key: cord-0961264-ccc8wzne
authors: Ram, Natalie; Gray, David
title: Mass Surveillance in the Age of COVID-19
date: 2020-05-08
journal: J Law Biosci
DOI: 10.1093/jlb/lsaa023
sha: 1f8699a59074b16cf76152c4c5bbe243c76ce0b2
doc_id: 961264
cord_uid: ccc8wzne

Epidemiological surveillance programs such as digital contact tracing have been touted as a silver bullet that will free the American public from the strictures of social distancing, enabling a return to school, work, and socializing. This Article assesses whether and under what circumstances the United States ought to embrace such programs. Part I analyzes the constitutionality of programs like digital contact tracing, arguing that the Fourth Amendment's protection against unreasonable searches and seizures may well regulate the use of location data for epidemiological purposes, but that the legislative and executive branches have significant latitude to develop these programs within the broad constraints of the ``special needs'' doctrine elaborated by the courts in parallel circumstances. Part II cautions that the absence of a firm warrant requirement for digital contact tracing should not serve as a green light for unregulated and mass digital location tracking. In light of substantial risks to privacy, policy makers must ask hard questions about efficacy and the comparative advantages of location tracking versus more traditional means of controlling epidemic contagions, take seriously threats to privacy, tailor programs parsimoniously, establish clear metrics for determining success, and set clear plans for decommissioning surveillance programs.

interview infected individuals to learn about their activities and the people they encountered after becoming ill, and then monitor those contacts for illness. According to a recent report from the Johns Hopkins Center for Health Security, more than 100,000 contact tracers may be needed nationally to grapple with the COVID-19 pandemic. 16 Massachusetts alone "plans to hire and train roughly 1,000 people to do contact tracing." 17

Other jurisdictions have trained their sights on cell phone data as a new, potentially more powerful, efficient, and accurate tool for contact tracing. With China, South Korea, Singapore, Israel, and others as examples, data brokers and app developers are working to bring digital contact tracing to European and American markets. 18 Their pitch is enticing. In a forthcoming paper in Science, researchers at Oxford argue that COVID-19 spreads too quickly and asymptomatically to be controllable through traditional contact tracing methods. 19 To alleviate the need for long term mass social distancing, the authors of that study argue that communities will need to deploy "instant digital contact tracing." 20 15 Id. 16 COVID-19 testing and support for quarantining identified contacts, undermine the efficacy of digital contact tracing efforts that its proponents seemingly take for granted. 21 As for privacy, digital contact tracing efforts abroad already raise significant cause for concern. These mass surveillance programs sweep up revealing location data indiscriminately. Although they are defended on grounds of emergency and the urgent need to contend with the present health crisis, experiences in those countries already reveal the potential for abuse. Moreover, our own history amply demonstrates that surveillance powers claimed on emergency grounds frequently remain after the emergency has passed, often morphing into tools of social control targeted against Should the political branches fail to perform on these duties, then the courts, as guardians of the Fourth Amendment's sacred trust, must act.

In the U.S. context, questions about protecting privacy against threats of government surveillance implicate the Fourth Amendment, which guarantees that "The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures shall not be violated . . . ." 24 Would an epidemiological surveillance program that uses cellphone location data to conduct individual contact tracing or to document and predict infection patterns using aggregate data be subject to Fourth Amendment regulation? If so, what form should those regulations take? Answering these questions requires addressing two Fourth Amendment 23 By "location tracking," we mean the use of technologies like cell site location or GPS that monitor the movements of individual persons or devices through space. In the present context, location tracking technologies might be used to trace the movements of individuals who test positive for SARS-CoV-2 and to document potential contacts with others. By "proximity tracking," we mean technologies like geofencing or Wi-Fi that document the presence of individuals or devices in a specific area. Proximity tracking might be used to control the flow of persons in particular spaces, such as malls, grocery stores, or even cities. It might also be used to identify those who have traversed hotspots or other areas of potential contagion. 

thousands of requests each year. They may therefore already be acting as state agents when they collect and aggregate location data. 26 That case is even stronger in the narrower circumstance of epidemiological surveillance. These programs require ongoing access to historical data for baseline analysis, recent aggregate data to model population flows and contact patterns, targeted data to trace individual persons, and real-time data to monitor the activities of persons and groups. In short, these programs will entail close, ongoing public-private partnerships, which will have the effect of converting AT&T, Google, and other data collectors and aggregators into government agents for purposes of the Fourth Amendment. 27

