by Katitza Rodriguez, Svea Windwehr and Seth Schoen
June 15, 2020

from EFF Website

Spanish version

Italian version

 

 

 

 

 

 


In their efforts to contain the spread of the pandemic, governments around the world are rolling out body-worn devices ("wearables") to assist in fighting the virus.

Some governments want a technological silver bullet to solve the public health crisis.

 

But many of the tools aimed at solving problems come with a host of other problems that will undermine the public health goals for which they are adopted, and create new unintended consequences for privacy, association, and freedom of expression.

These electronic devices,

are usually worn on the wrist or ankle.

 

Their use can be mandated by the government or voluntary (although users don't always understand exactly what it is they're being asked to wear).

We might tend to associate the idea of a "wearable" with either a smartwatch or an ankle monitor, but governments are also using wrist-worn "bracelets" for a broad range of different purposes amid the COVID-19 pandemic.

Wearables may use an electronic sensor to collect health information from the wearer (by measuring vital signs) and act as an early warning to identify likely COVID-19 patients before they show any symptoms.

 

They can also be used to detect or log people's proximity to one another (to enforce social distancing) or between a person's bracelet and that person's own mobile phone or a stationary home beacon (to enforce home quarantine).

 

For quarantine enforcement, the devices might also use a GPS receiver to inform authorities of the wearer's location.

 

Some use Bluetooth radio beacons to let authorities confirm when the wearer is within range of a phone that itself is running a contact tracing app (rather than leaving the phone at home and going outside in violation of a health order).

 

And some may be low-tech wristbands that are no more than a piece of paper with a QR code, which authorities may regularly ask the user to photograph with a mobile app (among other uses of photo demands for quarantine enforcement).

Like other technologies deployed for pandemic-related tasks, they vary along several dimensions, including whether they are voluntary and/or under control of the user, and whether they are used to surveil whether a person is doing what the state told them to do, or merely to provide the user with health information to assist the user's decision-making.

Some impose significant privacy risks.

 

And, particularly because of the haste with which they've been deployed, they also vary in terms of their apparent suitability for their purpose.

Here, we will highlight a range of devices that different governments are currently asking or telling people to put on their wrists or ankles to fight the pandemic.

 

 

 

 

Early Warning System to Identify COVID-19 Patients

 

In Liechtenstein, the Principality is financially supporting a medical study called "COVI-GAPP" by the Swiss medical testing firm Labormedizinisches Zentrum Dr. Risch.

 

In this voluntary trial, 2,200 persons (about 5% of tiny Liechtenstein's population) are being given "Ava"-brand bracelets to determine whether these wearables can identify COVID-19 pre-symptomatic cases (i.e. before the patient shows any symptoms).

 

The bracelets, which were supplied by Swiss fertility start-up Ava, are worn at night and record biometric data such as movements, body temperature, blood flow, breath, and pulse rate.

 

The clinical trial will study the biometric data to see whether an algorithm can spot indicators that a person might have developed COVID-19 symptoms - increased temperature, shortness of breath and cough - even before patients notice these themselves.

 

Participation in the clinical trial is voluntary, and the collected data is pseudonymized.

 

The collected data is still subject to Europe's General Data Protection Regulation (GDPR), which applies in Liechtenstein.

As a general rule, the processing of biometric data is strictly prohibited for the purpose of uniquely identifying a person, unless the person gives explicit consent to such processing.

While the study is government-funded, the Principality stated that it does not have access to the research data. 

 

We should be careful not to lose sight of or take shortcuts on data protection principles for biometric data, such as express consent, data minimization, transparency, and security.

 

Personal medical data gathered from wearables and machine learning should be used in a way that patients can understand and agree to, and should be deleted when it is no longer needed.

 

 

 

 

Workplace Monitoring of Social Distancing
 

Many employers are showing interest in making their staff wear electronic bracelets in the workplace, often to mitigate risks by enforcing social distancing rules.

 

The port of Antwerp, Belgium, has started to use wristbands to enforce social distancing rules on the workfloor, requiring a specific minimum distance between any two workers.

 

The wearables, supplied by the Dutch company Rombit, are equipped with Bluetooth and ultra-wideband technology and give off warning signals when workers come within a specified distance from each other. 
 

But enforcing social distancing is not the only functionality of the bracelet:

as the wristbands are Bluetooth-enabled, they also allow for contact tracing, with all personal data collected for that purpose centrally stored at Rombit's servers.

As employers' surveillance of workers has become increasingly widespread, records of worker-to-worker interactions could be abused for many purposes, like union busting.

 

It can also be used for other purposes like surveilling workers to reduce "unplanned downtime".  

 

While wearing tracking bracelets at the workplace might not (yet) be mandatory in most places, it is more than questionable whether workers - with their livelihoods at stake - can exercise real choice when their employer tells them to strap it on. 

 

Under the GDPR, consent can't be freely given if there is a clear imbalance between the data subject and the data controller.

 

In other words, consent can't be a valid legal ground to process the data when the employee has no real choice, feels compelled to consent, or will endure negative consequences if they do not consent.

 

 

 

 

Wearable Device Proximity Tracking
 

EFF is wary about mobile-based Bluetooth-based proximity tracking apps.

 

Now such automated tracking might be migrating from phone apps to wearable devices. 

 

Reuters reported that the Singaporean government is switching its centralized contact tracing technology focus away from its existing TraceTogether smartphone app (which uses Bluetooth to detect and log close proximity of other smartphones).

 

Instead, that nation will deploy a new centralized TraceTogether Token standalone wearable device, which the government plans to eventually distribute to all 5.7 million Singapore residents.

 

While the TraceTogether Token uses a broadly similar technology to the TraceTogether app, it will not rely on participants to own or carry a smartphone.

 

Like the app, the new token will trace proximity between users (not location). 

 

According to MobiHealth News, only users who test positive for COVID will be told to hand their wearable to the Ministry of Health in order to upload data to a centralized server about who they have been in contact with.

 

EFF objects to such centralized approaches to automated contact tracing, whether by means of a phone app or a wearable device. Further details about how the Singaporean device will work are scarce

 

Press reports did not initially confirm if the wearable tokens will interoperate with the mobile TraceTogether app.

 

If they do, which seems likely, the government will continue to collect a great deal of sensitive data about interpersonal associations, and regularly upload that information to a centralized government server. 

 

The centralized TraceTogether mobile app collects data that links device IDs to real contact information like phone numbers, which means the government can use it to determine which individuals have come into contact with one another.

 

This makes TraceTogether app incompatible with decentralized exposure notification systems like Apple and Google's API, where those who have been exposed to an infected person get only a notification but their personally identifying data never leaves the infected persons' device.

 

There is no centralized server where people upload the data.

 

EFF opposes the centralization feature of the Singaporean mobile app, and will likewise oppose this same feature if it is part of the new wearable token system.
 

Since the token will be a single-purpose device, users may not have the same amount of control over how it works. App users can always turn off Bluetooth on their phone, but they may not be able to stop a wristband from broadcasting or collecting data. 

 

Finally, a weakness of app-based exposure notification systems is that many people do not own a smartphone, especially in rural areas. Allowing users to decide whether to use a wearable token or a mobile app (or to use neither) might improve participation rates.

 

But these systems remain an unproven technology that might do little to contain the virus, and should at most be a supplement to primary public health measures like widespread testing and manual contact tracing.

 

And everyone should have the right not to wear a tracking token, and to take it off whenever they wish.

 

 

 

 

Mandatory Apps and Wearables to Monitor Patients Under Quarantine Orders
 

Some countries have started to make tracking wristbands or apps a mandatory element of their efforts to enforce quarantine orders of persons who are or might be infected with COVID-19.

 

EFF opposes such coercive surveillance based solely on infection. 

In Bahrain, persons in medical isolation are compelled to download the government-mandated contact tracing app "BeAware," turn on Bluetooth, keep their Internet on, and set their quarantine location.

 

They are also compelled to wear GPS-enabled bracelets that track their whereabouts and connect it to the app.

 

iPhone users are obliged to turn on the "allow access to the app" setting to "always allow." If this system shows the bracelet is 15 meters away from the phone, it sends a notification to the government's monitoring station.

 

In addition, the government can request selfies at any time from the patient, clearly depicting both the isolating person's face and bracelet in the same image.

 

Attempts to remove or tamper with the electronic bracelet can result in steep fines and imprisonment for not less than three months. 

Similarly, Kuwait requires individuals returning home from abroad to wear tracking bracelets.

Linked with the country's official contact tracing app, Shlonik, the bracelets notify health officials when individuals subject to isolation orders appear to break quarantine.

 

Kuwait's app was developed by Zain, a Kuwaiti telecommunications giant.

 

In 2016, Zain worked with Kuwait's Ministry of Awqaf & Islamic Affairs to deploy wristbands and SIM cards to monitor the locations of 8,000 Kuwaiti Hajj pilgrims during the annual pilgrimage to Mecca.

 

Like in Bahrain, use of the new bracelet is enforced through selfie requests, and violators risk being transferred to a governmental quarantine facility, as well as other legal actions.

As we have previously said, forcing people to download and use an app significantly undermines their ability to control their phone and the data they share, undermining people's right to informational self-determination.

 

Governments should not force people to hand over control of their phones and data.

 

Also, mandating the use of an app risks introducing significant security vulnerabilities and further harming peoples' privacy and data security. Further, a punitive approach to containment can break peoples' trust and thereby undermine public health.

 

For example, people may avoid testing if they fear the consequences of a positive test result. 

 

Some governments are turning to electronic ankle shackles, including Australia and two states in the United States. These devices are commonly used to monitor individuals considered to be dangerous and/or a flight risk both pre-trial and during parole or probation.

 

They have been repurposed for quarantine enforcement.

In Western Australia, under the state's COVID-19 response act, the police acquired 200 GPS-enabled ankle bracelets. Individuals who fail to comply with quarantine orders can be equipped with one of the bracelets.

 

Penalties for failing to comply with orders to wear the shackles, or attempting to tamper with them, can lead to up to 12 months in jail and fines or more than 10,000AU$, or approximately 6,981 US dollars. 

Courts in Kentucky and West Virginia have mandated electronic ankle shackles for individuals who refused to submit to quarantine procedures after testing positive for COVID-19.

Like in Australia, the shackles are using GPS technology to locate individuals.

 

GPS ankle shackles raise a series of concerns.

 

They are a grave intrusion in persons' privacy and personal freedom.

 

Often, they are uncomfortable, restrict a person's range of motion, and must be paid for by the person forced to wear them.

This surveillance to enforce quarantine is not justified merely because a person tested positive or are deemed to have an elevated infection risk.

 

 

 

 

Low-Tech Bracelets for Quarantine Enforcement
 

Hong Kong uses yet another category of bracelets to enforce quarantine orders.

Individuals undergoing 14-day home quarantine procedures, such as arrivals from overseas, are given bracelets with a unique QR code. Users register their bracelet with Hong Kong's official COVID-19 tracing app.

 

The app prompts the owner of the phone to walk the perimeter of their apartment, assembling a unique "signature" made up of the various wifi, Bluetooth, and other signals detectable in the home.

 

If they move the phone outside of that "geofenced" perimeter, they trigger a warning sound that can only be stopped by scanning the QR codes of every household member's wristband.

 

Bracelet-wearers are also expected to scan the codes regularly with a phone.

 

Punishments for not complying can be harsh and may lead to six months in jail time as well as fines. Some technologically more advanced bracelets have been deployed on a smaller scale in Hong Kong.

Similar QR code bracelets are reported to be used in Malaysia. 

The most-used form of the bracelet seems to be little more than a piece of paper with a QR code.

 

These low-tech wristbands are an interesting case since the QR code itself is an easily copyable image and does not incorporate any electronics at all.

This might seem comparatively benign when viewed against the backdrop of more technologically intrusive alternatives.

 

But even a low-tech, non-electronic bracelet with a unique code can play a significant role in making new kinds of surveillance feel familiar and normalized. 
 

 

 

 

Conclusion
 

All of these surveillance technologies, like many other COVID-19 mitigations, are being rolled out rapidly amidst the crisis.

While proponents may feel that they are taking an urgently needed step, governments must begin by showing the efficacy of each technology.

 

They also must address the kinds of digital rights concerns raised by EFF on related topics such as proximity apps and patients' right to privacy against quarantine enforcement.

 

Intrusive monitoring tools adopted now may further normalize the surveillance of individuals by governments and private entities alike.

 

History shows that governments rarely "waste a good crisis," and tend to hold on to the new powers they seized to address the emergency situation.

 

They can also introduce a variety of serious privacy and security risks to individuals that may be forced to wear COVID-19 surveillance tech.

 

Beyond the immediate risks, it is crucial to also consider the long-term effects of tracking bracelets, including their cultural effects.

It should not feel normal to be tracked everywhere or to have to prove your location.