with appropriate safeguards, especially when balanced against critical public safety needs, will go a long way to assuring constitutional reasonableness.

The resolution of most of these considerations will hinge on what type of data is being collected, and it is thus not possible to supply one answer to address all possibilities. On the other hand, the question of “who” can be preliminarily addressed before we sort out the other details. That question is equally important and will be the deciding factor in how effective the endeavor will be and how much public confidence it will enjoy.

We will need a solution that is seen as effective and legitimate and thus worthy of public compliance and trust. Only government can furnish the needed sense of authority and legitimacy, and yet the private sector clearly has a vital role to play, both in collecting and in offsetting concerns over too much government involvement. Within government, while our spy agencies such as the NSA and CIA have experience in dealing with electronic surveillance, they manifestly should not have (and do not want to have) anything to do with the completely separate public health mission. At most, they, along with entities such as the National Institute of Standards and Technology, might supply technical expertise in narrow channels to whatever entity is chosen to handle the data, assisting in system design and the role of artificial intelligence, for example. While there will be multiple streams of collection and resultant data, to be effective it should be analyzed in one central entity so that information from one source can inform the others, producing better public health decisions. The Centers for Disease Control and Prevention, despite some initial missteps in the pandemic, is well-versed in dealing with large quantities of public health data and thus will continue to have a leading voice. Some broader entity, however, should knit together the public and private roles and help achieve all the disparate goals. 

One such institution might be the universally respected National Academies of Sciences, Engineering and Medicine, which is already active in Covid-19 research. The congressionally chartered umbrella organization, the National Academy of Sciences (NAS), which traces its history to legislation signed by President Lincoln, is not an operating entity of the federal government. Nonetheless, with some limited statutory modifications, it could be in a position to serve as an oversight board of directors or advisers to whatever entity becomes the central operator of the public health monitoring and analytic regime. There will be a temptation to install current members of Congress directly in a supervisory function. But, as in the case of national security surveillance—which instead is directly overseen by the judiciary and various entities in the executive branch—it makes more sense to rely on Congress for general oversight powers.

Another understandable temptation to be resisted as we seek a public health surveillance system is to address public health deficiencies comprehensively. More likely to be successful, however, is specific legislation to deal with the immediate monitoring need. The history of our response to the 9/11 attacks and, more recently, cybersecurity threats, shows us that it is easier to tailor legislation to address specific, current requirements and much more difficult to restructure government, due to turf wars within the executive branch and the dispersal of authority among congressional committees. These are the issues that should be, and undoubtedly will be, grappled with by one or more national commissions, which are better suited to handle these political and policy issues.

We should put politics aside as much as possible, accept an independent entity such as the NAS to play a critical role in overseeing a true public-private partnership, and start to make the smart decisions needed to quickly adopt the type of surveillance needed for our nation’s public health.

Glenn S. Gerstell is a senior adviser (non-resident) with the International Security Program at the Center for Strategic and International Studies in Washington, D.C., and served as the general counsel of the National Security Agency and Central Security Service from 2015 to 2020.

Commentary is produced by the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s).

© 2020 by the Center for Strategic and International Studies. All rights reserved.