To the extent doubts about the state agency requirement persist, they are probably mooted by the Supreme Court's recent decision in Carpenter v. United States. 28 There, the Court held that the Fourth Amendment governs law enforcement access to historical cell site location data gathered and stored by cellphone service providers (cellphone location data, whether in the form of cell site location or GPS tracking, appears to be a centerpiece of tracing and proximity surveillance proposals because these devices are so often with their users 29 ). As the Carpenter

Court noted, service providers collect and aggregate this data for their own business purposes. 30

Nevertheless, the Court held that law enforcement must secure a warrant before accessing that data in the context of a criminal investigation. 31 The Court was decidedly mealy-mouthed about what constituted the "search" in Carpenter, who did it, and when, 32 but the circumstances contemplated by epidemiological surveillance programs are sufficiently analogous to conclude that the state agency requirement would not be an impediment to applying the Fourth Amendment, even if the precise reasons why might remain a mystery.

But does epidemiological surveillance constitute a "seizure" or a "search"? The Fourth

Amendment regulates conduct that threatens the security of the people against "unreasonable searches and seizures." Conventionally, this means that the Fourth Amendment applies only to conduct that constitutes either a "seizure" or a "search."

"Seizures" entail material interference with property or liberty. Depending on the technology used, epidemiological surveillance programs plausibly could constitute seizures of "effects." For example, if the government required citizens to install specific applications on their cellular phones or other electronic devices, then that interference might well amount to a seizure of effects. So, too, if government agents surreptitiously hacked devices to install tracking software. 33 In addition, if a surveillance program was aimed at using personal devices to limit 30 Carpenter, 138 S. Ct. at 2212. 31 Id. at 2221. 32 See id. at 2217 ("The location information obtained from Carpenter's wireless carriers was the product of a search."); id. at 2220 ("The Government's acquisition of the cell-site records was a search within the meaning of the Fourth Amendment."). 716-18 (1984) .

12 technology company and made available to researchers or business entities? Is the CDC subject to Fourth Amendment regulation if it has done nothing more than what a private party could do?

In one respect the answer is easy: "Yes, of course!" As described above, the state agency requirement highlights the fact that government agents are subject to Fourth Amendment restraints that do not bind private actors. In another respect, however, the answer is less clear. 43 One might wonder about the application of doctrine elaborated in the context of criminal law enforcement to the quite different case of public health. It is important here to distinguish between two distinct Fourth Amendment questions: whether government action constitutes a "search," and, if so, what form of prospective restraint is necessary to guarantee the security of the people against unreasonable search. When answering the "search" question, it does not matter whether the government agent is engaged primarily in criminal law enforcement or public health. A search is a search, whether conducted by police looking for evidence of a crime or the CDC looking for traces of a contagion. By contrast, when addressing the remedy question, it matters quite a bit whether a search is conducted to advance a criminal investigation or to advance other governmental interests. See infra notes 51-58 and accompanying text. In addition, there are real concerns that some tracking programs justified by public health concerns may be exploited for other purposes, including law enforcement, immigration, and national security, which will require careful safeguards. See infra Part II.

13 cell site location data that is routinely gathered and aggregated by cellphone service providers for their own business purposes. 44 The crux of the Court's reasoning was that location tracking reveals a host of intimate details about private associations and activities. 45 The Court also worried that granting law enforcement unfettered access to this kind of data would facilitate programs of broad and indiscriminate search, threatening the right of the people to be secure against threats of arbitrary state power, and conjuring the specters of general warrants and writs of assistance that haunted the minds of the founding generation. 46

Epidemiological surveillance programs robust enough to conduct individual contact tracing or to document disease progression using aggregate data will trigger these same concerns.

This suggests that they, too, would be subject to some form of Fourth Amendment restraint. The fact that some of the data used might be anonymized does not change the calculus. First, as has been amply demonstrated, it is very easy to deanonymize location data. 47 That is likely to be particularly true in a world where people have been ordered to stay at home because location data will be robustly associated with individual residences. Second, the fact that data is anonymized may salve some of the individual privacy concerns, but it does little to resolve concerns about "arbitrary power" 48 and "permeating . . . surveillance," 49 which threaten the 44 as public health as long as they are narrowly tailored, likely to succeed, strike a reasonable balance between privacy interests and public policy goals, and limit the discretion of government agents conducting searches. 58 The next Part details a framework that policymakers can apply to

16 meet these constitutional demands when deploying and using epidemiological surveillance tools such as contact tracing.

