At a glance.
- Contact tracing: efficacy and privacy.
- Big Data might remain after the emergency is over.
- Third-party advertising and analytics prove leaky for commercial websites.
- Employee supervision and privacy during telework.
Contact tracing: seeking efficacy without doing violence to privacy.
Using smartphone proximity or location as proxies for humans in contact tracing remains attractive to governments at all levels, the New York Times reports. The US lacks a fully fielded national system, but some states (like North Dakota) have voluntary contact tracing systems in use. Other countries have opted for a mix of centralized and decentralized approaches.In the US the most prevalent approach is represented by the joint Apple-Google exposure notification API, a decentralized and voluntary system that sends no data to a central repository. Britain's NHS is among the government agencies elsewhere working on a centralized system. The decentralized approaches raise fewer privacy issues than do their centralized alternatives. Observers point out the following challenges of delivering a system that works:
- Contact tracing depends upon testing and diagnosis, and on having the results of tests for the virus made available to the system. Testing itself has in most countries been difficult.
- Voluntary systems require a high level of opt-in: most suggest that at least 40% of a population should participate for the system to produce a significant gain in controlling the spread of infection. Singapore, whose population has a reputation for compliance with public health measures, is at 20%. Norway seems to lead, and that country is only at 30%.
- The apps are being written in haste, and it's reasonable to assume that there are unaddressed vulnerabilities in them that hackers could eventually exploit to compromise user privacy.
- The large datasets that would accumulate in the repositories of centralized systems would, many fear, represent an attractive nuisance to government agencies who would find it difficult to resist the temptation to turn them to purposes other than public health.
Big Data may remain, in some form, after its role in contact tracing is over.
Britain's National Health Service, in particular its research arm, NHSX, may, the New Statesman reports, retain the services of Palantir after its role in contact tracing has ended. Palantir has said that its analytical capabilities are one of the more valuable tools available to manage the pandemic. They'll surely have similar utility in organizing healthcare post-pandemic, and the uses publicly being discussed for the big data company certainly sound legitimate, given the usual ceteris paribus clauses about privacy and security. Whether critics will regard this as the sort of "mission creep" many have warned against remains to be seen.
Third-party advertising and analytics prove leaky for commercial websites.
Researcher Zach Edwards of Victory Medium reports finding that many well-known and much-used commercial websites have used third-party advertising and analytical services that proved leaky, disclosing contact information without adequate user consent, and sometime apparently doing so without fully realizing it themselves.
Supervising remote work and the workers who work remotely.
Some organizations are taking fairly intrusive steps to ensure that employees stay on task while they work remotely. The Washington Post writes, "Thousands of companies now use monitoring software to record employees’ Web browsing and active work hours, dispatching the kinds of tools built for corporate offices into workers’ phones, computers and homes. But they have also sought to watch over the workers themselves, mandating always-on webcam rules, scheduling thrice-daily check-ins and inundating workers with not-so-optional company happy hours, game nights and lunchtime chats."
Some of these seem well-intentioned enough: morale-boosters like happy hours and game nights, especially when these are truly voluntary and non-coercive. The keyloggers and always-on webcams, however, seem to be another matter. But even the innocent measures by which companies and their people stay connected trouble some, who see them as further blurring the lines between home and work, between free time and the time you spend on the clock.
Certain forms of work, like those that result in the delivery of a clear, identifiable product, may not require any such supervision at all. But there may be kinds of work where some form of monitoring seems necessary. Are you, for example, working under a time and materials contract? Then managers might become anxious over whether time was actually being entered correctly and honestly.
Still, it seems there ought to be a solution that stops short of the kind of intrusive system the Post describes. And we hesitate to even speculate about the workload involved in actually checking all those webcams and keylogs.