The principle that a liberal democracy should only encroach on personal freedom when essential to prevent harm to others has some tough implications.
Posted 17 April 2020
The virus SARS-CoV-2 and the disease which it causes, COVID-19, are the greatest challenge that Britain has faced in my lifetime. (These are the precise spellings used by the World Health Organisation.)
The same is true for almost all liberal democracies around the world with rare exceptions such as the Republic of Korea which was devastated by the Korean war.
One of my colleagues at Movement46, suggested that I write a short column for our website “How should a liberal democracy handle the coronavirus crisis?” which was published on 11 April. I have now reproduced it below along with some additional material about the technology aspects.
The most fundamental point in my article is that my personal freedom stops at the point where it threatens harm to you. That simple and timeless principle has some important, and at times quite tough, implications.
The pandemic disease COVID-19 forces us to consider fundamental questions about the nature of society and the state. Questions we usually ignore. How do your freedoms and obligations relate to mine, and to those of other citizens?
I start from the position of a classical European liberal who believes that I am free to live my life as I wish, provided I do not harm others. I have no right to impose obligations upon you, unless I am willing to accept reciprocal obligations.
Furthermore, those obligations which members of society collectively impose upon each other should be kept to the bare minimum. The reason is that, in practice, most societal obligations are imposed without achieving unanimous consent. This means limiting the freedom of those who did not want them.
Most of my political views are logical consequences of these principles. For example, my desire to abolish the legal prohibition of assisted dying; my life is mine to end when I will. Even under present law, I am free to refuse medical treatment.
Nevertheless COVID-19 has some tough consequences which liberal minded people may initially recoil from.
You may not care if you get infected with the virus SARS-CoV-2, and whether that leads to illness or death from COVID-19. However, are the rest of us then expected to care for you in your illness? Even more importantly, unless you can be hermetically sealed off from the rest of society, in your infected state you may pass the virus on to others.
These consequences mean that even a liberal society cannot permit you to avoid taking precautions against infection. That is why it is acceptable for a liberal society to impose mandatory vaccination upon all its citizens, with an exemption only for those who would suffer medical harm from the vaccination due to their specific biological issues. That applies to all infectious diseases, including of course COVID-19 once a vaccine becomes available.
The measures that our society takes to protect its members from COVID-19 must of course be decided by the Government. It alone has authority to take collective decisions on behalf of society, because citizens have delegated that authority to it through the electoral process.
Nothing that the Government has done so far should give a classical liberal any qualms. It is perfectly reasonable for society to close activities which are not essential (as judged by Government on our behalf) to minimise the risk of infection, while providing appropriate compensation from an Exchequer which represents our society’s collective funds.
At present testing capacity is wholly inadequate. Once sufficient capacity becomes available, the Government has the right to require people to be tested (even if they are unwilling) because the rest of us have the right to know whether people who might mingle with us are contagious.
One area much discussed in the media is contact tracing.
If have the virus, society has the right to ask me who I have met in the last N days (where N depends on how long asymptomatic people might be contagious) so that they can be tracked down and checked, since that may save their lives, and may also stop them further infecting others. I have no moral right to withhold the identity of the people I have met in the last N days, thereby putting their lives at risk.
The practical problem is that people’s memories are unreliable. Accordingly, several foreign countries have used smartphone apps. The design of such apps varies between countries, in part depending on the level of personal freedom such countries enjoy.
In my view the right of individuals to privacy, and the right of individuals to know whether they might have been infected with the virus, can be balanced by designing an app which properly balances civil liberties and the need to stop the virus spreading.
The outline below is based on reading what other countries have done. It focuses on the policy issues, rather than the technical aspects. I think it, or an adaptation, would be feasible.
The above design preserves privacy, since the state never learns which people have been in close proximity to each other, while at the same time ensuring that my behaviour does not deny you the right to be tested if I prove to have the virus. It would also ensure that if you need testing, you cannot opt out of being tested.
Mohammed Amin is a former Conservative Party member and is now a Liberal Democrat. He writes in a personal capacity.
My article above focused on the political freedom issues, rather than going into the technology in detail. Accordingly I wrote it from first principles based on my general knowledge of what is technologically possible, without doing the detailed research just carried out for the additional material below.
