Lisa Foran, a lecturer in philosophy at UCD and member of the Centre, answers the question of whether we have a duty to use contact tracing applications on our phones to help with efforts to track and trace COVID-19 infections, and if we do, whether people should be compelled to use them. She responds that most people have no good reason to resist using these apps, especially since we routinely require people to give up data for the sake of healthcare (like filling out forms when we go get treatment), and the kind of data they collect is routinely collected by other apps, and the Irish government at least already has the power to access this data from private companies. Nonetheless, it would be improper for states to legally compel people to use these apps since that would infringe on our democratic rights.
I think there is a question about how much privacy we sacrifice if we knowingly share information with others (by downloading the app and understanding what the app does), we could argue that we are no more sacrificing our privacy than when we fill out a medical record form in the local GPs or dentists. Or in fact, when we alert authorities about whom we have been in contact with under the current track and trace system. Privacy is at least in part defined by what we believe to be unavailable to others.
But let’s set this issue aside for the moment and turn to the first part of the question which concerns ‘duty’. A ‘duty’ usually means something that we are obliged to do, we might not always do it – but we should. As a result, when we don’t fulfil a duty, other people have a right to judge us for it.
In this sense ‘duty’ is a very strong word and I’m going to argue here that we probably don’t have a ‘duty’ to download contact tracing apps. Nonetheless, I am also going to say that the vast majority of people will struggle to find good reasons not to download one.
There are currently two models for these contact tracing apps: centralised and decentralised and the extent to which our privacy is compromised depends on the type used. Both kinds use Bluetooth technology to collect information from your phone and the phones around you to determine who is at risk if you test positive. With a centralised model, that information is stored in a centralised server. If you test positive, that server then contacts the relevant people to advise them to get tested. With a decentralised model, the information is stored on the app on your phone – so there is no central database that can be subsequently used for other purposes – and if you test positive, the app automatically notifies those you have been in close proximity to. Ireland is currently planning to use this less invasive decentralised model whereas the UK and France are using a centralised system.
There are issues with the apps because Bluetooth can work between walls, so on some occasions it may identify people who are not at risk. Sometimes Bluetooth can fail, thus not identifying those who are. Furthermore, in order to be useful in limiting the spread of the virus apps require an uptake of somewhere between 50 and 60% of the population. In countries where they have been used for some time, such as Singapore, the uptake has only been about 12% so there are questions about how useful they will in fact be.
Nonetheless, a recent survey found that about 84% of the Irish population would download and use a government tracing app, so let’s presume here that they will have the required uptake in Ireland.
Most apps harvest data about our location (amongst other things). They ask permission before they do so, but most people when downloading an app, grant all permissions. Even for the more privacy conscious who deny or modify the permissions apps have, some apps simply won’t operate without access to contacts, photos, location and so on and others have even found ways of circumventing denied permissions anyway. This data is ostensibly anonymised but the extent of this anonymisation is highly debatable. This data is mined and sold on at a significant profit to third party corporations and advertising firms. So, if you regularly use apps, information about you, including your location, is being sold to make companies money.
Now, maybe you’re ok with this but for some reason don’t like the idea of the state having this information. However, the Irish state (amongst others) already has this power.
Under legislation from 2011 (following an EU directive of 2006), Gardaí – the Irish police – have access to what’s called telecommunications metadata in order to safeguard national security and protect human life. What this means is that Gardaí [Police] investigating a crime can check what phones were active in an area at a given time, find out who owns those phones, and with whom those phones were communicating (although they can’t find out the content of the phone calls / texts). They can access this data whenever they deem it necessary to do so, and – unlike an old-fashioned search warrant – they do not require permission from a judge.
This legislation has been struck down at both a national and a European level, but these rulings are being appealed and as such the legislation is still active (there are similar situations across the EU). Incidentally, it is this legislation that is at the heart of the current high-profile appeal by Graham Dwyer for his murder of Elaine O’Hara in 2012.
So, returning to the question of the track & trace app: if most mobile phone users regularly use apps that are already tracking their location, if many apps make significant profit from selling that information, and if police already have access to someone’s location through their mobile phone use: then NOT downloading an app that makes controlling COVID easier appears somewhat puerile.
This is not the same as saying we have a duty – that is a moral obligation to do it, but rather to say that if you are a regular mobile phone user there does not appear to be a valid logical reason not to.
This is a very different situation to being forced – as the second part of the question puts it: ‘legally compelled’ – to download the app and give up this information against our will. What we freely choose to do and what we are forced to do, play a role in defining what in fact is public and what is private. What we choose to make public and what is taken from us and made public without our consent are very different things. So, to this second part I would have to answer: NO the state should not be able to compel people to download or use an app against their will.
Every citizen should have the right to use or not use whatever technology they choose. If you don’t own or use a mobile phone you should not be forced to do so. And even if you do own one, it is your decision what apps to install or not. It seems to me that infringing on these freedoms comes too close to infringing on our democratic rights to choose.