BT, owner of UK mobile operator EE, is in talks with the UK government about handing over its phone location and usage data for the purpose of monitoring whether coronavirus response measures like asking the public to stay at home are being adhered to, according to the Guardian.
The newspaper reports that this will involve creating movement maps with anonymised data, meaning individuals could not be identified. Instead, it would be used to highlight patterns such as whether people were heeding government advice to avoid pubs and restaurants. (That a government mandated lockdown would prevent people from visiting such establishments, in addition to letting them claim insurance and stay solvent seems to have escaped Downing Street as of yet.)
BT didn’t respond to a request for comment.
Israel already approved laws to use the same data, but at a more granular level, to identify whether people with coronavirus had broken quarantine (which can be punished with up to a six month prison sentence in the country), as well as alerting people who had come into contact with the infected individual in the preceding 14 days.
South Korea, China, and Taiwan have used mobile data in a similar way. This is more intrusive than what the UK is apparently considering. (Although until an official announcement, we can’t be sure.)
The Washington Post reported that Donald Trump’s admin is in “active talks” with tech companies on the issue, discussing how they could share aggregated location data to measure the effectiveness of social distancing strategies.
European mobile carriers have provided anonymous and aggregated data in Austria, Italy and Germany in accordance with EU privacy laws. This data has been used to map customers’ movements – to ascertain whether they’re complying with curfew stipulations.
Sign up to Emerging Threats, our weekly cyber security newsletter
In the UK, the move has privacy advocates riled. “We need further explanation and much more transparency,” Silkie Carlo, director of privacy organisation Big Brother Watch, told NS Tech in a statement. “The public needs to trust phone networks at this time, especially to seek health advice and social support. It can be very hard to anonymise location data and so the government should be radically transparent about any tracking if it is to maintain public trust.”
“It is not the first time that big data has been used for crisis management,” said Subhajit Basu, associate professor in Information Technology Law at Leeds University. “However, an unprecedented level of surveillance is possible because of the new Coronavirus Bill (HC Bill 122). It will compromise the rights to privacy, may contradict the tenets of a democratic society and could even prove to be counter-intuitive as it would undermine trust in our government. Trust during a crisis is a particularly valuable tool for reducing uncertainty.”
The Coronavirus Bill, introduced yesterday, proposed sweeping new powers that represent the biggest erosion of civil liberties since the Second World War.
There’s also the question of whether it’s strictly necessary. “As long as the data is properly anonymised this is clearly legal,” Austrian campaigner Max Schrems, who has fought a series of legal battles over Facebook’s privacy practices, told Reuters about the Austrian situation. “But to be honest, in Austria you just have to look out of the window to see that people stay home.”