The COVID-19 pandemic poses an emergency for public health. Faced with such emergencies, executive agents are wont to assert broad discretionary powers. As the Canadian Freeholder observed in 1779, they are fond of doctrines of reason of state, and state necessity, and the impossibility of providing for great emergencies and extraordinary cases, without a discretionary power in the crown to proceed sometimes by uncommon methods not agreeable to the known forms of law. 59

The Fourth Amendment guards against these threats, "curb[ing] the exercise of discretionary authority" to search and seize. 60 To deploy and use epidemiological surveillance tools will therefore require more than executive fiat. What the Fourth Amendment demands is a clear and deliberative process, weighing the genuine benefits and costs of programs likely to engage in invasive and potentially mass surveillance. This process-which should involve both legislative and agency actors-must identify prospective remedial measures sufficient to safeguard the right of people to be secure against unreasonable searches and seizures while reasonably accommodating legitimate public health goals.

In other work, one of us has elaborated a constitutionally informed framework policymakers can apply when designing data surveillance programs. 61 This framework challenges the political branches to engage critical questions about need, efficacy, parsimony, and discretion before deploying these kinds of surveillance tools. It also provides a guide for courts to evaluate the constitutional sufficiency of the regulatory structures erected around these kinds of surveillance programs. 62 Below, we explain how that framework might guide the development and deployment of public health surveillance programs like digital contact tracing, location monitoring, and data aggregation and analysis.

Pre-deployment review. Before a digital public health surveillance program is deployed, proponents must publicly and transparently identify the goals of the program and establish a reasonable, scientifically grounded fit between those goals, the methods to be used, and the data to be gathered. 63 In particular, proponents must clearly articulate why digital methods outperform traditional alternatives in order to justify additional intrusions on privacy. Reliable processes to identify infected individuals must be followed by efficient procedures to inform and monitor any contacts who may have been exposed. In the case of COVID-19, current proposals for digital contact tracing largely appear to take for granted that identified contacts will immediately and reliably self-isolate for the two-week incubation period of a possible COVID-19 infection. The Oxford research team that advocates "instant digital contact tracing" plainly states that it modelled the impact of "tracing the contacts of symptomatic cases and quarantining them." 72 Their model defines its success rate as "the fraction of all contacts traced, assuming perfectly successful quarantine upon tracing, or the degree to which infectiousness of contacts is reduced assuming all of them are traced." 73 That is a generous assumption with no demonstrated grounding in reality.

Our recent experience with social distancing suggests that many people will continue to congregate, whether by choice or necessity, despite prompts to maintain social distance. 

abound of crowded subways, public markets, houses of worship, beaches, and parks across the country. 74 Workers without paid sick leave-let alone paid leave for possible, but unconfirmed, infection-may simply be unable to afford to self-isolate when prompted by public health orders, even if they are otherwise inclined to obey. From a purely practical perspective, then, models grounded in assumptions about compliance with self-isolation instructions offer little in terms of evidence that digital tracing methods will be superior enough to traditional methods to justify the radical costs to privacy attendant to mass surveillance.

Moreover, digital contact tracing may cast so wide and impersonal a net that it will be less effective than traditional means in generating compliance. Depending on the precision of the location data, prompts to self-isolate may become overbroad and routine, which will further reduce compliance. Social distancing recommendations emphasize six feet of distance between people to minimize infection. This suggests that ideal contact tracing would limit its scope to individuals who were within six feet of an infected person. But cell tower and GPS data typically have margins of error of more than six feet. GPS data, which is more precise than cell tower location data, is usually accurate only to within sixteen feet, with even poorer performance in crowded urban areas. 75 Bluetooth tracking may be more precise, but it is also overinclusive,

likely registering contacts between devices despite the presence of walls, car doors, or even whole floors in a building. 76

At least for now, these tools are likely to direct into isolation many people who were never actually at risk. Over time, overbroad notifications will fail to prompt appropriate selfisolation even among individuals who are genuinely at risk-the epidemiological equivalent of crying "wolf!" Other difficulties may arise as well, from false or malicious designations of an individual as infected when they are not, to insufficient participation in voluntary programs.

