CS Nov-Dec 2020
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
contact tracing<br />
smartphones in mind: These users can print<br />
out a personal QR code to be scanned by<br />
restaurants and other places they visit.<br />
KEEPING WATCH<br />
Human Rights Watch is equally concerned<br />
about proposals for the use of mobile<br />
location data in the Covid-19 response,<br />
because the data usually contains sensitive<br />
and revealing insights about people's<br />
identity, location, behaviour, associations<br />
and activities. Indeed, mobile location data<br />
programs to combat Covid-19 may not<br />
be scientifically necessary and could lead<br />
to human rights abuses, if they are not<br />
equipped with effective safeguards to<br />
protect privacy. The long history of<br />
emergency actions, such as surveillance<br />
measures put in place to counter terrorism,<br />
shows that they often go too far, fail to<br />
have their desired effect and, once approved,<br />
often outlast their justification, according to<br />
the international watchdog body.<br />
Contact tracing’s goal is, of course, to<br />
interrupt transmission by rapidly identifying<br />
individuals who have been in close contact<br />
of someone who is infected, defined by the<br />
United States Centers for Disease Control<br />
and Prevention (CDC) as within six feet of<br />
someone for approximately 10 or more<br />
minutes. The idea is to encourage such<br />
individuals to isolate themselves from others,<br />
and seek testing and treatment.<br />
Because the coronavirus is primarily<br />
transmitted through person-to-person<br />
contact via respiratory droplets when an<br />
infected person coughs, sneezes or talks,<br />
mobile location data has been advocated in<br />
many quarters as an essential method to<br />
identify potentially exposed individuals.<br />
Companies and governments are also<br />
examining location data in aggregate form<br />
to better understand general patterns of<br />
people's movements and behaviours, and<br />
how these have changed over time. Such<br />
analysis aims to forecast how the virus might<br />
be spreading and the effectiveness of public<br />
health interventions, particularly social<br />
distancing measures, and identify ways to<br />
better allocate testing and medical resources.<br />
RIGHTS & FREEDOMS<br />
Even in times of emergency, when States<br />
restrict human rights for public health<br />
reasons, international human rights law says<br />
that measures taken that limit people's rights<br />
and freedoms must be lawful, necessary and<br />
proportionate. States of emergency need to<br />
be limited in duration and any curtailment<br />
of rights needs to take into consideration<br />
the disproportionate impact on specific<br />
populations or marginalised groups.<br />
These rules apply to efforts to track and<br />
manage Covid-19 using mobile location<br />
data. The collection and analysis of<br />
such data could reveal users' identities,<br />
movements, and associations in a manner<br />
that interferes with the right to privacy.<br />
Article 17 of the International Covenant on<br />
Civil and Political Rights (ICCPR), which is<br />
derived from Article 12 of the Universal<br />
<strong>Dec</strong>laration of Human Rights (UDHR),<br />
establishes "the protection of the law"<br />
against "arbitrary or unlawful interference"<br />
with an individual's "privacy, family, home,<br />
or correspondence." The United Nations<br />
Human Rights Committee has found that<br />
restrictions on the right to privacy must take<br />
place only "in cases envisaged by the law."<br />
Restrictions must also be "proportionate to<br />
the end sought, and ... necessary in the<br />
circumstances of any given case".<br />
In the EU, eight major telcos agreed earlier<br />
this year to share anonymised metadata with<br />
the EC for modelling and predicting the<br />
propagation of the coronavirus. An official<br />
from the commission advised that the data<br />
would be aggregated and anonymised, and<br />
that the commission will delete it when the<br />
pandemic is over. However, and worryingly,<br />
the European Data Protection Supervisor<br />
has previously warned about the possibility<br />
of such measures becoming permanent.<br />
24<br />
computing security <strong>Nov</strong>/<strong>Dec</strong> <strong>2020</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk