“Dictatorships and authoritarian societies often start in the face of a threat,” Umberto Bacchi from the U.N. told the Thomson Reuters Foundation in an interview on March 31, 2020.
PBS reported on 3/31/20 that the surveillance methods put into place in China during the outbreak are likely to stay in place and that people are more accepting of the need to be constantly surveilled allegedly for health reasons. Welcome 1984. Fascists leap at times like this which is why we must be vigilant and jealously guard our freedoms toinstead take this opportunity to create a better future.
The Department of Justice (DOJ) has asked Congress for sweeping emergency powers that would effectively curb habeas corpus, a cornerstone principle of American constitutional law, by giving the government authority to detain people indefinitely without a trial. Under the proposal, the Attorney General would have the power to ask judges to stop court proceedings during an emergency, including “any statutes otherwise affecting pre-arrest, post-arrest, pre-trial, trial, and post-trial procedures in criminal and juvenile proceedings and all civil process and proceedings.” Granting the DOJ this power would be dangerous any time but a disaster under this administration.
CDC has a new proposal that would requires airline companies, if ordered by the agency, to provide the names and contact information, like email or phone numbers, of passengers aboard international flights landing in the U.S. While it might have been helpful in December or January, the U.S. is now the “hot spot” and it won’t be effective. Thankfully, the corporation is saying they do not want to serve as data gathering agents for the government.
After the 9/11 attacks, the government rammed the Patriot Act through to greatly expand surveillance powers. The public was told it would keep us safe and be temporary. Instead, it has been used by the FBI and NSA to justify surveillance on millions of Americans with little evidence of its usefulness. Huge expenditures have sent up centers around the country to spy on Americans. Some parts have been found unconstitutional and some abandoned because of their uselessness. But Congress just re-authorized it again – twenty years later – and the worst of the measures were not removed. We cannot repeat this mistake.
On 3/19/2020, Anna Eshoo, Congressional representative from Silicon Valley, Suzanne DelBene, representative from WA state, and Senator Ron Wyden from Oregon wrote to the administration regarding technology issues and the protection of the privacy of Americans.
They indicated that the government was in discussion with technology companies to use geolocation data for public health. Admitting that it could be useful, they also cited the dangers and the need for controls and transparency, and the need to implement procedures to protect the privacy of Americans. They suggested all data should be aggregated and anonymous, not be used for other purposes by the government or private companies, protected by the highest cybersecurity protocols, and destroyed at a time set. https://eshoo.house.gov/sites/eshoo.house.gov/files/documents/Eshoo-Wyden-DelBene%20-%20Letter%20to%20Pres%20%26%20VP%20about%20coronavirus%20privacy%20-%203.19.20.pdf
The American Constitution Society https://www.acslaw.orgrecently produced a webinar called, “Technology and Privacy During a Pandemic: Should Government Surveillance Be Used to Stop the Spread of COVID-19?” featuring Jennifer Daskal, a Professor and Faculty Director of the Tech, Law, Security Program at American University Washington College of Law, andGregory T. Nojeim, Senior Counsel and Director of the Freedom, Security, and Technology Project at the Center for Democracy & Technology, a Washington, D.C.
They outlined the difference in aggregate and individual data. Aggregate data can be used to identify hot spots, to observe trends, and to ensure that people are not congregating in large groups. Some of this activity is already underway. Smart Thermometers collects aggregate data on areas where people have temperatures and has been doing that for a while now regarding the flu. According to health officials it is helpful. Now it’s being used to identify COVID-19 clusters. The aggregate data is anonymous and does not violate our rights. Epidemiologists and other medical personnel have said that some data is critical to understand and predict the pandemic so as to get ahead of it. Google Maps also has a tracking app that could track those identified as carriers.
But the collection of individual data may violate our rights. Such things as contact tracing, quarantine enforcement, and identification of those with anti-bodies who then can move freely may violate privacy rights and discrimination. The law professors repeated over and over that the current laws in effect to protect our privacy are woefully inadequate. We have known for some time that the law is not keeping up with the technology. The three main legal authorities are:
HIPAA: Protects the privacy of your medical records. However, there are exceptions for public health and threats, it only applies to private access, and it is a patchwork and not comprehensive. It does not protect information in the hands of those who were not the direct health care provider e.g. insurance agencies and billing companies.
Fourth Amendment of the Constitution: Applies only to government. Some restrictions exist e.g. the court has ruled that if law enforcement want to track your cell phone for more than seven days, they have to get a warrant. There are public health exceptions e.g. carriers of a contagious disease can be identified, and public safety exceptions e.g. the stopping of all drivers on a road to check for drunken drivers. If a person is quarantined, the government can use tracking tools to make sure the person is staying put.
Electronic Communications Privacy Act: The act outlines what can be disclosed by private corporations. The act applies only to the customer or subscriber for whom the company is providing some electronic communications e.g. your cell phone and cable provider. Even for these companies, there are exceptions like consent or an emergency defined as death or serious injury for which data needs to be released immediately (not enough time to get a warrant). Emergencies are time limited but questions remain about how to define “emergency.”
Corporations face no liability. If they refuse to turn over information to the government, there are no provisions to force or punish them; if they turn over information, they can use the loophole of “emergency” to avoid liability to customers.