Traditional contact tracing, though perhaps a bit slower, may still prove to be more precise, accurate, robust, reliable, and visceral, and therefore may be more effective in generating actual compliance.

In sum, digital contact tracing is unlikely at present to yield its promised benefits due to low testing rates, low compliance rates, and technological limitations. Before requesting or requiring individuals to sacrifice their locational and associational privacy, policymakers must 

Even if an epidemiological surveillance program can establish efficacy, that does not end the Fourth Amendment inquiry. Given the substantial privacy interests at stake, legislators and app developers must take care at all stages of design, deployment, and use to mitigate against privacy harms, beginning with data gathering. Indeed, these later stages-and the need to continue to probe issues of efficacy-will take on increased importance if app developers or policymakers charge ahead before pre-deployment review is completed. 78

Data gathering and aggregation. Epidemiological surveillance programs such as digital contact tracing should gather the minimum amount and types of data reasonably necessary to facilitate their public health goals. Although GPS data is seemingly ubiquitous, it casts too wide a net and thus exposes a larger population's location data in response to every query. Bluetooth data, by contrast, may be able to register proximity between devices more precisely, alongside or instead of logging location directly. 79 Utilizing proximity data rather than location data could minimize the intrusiveness of the data gathered because this data would reveal that two devices were in proximity but not where. Limiting the timeframe covered by location or proximity data would minimize the scope of information revealed about a person's movements, habits, and intimate associations. 80 78 See, e.g., supra notes 5-6 and accompanying text (charting the proliferation of digital contact tracing apps, including in some U.S. states). 79 Id. 80 In addition to satisfying the Fourth Amendment, data gathering, aggregation, and other features of a digital contact tracing effort must also comply with existing statutory privacy protections. For instance, the California Consumer Privacy Act provides California residents with, among other rights, the right to know what information certain businesses have collected about them, the right to request deletion of that data, and the right to opt out of the sale of that data to others. See CAL. CIV. CODE § 1798 CODE § .100-1798 should conduct regular reviews to determine whether the promises of a program match its reality.

Epidemiological surveillance programs such as digital contact tracing have been touted as a silver bullet that will free the American public from the strictures of social distancing, enabling a return to school, work, and socializing. But these tools also tread on established expectations of privacy while presenting real threats of persistent mass surveillance. In sorting through these promises and challenges, the Fourth Amendment will have a critical role to play. Like all matter how popular or seemingly necessary in "providing for great emergencies and extraordinary cases." 91 In particular, the Fourth Amendment will require that epidemiological surveillance programs demonstrate sufficient potential to serve compelling public health goals.

There are good reasons to be skeptical. Unless and until more mundane aspects of contact tracing are operating efficiently-including availability of testing and practical support for appropriate self-isolation by contacts-there is little reason to think that there is enough promise to justify the dramatic expansions in government power and significant costs to personal privacy.

Even if there is good reason to believe in the public health promise of these programs, the Fourth Amendment requires more than blind faith in the judgment of government officials. The

Fourth Amendment is genetically skeptical of granting broad, unfettered discretion for state agents to conduct searches and seizures. 92 To meet Fourth Amendment demands, epidemiological surveillance programs, whether directed at digital contact tracing, location monitoring, or data aggregation and analysis, must be the products of rigorous deliberative processes, weighing the genuine benefits and costs. Robust prospective remedial measures should be put in place to secure privacy and liberty, including limitations on data gathering, aggregation, storage, access, analysis, and use. In addition, programs should be subject to constant review and sunset provisions. Only by adopting these kinds of procedural and substantive safeguards can we hope to achieve legitimate public health goals as we face COVID-19 while also protecting our sacred constitutional trust. 91 2 MASERES, supra note 59, at 243-44. 92 See United States v. Jones, 565 U.S. 400, 416 (2012) (Sotomayor, J., concurring).

Crowds Gathered at National Mall to Watch Blue Angels

Coronavirus News: Social Distancing Is Not Happening on the NYC Subway

Closes Wharf Fish Markets after Patrons Fail to Follow Social Distancing Guidelines

at 2219 (touting improved cell tower triangulation methods giving location precision to within 50 meters)

GPS-enabled smartphones are typically accurate to within a 4.9 m (16 ft.) radius under open sky"). Nonetheless, the majority of existing digital contact tracing apps appear to rely on GPS data. See Woodhams