This article is part of Privacy in the Pandemic, a Future Tense series.
Pandemics have a history of shocking societies into new ways of living, and COVID-19 is no different. It has changed our families, our cities, how we love, and how we grieve. As quarantine pushed us inside and in front of our screens, our relationship with technology underwent significant changes as well. This is especially true as governments have tried to collect and analyze data in new ways to combat the ongoing pandemic. However, the methods and sources that public health officials have tapped remain opaque. Public health officials and their partners now stand at a crossroads: embrace transparency and reveal how they are collecting, analyzing, and distributing data to fight COVID-19 or risk permanently losing the trust and support of their constituents.
In recent years, both governments and private companies have learned the importance of transparency the hard way. Edward Snowden’s disclosures of NSA bulk surveillance sparked a societal debate over the privacy of our data, how it’s used, and the extent to which we control it.
At the same time, civil society has put greater pressure on companies to publicly explain how they collect and disclose information to government agencies like the NSA and FBI. Those same agencies have had to adapt to new legislation meant to hold them accountable for their abuse of data. Together, these changes were supposed to win back consumers’ confidence in American companies, and citizens’ trust in the American government.
Over the course of the pandemic, it seems many of the lessons of the Snowden era have been forgotten. COVID-19 has triggered a wave of opaque data sharing between the private sector and the government, with policy makers seeking out private partners to develop contact tracing applications, facilitate the exchange of public health data, improve the distribution of vaccines and personal protective equipment, and more. The $2.2 trillion financial aid package included in the proposed 2020 COVID relief bill led to a boom in federal lobbying filings and saw the federal government award upwards of $36 billion to private contractors. The result has been fluid transfers of data between public and private stakeholders which have largely taken place out of the public eye. This has left the public in the dark about how these deals have operated to date or how they may open new pathways for data to be exploited in the future, putting our civil liberties at risk.
As we continue to combat COVID-19 and begin to reflect on our collective response, transparency is an essential prerequisite to assessing the true efficacy and proportionality of data sharing during the pandemic, and holding the caretakers of our data accountable. A tapestry of initiatives have tried to catalogue the wide range of data collaboratives created since the onset of the pandemic, including GovLab, Open Government Partnership, and GitHub. However, the these initiatives are only as good as the information they can access. That is why it is crucial that data collaboratives adopt the same reforms that were implemented in the Snowden era, such as transparency reporting. These reports are about more than just information disclosure: They reveal the inner workings and culture of these organizations and their relationship with their public partners. Transparency reports offer a clarity that can jump-start a cycle of critique and reform, allowing the public to hold the caretakers of their data accountable.
Without transparency into how our data is collected, analyzed, and disclosed, we’re forced to evaluate these data sharing deals through the lens of their efficacy, but doing so can be deceptive. For instance, the Department of Health and Human Services partnered with Palantir to develop HHS Protect, which is touted as offering “the best and most granular publicly available data on the pandemic.” Palantir’s platform draws insights from over 200 separate data sources and has become a reliable way to measure the capacity of hospitals around the country and helps to allocate public resources.
At the same time, a coalition of civil society groups are suing the Departments of Homeland Security and Health and Human Services for allegedly withholding information regarding data collection and sharing for HHS Protect. Without knowing how a tool like HHS Protect collects, tracks, and shares information, there’s no telling how data can be shared and used once it’s been logged. This is especially concerning when U.S. agencies like the FBI have a history of conducting warrantless queries on the databases of other government agencies, mining the data of Americans. It’s no surprise that racial and immigrant justice groups are rightly concerned over how that data might be used by other agencies, like U.S. Immigration and Customs Enforcement, to surveille vulnerable populations.
It is difficult to hold private contractors accountable during the pandemic when they are exempt from the policies meant to hold them to task. Existing exemptions within the Freedom of Information Act allow companies to withhold “commercial information” from disclosed documents. During the pandemic, this power has been abused. After Deloitte’s failed implementation of the $44 million Vaccine Administration Management System that the company built for the CDC following an exclusive no-bid contract, Cat Ferguson of MIT Technology Review’s Pandemic Technology Project requested documents on the project under the Freedom of Information Act. The documents she received were heavily redacted, with key details of the project removed, including the sums and justifications of financial expenditures, justifications for why Deloitte was qualified to build such a platform, and the names of the entire development team. These same loopholes within the FOIA system are the focus of the lawsuit against Palantir.
This secrecy is helping no one. In fact, it calls into question the federal government’s pandemic-related partnerships with the other 6,300 companies with which they drafted contracts in 2020. Past crises have taught us that the exceptions we make and the precedents we establish during emergencies can remain long after the crisis has dissipated. The Snowden disclosures came twelve years after the initial implementation of the Patriot Act, and it was only last year that the U.S. Court of Appeals for the 9th Circuit ruled that the subsequent dragnet surveillance employed by the NSA may well have been unconstitutional. The COVID-19 pandemic has catalyzed another wave of data sharing between public and private institutions. It’s crucial that both corporations and governments begin to disclose and clarify how citizens’ data has been leveraged during the pandemic before they are again held accountable for not doing so.