[D66] Google Wants Your Data in Exchange for a Coronavirus Test

[Antid Oto]

Google Wants Your Data in Exchange for a Coronavirus Test
By
Faine Greenwood
foreignpolicy.com
9 min
View Original


While U.S. President Donald Trump may have mangled the details in his 
press conference, Google (via its Alphabet sister company Verily) really 
has launched a coronavirus screening tool. The website, which was 
developed in collaboration with the state of California, was rolled out 
on March 16 and currently offers coronavirus testing services in four 
counties. At first glance, it’s simple. The site runs users through a 
series of screening questions via the company’s Project Baseline health 
data collection platform. If the system deems them eligible, they’re 
allowed to make an appointment for a much-coveted coronavirus test.

There’s just one catch. Users must have a Google account to use the 
screening tool. If you’re sitting at home wondering if your cough is 
seasonal allergies or COVID-19, you probably think this sounds like a 
good deal. And it is a deal, because Google didn’t launch its screening 
tool out of altruism. It’s doing so, at least in part, because it wants 
access to your health data, as part of the company’s intense push into 
the health care business.

Thanks to the coronavirus pandemic, the company has a new way to get 
your information.

With the blessing of both federal and state governments, Verily has set 
up a system where people must choose between sharing their health data 
with the company and, practically speaking, not getting a coronavirus 
test. That’s no choice at all, given the stakes of not complying. And 
there are plenty of ways that Verily—and its corporate parent—might put 
your health care data to use. In its frequently asked questions, 
Verily’s website notes that the information users provide may be shared 
with a long list of other parties, including health care professionals, 
clinical labs, the California Department of Public Health, and federal, 
state, and local health authorities. It may “also be shared with certain 
service providers engaged to perform services on behalf of Verily, 
including Google.”

While the Verily website clearly states that your data “will never be 
joined with your data stored in Google products without your explicit 
permission,” that wording implies Google may ask you to give that 
permission at some point in the future—and it almost certainly will 
because Google is well aware of the immense value of joining different 
huge data sets together to come up with new insights and correlations. 
There is also little, legally speaking, that stops Google from joining 
those data sets together anyway. (And while Google does allow you to 
delete your data, it’s unclear how that will apply here—or how many 
people actually know that’s even a possibility.)

Take it or leave it—and don’t you really want to know if that cough 
might kill you?

Google’s ability to, in essence, force users to consent to data 
collection may become a more common tactic for companies and governments 
as the coronavirus rolls on, in their ongoing scramble to use technology 
to more effectively (and, most likely, profitably) stop the pandemic. 
The hope of a return to some kind of normality after the lockdowns 
depends on the ability to trace and track cases and limit new outbreaks. 
In the coming months, people worldwide are going to be asked to trust 
that tech companies and governments have our best interests in mind when 
they collect our data and track our movements.

Unfortunately—and frighteningly—Google hasn’t earned that trust. 
Google’s recent health care push has been plagued with missteps and 
public criticism. In 2017, the U.K. Information Commissioner’s Office 
ruled that London’s Royal Free Hospital violated the nation’s Data 
Protection Act after it handed over 1.6 million patients’ personal data 
to the Google subsidiary DeepMind. While DeepMind’s co-founder promised 
in 2016 that the company would never link or associate patient data with 
Google’s other products (in a very similar-sounding claim to that which 
Verily is making), that promise went out the window in 2018, when Google 
fully absorbed DeepMind’s app and the data that went along with it. In 
November 2019, some users tossed their Fitbits in fear (and to little 
avail) after Google acquired both the company and its vast stores of 
health information. Soon afterward, a whistleblower sounded the alarm 
about Google’s Project Nightingale, a partnership between the company 
and the enormous health nonprofit Ascension: The agreement gave Google 
access to the health data of millions of Americans and concerned 
regulators so much that they launched a federal inquiry. In this 
context, Google’s pushy coronavirus testing tool looks like a very 
clever business play indeed.
Listen Now: Don't Touch Your Face

A new podcast from Foreign Policy covering all aspects of the 
coronavirus pandemic
Learn More

Is being coerced into giving up your data—in exchange for a coronavirus 
test—really such a bad thing? It certainly can be. Health data breaches 
are dangerous, and merely collecting heath data and holding onto it 
exposes the data subject (you, me, everyone) to risk. As the health law 
expert Charlotte Tschider pointed out in an interview, “People are 
discriminated against every day based on health conditions, and we’ve 
seen how quickly many people who have COVID-19 are identified to media. 
There’s a very real risk of someone being identified as patient zero or 
10 or whatever and potentially getting some attention.”

This very scenario has played out in South Korea, where government 
public health authorities have used mobile phone data to track the 
pre-diagnosis movements of people infected with the coronavirus. 
Authorities sent out mass texts describing these movements to the 
general public as a way of alerting them to potential infection risks. 
Unfortunately, the data in the texts was badly anonymized, and a number 
of people (and their movements) were quickly reidentified online—leading 
to embarrassing speculation about affairs, plastic surgery procedures, 
and even insurance fraud. U.S. coronavirus survivors have also reported 
suffering social stigma, public shaming, and hate-mail on their return 
home, while in Ukraine, protesters attacked buses carrying evacuees from 
China to a quarantine center.

In a dramatic example of data coercion, the Chinese government is 
partnering with the popular Alipay wallet app to roll out a mandatory 
coronavirus quarantine app, which uses a questionnaire to assign people 
a color-coded health status. (Green means you’re free to move about, 
while red means a mandatory two-week quarantine.) Across most major 
Chinese cities, citizens need to show a green code at checkpoints if 
they wish to get through; location data and other information are also 
shared with the police and other authorities. Multiple different 
competing apps, some created by local governments, are making the 
process exceptionally confusing as different levels of the authorities 
attempt different techniques.

Google’s tactic of linking access to COVID-19 testing to giving up one’s 
data also isn’t new. It’s simply one of the few instances where this 
type of data coercion has happened to relatively privileged people. 
Refugees, people of color, the homeless, and other marginalized 
populations are, unfortunately, very familiar with being forced to give 
up privacy and personal information in exchange for access to the goods 
and services they need to stay alive, in what some refer to as an 
ever-growing “privacy divide”—a divide that the coronavirus pandemic may 
help narrow if the tactics that have been tested on the poor and 
vulnerable are rolled out to everyone else in the near future. Just as 
tech is leveraged to control the movements of marginalized people today, 
it may soon be leveraged to control the movements of the more privileged 
in the very near future, with the coronavirus as the justification.

Verily’s coronavirus screening tool isn’t just coercive, though. It’s 
also an experiment, in that it is a hastily rolled-out and presumably 
largely untested effort at effectively identifying high-risk patients 
and getting them tested. As tech companies and governments around the 
world scramble to form partnerships to craft innovative responses to the 
pandemic, we are all likely going to become nonconsenting (or 
unsuspecting) subjects. And in most cases, we won’t be able to 
meaningfully opt out.

Crisis is often used as a justification for rolling out untested new 
technologies and ideas in a process of humanitarian experimentation, in 
which the usual rules and oversights are tossed out in favor of 
supposedly life-saving haste—and the potential dangers and unexpected 
consequences of those new technologies are largely ignored.

Usually, this type of aid-through-innovation happens to vulnerable 
people in less wealthy countries, as we saw during the 2014 Ebola 
outbreak, when aid, research, and tech organizations used the crisis to 
justify using West Africans’ mobile data to (ineffectively) attempt to 
track the spread of the disease. Millions of people’s privacy was 
violated, and as recent studies indicate, this type of call-detail 
record tracking for pandemics may not even work that well—but there was 
little recourse for pushback from the people surveilled, and resources 
that should have gone to directly fighting the disease were put toward 
tech solutions instead.

The coronavirus pandemic may—if tech companies and surveillance-curious 
governments get their way—extend this type of tech-driven 
experimentation to just about everyone. “Lots of people don’t have 
nomenclature for being experimented on by your government during 
disaster,” said the privacy expert Sean Martin McDonald. “Now we are 
probably going to have to develop it.”

There are some ways we can push back. As governments and tech companies 
roll out new, so-called innovative means of tracking the coronavirus, 
the public should approach them with a critical eye—and defend the value 
of privacy and human rights protections during crisis situations. 
“Describing privacy as a trivial thing avoids the very real threats that 
it presents to people’s safety,” said Lindsey Barrett, a privacy law 
expert at Georgetown University. “If we’re trying to address one safety 
concern by making people vulnerable in another way—if we’re saying that 
privacy is stupid and anyone trying to criticize these measures is 
wearing a tin-foil hat—that’s disingenuous and unproductive.”

Of course, the overwhelming nature of the crisis makes it tempting to 
carve out exceptions, just as the public is being forced to accept the 
loss of its freedom of movement—at least temporarily. But security tools 
have a way of embedding themselves permanently. That’s why it’s 
important that these new surveillance and data collection tools must 
come with clear sunset clauses (as suggested by Tilburg University’s 
Linnet Taylor) and other legal mechanisms that will force them to, 
eventually, end. In the absence of these protections, new surveillance 
methods that are launched during the pandemic may never go away: Tech 
surveillance will become a one-way ratchet, a dial of control that can 
only be turned up. Google should not quietly become a humdrum partner of 
public health authorities across the United States while the pandemic 
goes on—and if the government and corporations do end up tracking 
people’s movements using phone data, those efforts should have a clearly 
defined end date and clear guidelines for deleting all that information 
when it is no longer needed.

Inevitably, the world will be a very different, sadder place when the 
pandemic ends. It may also be much less free, a place where both tech 
companies and governments are capable of using data to strengthen their 
control over the average person, in ways that are difficult even to 
imagine today. If we want to stop pandemic profiteers from getting far 
more access to the most intimate details of our lives, then we need to 
stay vigilant—and we need to act now.