As governments, industry and tech companies scramble to patch together solutions it becomes mission critical to have basics in place before arming a counter response to the pandemic.
These “basics” apply to doctor’s wearing protective gear before rushing in to see a patient or health data security when capturing sensitive personal information.
We (hopefully) learn from mistakes
It is a challenge to make cool and collected decisions when the pandemic is knocking on our doors and threatening our existence. We can only hope to learn from mistakes made during other pandemics, for example, the Spanish Flu of 1918 - when a whistle blast in San Francisco signalled the removal of anti-flu protections and people could return to normal life. People started large gatherings once again and as a result had one of the most devastating months during the pandemic. In 2007, the National Institutes of Health reported that up to 90 percent of deaths could have been avoided if they had kept their anti-flu protections into Spring of 1919.
Source: Getty Images
The missteps during previous pandemics and the lives taken from us should not be in vain.
You read about frontline healthcare workers from certain regions having to help COVID-19 patients without Personal Protective Gear (PPE). It seems inhumane to ask healthcare workers to sit on the sidelines if they do not have PPE.
As Aaron Mishler, a nurse, former Army Medic, and Ebola responder in West Africa in 2014-2015 states:
This powerful statement accurately captures the spirit of a pandemic. We must make steadfast progress and not rush into scenarios that put us in a potentially worse position.
For example, we cannot rush into short term solutions that turn Facebook into the new owner of our health data.
Recently Facebook started symptom tracking. Have we rushed to find the pandemic’s solution with a corporation that historically weaponizes data in political situations? How is the data processed and managed by Facebook? How is Facebook de-identifying this data?
Many countries turned down Facebook’s proposal for Libra, Facebook’s take on digital currency. Are countries in such distress that Facebook’s play on health data is going unseen?
Technology can definitely help us during the pandemic but technology can certainly hurt us in the long term if it is not implemented properly. It is time for Facebook to answer difficult questions based on how their health data collection system is designed and if the system is built using Privacy by Design. Who at Facebook is able to see a user’s symptoms in unencrypted plaintext?
According to the Financial Times, even Facebook’s system of encryption for Whats App has been shown to be compromised.
It is 2020, we have the necessary technology to build systems that have Privacy by Design.
- Give people their encryption keys, encrypt data in transit and storage.
- Use federated data models when possible (especially if there is going to be a geolocation tracking system used for contact tracing).
- Make these tools open
- Use smart contracts where people can revoke the tracing permissions when the pandemic is over.
Google and Apple seem to be making moves in the right direction regarding privacy during the pandemic. Their contact tracing partnership uses anonymous keys every 15 minutes and a smartphone’s bluetooth. The companies claim they won’t have access to the data and it will be held on a remote server. When a person becomes COVID-19 positive they update a “health app” and grant consent to run a query of who they have been in contact with. Although both companies seem to have “good” intent it is unclear what technical guarantees regarding privacy this solution has.
Fortunately, there are a variety of projects such as Private Kit by MIT and the Chaos Computer Club that promote privacy during the pandemic to balance the scale. We need the scale tipped in the favor of privacy and security.
We need to move fast and not break things. People’s lives are at stake and how we respond to the pandemic becomes our new normal.
Much like our world needs protective gear for frontline workers we need health data security for people - otherwise we risk a cyber pandemic of epic proportions with no vaccine.
When this shelter in place is over, I want to walk out of my home feeling more free not less.