But there are even bigger loopholes. Once that data (not content) is in another companies’ hands, it has been “sanitized” or “laundered,” and thus the ECPA does not apply. That third company can then give or sell that data to the government or anyone else. Another loophole is that companies can disclose your personal data to foreign governments! Foreign governments are not covered under the law nor under the Fourth amendment. Usually such disclosure is in a criminal context but one can imagine that data being used in a public health pandemic as well.
These holes in the law need to be fixed and rules need to be established about when and how the collected data is destroyed. As the seminar speakers pointed out, when a public crisis occurs, like 9-11 or this pandemic, it shakes public trust leading to some very bad ideas like increased surveillance. Yet public trust and transparency is what is needed to stop a pandemic. We have to have accurate information that we can trust. Unfortunately both of those are in short supply under this administration.
The professors suggest that the first question should be – is the measure being proposed effective to stop the spread? We do not need any new laws, no one’s hands have been tied in dealing with this pandemic because of the law. We need to fix the gaps that we already know about in the existing law. We need total transparency to return some level of trust to the process and we need sunset provisions that are tied to specific criteria so they are not renewed like the Patriot Act provisions.
What Other Countries Are Doing
We need only look at how this emergency has played out in some other countries to know why we should be worried. In Israel, they finally admitted they have been collecting cell phone data for a long time. So now they can figure out who was in proximate contact with whom, and when a person is identified as infected, they can immediately contact those that have been in contact with the infected person to be put into quarantine. As draconian as it sounds that is how South Korea shut it down. Israel has another program that rates people from 1-10 on the likelihood that they are carriers. Israel of all places should know better than to label people according to extraneous factors.
The European Union has very strong data protection laws but they are asking cell phone companies to turn over aggregated anonymous data. Germany, like South Korea, is working on an app that will tell a person when she is in contact with an infected person. South Korea is also posting travel information on the internet telling where an infected person (not identified) has gone so others can avoid the area.
Many countries are using the data to enforce the quarantine like Italy and Tunisia where robots with cameras and loud speakers are checking identification. In Poland people have to take selfies with geo data included and send that to the government so they can verify the quarantine. In Greece a person must text the government before leaving the house and give the reason. Pharmacy is 1 and grocery is 2. The government then texts back permission and if the person is caught out without the permission on their phone, they can be arrested.
Singapore has a “Trace Together” voluntary app tied to Blu Tooth. If the subscriber is within 10 meters of an infected person for 30 minutes it warns the subscriber and notifies the government. The government can then ask the subscriber to hand over the phone to trace all the contacts and isolate them.
In Arizona
A.R.S. §36-662 gives the department of health services and local health departments more authority to look at health records. A.R.S. §36-664 says the information from the health care provider remains confidential under HIPAA. There are exceptions of course. The physician patient privilege does not protect the patient in this situation. (A.R.S. §36-790) The problem also arises when the information leaves the health care provider e.g. to the biller, the accreditor, a government agency, the insurer, a researcher, or a Good Samaritan. Then it becomes “laundered” and the provisions of the ECPA no longer apply. Violation of the law is a class 3 misdemeanor. (A.R.S. §36-666) A civil penalty is possible under A.R.S. §36-667 for a maximum of $5,000 on a case brought by the attorney general. The patient can also bring their own case under A.R.S. §36-668. https://www.azleg.gov/ARStitle/
If there is a pandemic, the governor may issue an enhanced surveillance advisory under A.R.S. §36-782. The least restrictive measures must be used for patient tracking, information sharing, specimen testing, and coordination. The governor and health authorities must meet with persons and institutions before issuing such an order or if they cannot, they must meet within 72 hours after. Unlike Jared Kushner, the various agencies have to share materials, equipment, and supplies. Such an enhanced surveillance regime automatically terminates after 60 days unless renewed by the governor.
During such an enhanced surveillance advisory, the government can access confidential patient information but it is not available to the public. (A.R.S. §36-784) The local health authorities shall counsel and interview any person to get information including who that person has contacted and to whom they may have spread it. So Arizona could have done this months ago and dramatically slowed the spread as CA and WA have done.
Information may also be shared during an enhanced surveillance advisory that could not be otherwise. (A.R.S. §36-785) Information shall be kept in the aggregate and individual patient information is not available to the public.
When a state of emergency is declared by the governor, the department of health has primary jurisdiction. (A.R.S. §36-787) Various rules can be waived, medical exams can be ordered, medicine and vaccines can be rationed, treatment can be mandated, people can be isolated or quarantined, and law enforcement officials and the national guard shall enforce those orders. While the law says that if the public health is not endangered, the state cannot impose treatment against a person’s will or religious belief, that person still has to observe preventive measures and quarantine laws. (F) In this case, the public health is endangered so a person’s religious belief is irrelevant. The state can also assist in seeking reimbursement of costs related to isolation or quarantine. (G)
Conclusion
We must keep our eyes open regarding any attempt at increasing surveillance of Americans in reaction to this pandemic. It’s an old trick in the bag of every authoritarian. Fear is the driving force behind the reactionary groups that have been grabbing power by many means in the past 50 years in America. We cannot succumb but should fear the future they offer even more than the crisis today.
Discover more from Blog for Arizona
Subscribe to get the latest posts sent to your email.