Countries have been quick to use the one tool almost all of us carry with us — our smartphones.
A new live index of ramped up security measures by Top10VPN details the countries which have already brought in measures to track the phones of coronavirus patients, ranging from anonymized aggregated data to monitor the movement of people more generally, to the tracking of individual suspected patients and their contacts, known as “contact tracing.”
Other countries are likely to follow suit. The US is reportedly in talks with Facebook and Google to use anonymized location data to track the spread of the disease — although Mark Zuckerberg subsequently denied this. And the UK’s top scientist has endorsed the use of contact tracing.
Samuel Woodhams, Top10VPN’s Digital Rights Lead who compiled the index, warned that the world could slide into permanently increased surveillance.
“Given how quickly things are changing, documenting the new measures is the first step to challenging potential overreach, providing scrutiny and holding corporations and governments to account.”
While some countries will cap their new emergency measures, otherwise may retain the powers for future use. “There is a risk that many of these new capabilities will continue to be used following the outbreak,” said Woodhams. “This is particularly significant as many of the new measures have avoided public and political scrutiny and do not include sunset clauses.”
Here’s a breakdown of which countries have started tracking phone data, with varying degrees of invasiveness:
The tracking data that goes into the map isn’t limited to mobile phone data, credit card records and even face-to-face interviews with patients are being used to build a retroactive map of where they’ve been.
Not only is the map there for citizens to check, but the South Korean government is using it to proactively send regional text messages warning people they may have come into contact with someone carrying the virus.
The location given can be extremely specific, the Washington Post reported a text went out that said an infected person had been at the “Magic Coin Karaoke in Jayang-dong at midnight on Feb. 20.”
Some texts give out more personal information however. A text reported by The Guardian read: “A woman in her 60s has just tested positive. Click on the link for the places she visited before she was hospitalised.”
The director of the Korea Centers for Disease Control and Prevention, Jeong Eun-kyeong, acknowledged that the site infringes on civil liberties, saying: “It is true that public interests tend to be emphasized more than human rights of individuals when dealing with diseases that can infect others.”
The map is already interfering with civil liberties, as a South Korean woman told the Washington Post that she had stopped attending a bar popular with lesbians for fear of being outed. “If I unknowingly contract the virus… that record will be released to the whole country,” she said.
The system is also throwing up other unexpected challenges. The Guardian reported that one man claiming to be infected threatened various restaurants saying he would visit and hurt their custom unless they gave him money to stay away.
Vice reported that Iran’s government endorsed a coronavirus diagnosis app that collected users’ real-time location data.
On March 3, a message went out to millions of Iranian citizens telling them to install the app, called AC19, before going to a hospital or health center.
The app claimed to be able to diagnose the user with coronavirus by asking a series of yes or no questions. The app has since been removed from the Google Play store.
Israel passed new laws to spy on its citizens
As part of a broad set of new surveillance measures approved by Prime Minister Benjamin Netanyahu on March 17, Israel’s Security Agency will no longer have to obtain a court order to track individuals’ phones. The new law also stipulates all data collected must be deleted after 30 days.
Netanyahu described the new security measures as “invasive” in an address to the nation.
“We’ll deploy measures we’ve only previously deployed against terrorists. Some of these will be invasive and infringe on the privacy of those affected. We must adopt a new routine,” said Netanyahu.
Singapore has an app which can trace people within 2m of infected patients
Singapore’s Government Technology Agency and the Ministry of Health developed an app for contact tracing called TraceTogether which launched on March 20.
Per the Straits Times, the app is used: “to identify people who have been in close proximity — within 2m for at least 30 minutes — to coronavirus patients using wireless Bluetooth technology.”
“No geolocation data or other personal data is collected,” TraceTogether said in an explanatory video.
Taiwan has activated what it calls an “electronic fence,” which tracks mobile phone data and alerts authorities when someone who is supposed to be quarantined at home is leaving the house.
“The goal is to stop people from running around and spreading the infection,” said Jyan Hong-wei, head of Taiwan’s Department of Cyber Security. Jyan added that local authorities and police should be able to respond to anyone who triggers an alert within 15 minutes.
Austria is using anonymized data to map people’s movements
On March 17 Austria’s biggest telecoms network operator Telekom Austria AG announced it was sharing anonymized location data with the government.
The technology being used was developed by a spin-off startup out of the University of Graz, and Telekom Austria said it is usually used to measure footfall in popular tourist sites.
Woodhams told Business Insider that while collecting aggregated data sets is less invasive than other measures, how that data could be used in future should still be cause for concern.
“Much of the data may remain at risk from re-identification, and it still provides governments with the ability to track the movement of large groups of its citizens,” said Woodhams.
Belgium is using anonymized data from telcos
The Belgian government gave the go-ahead on March 11 to start using anonymized data from local telecom companies.
Germany is modeling how people are moving around
Deutsche Telekom announced on March 18 it would be sharing data with the Robert Koch Institute (Germany’s version of the CDC).
“With this we can model how people are moving around nationwide, on a state level, and even on a community level,” a spokesperson for Deutsche Telekom told Die Welt.
Italy has created movement maps
Italy, which has been particularly hard-hit by the coronavirus outbreak, has also signed a deal with telecoms operators to collect anonymized location data.
As of March 18 Italy had charged 40,000 of its citizens with violating its lockdown laws, per The Guardian.
The UK isn’t tracking yet but is considering it
While nothing official has been announced yet, the UK is in talks with major telecoms providers including O2 and EE are in talks to provide large sets of anonymized data.
Like other European democracies, the UK doesn’t seem to be exploring the more invasive method of contact tracing. However, it is considering using aggregated data to track the wider pattern of people’s movements.