Using Emergency Powers to Track the Infected in US
joker44
In the wind
"Emergency Surveillance During COVID-19 Crisis: I believe pressure will increase to leverage existing corporate surveillance infrastructure for these purposes in the US and other countries. With that in mind, the EFF has some good thinking on how to balance public safety with civil liberties[...]
Thus, any data collection and digital monitoring of potential carriers of COVID-19 should take into consideration and commit to these principles [ per Electronic Freedom Foundation ]:
Privacy intrusions must be necessary and proportionate. A program that collects, en masse, identifiable information about people must be scientifically justified and deemed necessary by public health experts for the purpose of containment. And that data processing must be proportionate to the need. For example, maintenance of 10 years of travel history of all people would not be proportionate to the need to contain a disease like COVID-19, which has a two-week incubation period.
Data collection based on science, not bias. Given the global scope of communicable diseases, there is historical precedent for improper government containment efforts driven by bias based on nationality, ethnicity, religion, and race -- rather than facts about a particular individual's actual likelihood of contracting the virus, such as their travel history or contact with potentially infected people. Today, we must ensure that any automated data systems used to contain COVID-19 do not erroneously identify members of specific demographic groups as particularly susceptible to infection.
Expiration. As in other major emergencies in the past, there is a hazard that the data surveillance infrastructure we build to contain COVID-19 may long outlive the crisis it was intended to address. The government and its corporate cooperators must roll back any invasive programs created in the name of public health after crisis has been contained.
Transparency. Any government use of "big data" to track virus spread must be clearly and quickly explained to the public. This includes publication of detailed information about the information being gathered, the retention period for the information, the tools used to process that information, the ways these tools guide public health decisions, and whether these tools have had any positive or negative outcomes.
Due Process. If the government seeks to limit a person's rights based on this "big data" surveillance (for example, to quarantine them based on the system's conclusions about their relationships or travel), then the person must have the opportunity to timely and fairly challenge these conclusions and limits."
Got something to say?
Start your own discussion
3 comments
https://twit.tv/shows/security-now/episo…
"A despicable attack on encryption
It surely does appear that our government, embodied by crypto-naive politicians, is, one way or
another, going to figure out how to break into the encryption-protected assets of American
citizens.
The most recent effort, dubbed the “EARN IT” act is almost despicable. First of all “EARN IT” is
the most tortured abbreviation we've encountered in some time. It stands for: “Eliminating
Abusive and Rampant Neglect of Interactive Technologies.”
So, get a load of this. What is it that strong data encrypting companies would be “earning”? The
legislation proposes to strip the protection provided by section 230 of the Communications
Decency Act from certain apps and companies which would then hold them responsible for user-
uploaded content... unless they provide a means for “lawful access” to their encryption-
protected content.
In other words, the legal protections that currently serve to hold all of our online social media
companies harmless for whatever their users post, would now need to be “earned” by allowing
law enforcement to have access.
Sadly, EARN IT is a bipartisan effort, having been introduced by (no surprise) anti-encryption
crusader Lindsey Graham, Richard Blumenthal and other legislators who continually use the
specter of online child exploitation to argue for the weakening of encryption.
Remember that we discussed this back in December 2019: While grilling Facebook and Apple,
Lindsey threatened to regulate encryption unless the companies give law enforcement access to
encrypted user data while pointing to child abuse.
Graham said to the assembled tech-company heads:
“You’re going to find a way to do this or we’re going to go do it for you. We’re not going to
live in a world where a bunch of child abusers have a safe haven to practice their craft. Period.
End of discussion.”
The EFF notes that one of the problems with the EARN IT bill, among many, is that the proposed
legislation “offers no meaningful solutions” to the problem of child exploitation. They wrote:
"It doesn’t help organizations that support victims. It doesn’t equip law enforcement agencies
with resources to investigate claims of child exploitation or training in how to use online
platforms to catch perpetrators. Rather, the bill’s authors have shrewdly used defending children
as the pretense for an attack on our free speech and security online."
If passed, the legislation will create a “National Commission on Online Child Sexual Exploitation
Prevention” tasked with developing “best practices” for owners of Internet platforms to “prevent,
reduce, and respond” to child exploitation online. But, as the EFF maintains, “Best practices”
would essentially translate into legal requirements:
"If a platform failed to adhere to them, it would lose essential legal protections for free
speech."
It turns out that the “best practices” approach arose from pushback over the bill’s predicted
effects on privacy and free speech – pushback that caused its authors to roll out the new
structure. The best practices would be subject to approval or veto by the Attorney General
(currently William Barr, who has himself already issued a public call for backdoors), the
Secretary of Homeland Security (ditto), and the Chair of the Federal Trade Commission (FTC).
CNET talked to Lindsey Barrett, a staff attorney at Georgetown Law’s Institute for Public
Representation Communications and Technology Clinic who said that the way that the bill is
structured is a clear indication that it’s meant to target encryption:
"When you’re talking about a bill that is structured for the attorney general to give his opinion
and have decisive influence over what the best practices are, it does not take a rocket scientist
to concur that this is designed to target encryption."
If the bill passes, the choice for tech companies comes down to either weakening their own
encryption and endangering the privacy and security of all their users, or foregoing Section 230
protections and potentially facing liability in a wave of lawsuits.
A senior legislative counsel for the American Civil Liberties Union, said:
"The removal of Section 230 liability essentially makes the ‘best practices’ a requirement. The
cost of doing business without those immunities is too high."