The Apple website has an article "Apple and Google partner on COVID-19 contact tracing technology" which sets out the approach both companies are taking jointly to support the development of contact tracing apps.
Google and Apple are announcing a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design....
Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders. We will openly publish information about our work for others to analyse.
However, the Guardian has reported "NHS in standoff with Apple and Google over coronavirus tracing." The key issue is that Apple's and Google's policies "apply only to apps that don’t result in the creation of a centralised database of contacts."
It appears from the Guardian article that the United Kingdom's NHS (National Health Service) is seeking to centralise contact information. That is the precise opposite of the approach that I outlined above which was intended to minimise the scope for state surveillance while enabling contact tracing when warranted.
EU Members States, supported by the Commission, have developed an EU toolbox for the use of mobile applications for contact tracing and warning in response to the coronavirus pandemic. Full details are on the page "Coronavirus: An EU approach for efficient contact tracing apps to support gradual lifting of confinement measures."
The EU page sets out the key design philosophies:
- They should be fully compliant with the EU data protection and privacy rules, as put forward by the guidance presented today following consultation with the European Data Protection Board.
- They should be implemented in close coordination with, and approved by, public health authorities.
- They should be installed voluntarily, and dismantled as soon as no longer needed.
- They should aim to exploit the latest privacy-enhancing technological solutions. Likely to be based on Bluetooth proximity technology, they do not enable tracking of people's locations.
- They should be based on anonymised data: They can alert people who have been in proximity for a certain duration to an infected person to get tested or self-isolate, without revealing the identity of the people infected.
- They should be interoperable across the EU so that citizens are protected even when they cross borders.
- They should be anchored in accepted epidemiological guidance, and reflect best practice on cybersecurity, and accessibility.
- They should be secure and effective.
DP3T is an international consortium of technologists, legal experts, engineers and epidemiologists with a wide range of experience who are interested in ensuring that any proximity tracing technology does not result in governments obtaining surveillance capabilities which will endager civil society.
Their documents include a detailed white paper which set out detailed aspects of their proposed design. A brief extract from the Executive Summary is below.
This document proposes a system for secure and privacy-preserving proximity tracing (aka contact tracing) at large scale. This system provides a technological foundation to help slow the spread of the SARS-CoV-2 virus by simplifying and accelerating the process of notifying people who have been in contact with an infected person. The system design aims to minimise privacy and security risks for individuals and communities and guarantee the highest level of data protection.
The system provides the following security and privacy protections:
- Ensures data minimization. The central server only observes anonymous identifiers of infected people without any proximity information; health authorities learn no information (beyond when a user manually reaches out to them after being notified); and epidemiologists obtain minimal information regarding close contacts.
- Prevents abuse of data. As the different entities in the system receive the minimum amount of information tailored to their requirements, none of them can abuse the data for other purposes, nor can they be coerced or subpoenaed to make other data available.
- Prevents tracking of non-infected users. No entity, including the backend, can track non-infected users based on broadcasted ephemeral identifiers.
- Graceful dismantling. The system will organically dismantle itself after the end of the epidemic. Infected patients will stop uploading their data to the central server, and people will stop using the app. Data on the server is removed after 14 days.
Several countries are already using contact tracing mobile phone apps, albeit with different design philosophies depending on the country's history.
Singapore already has an app, called TraceTogether, whose use is voluntary. GovTech Singapore, which is an official Singapore government website, has an interesting article "TraceTogether - behind the scenes look at its development process" which looks at some of the technical issues.
Their page "6 things about OpenTrace, the open-source code published by the TraceTogether team" explains some of the design choices they have made.
Contact logging is decentralised…
One of the key ways that OpenTrace preserves the privacy of users is by keeping all records stored locally on their phones, as opposed to uploading the information to a database.
While Google Firebase, which is used by TraceTogether, also collects anonymised information such as brand and model of the mobile phone, that information does not have physical location data (i.e. GPS, cell ID) of users. The anonymised information is only used to improve the user experience across different phone models. This is particularly important given the diversity of features and settings available across phones in the market today.
Keeping logs decentralised on user’s phones rather than on a centralised internet-accessible database means that the information will not be compromised even if the server is breached.
…but contact tracing is centralised
While contact logging is decentralised, the TraceTogether team made a fundamental design choice to develop a hybrid rather than a fully decentralised system. “While it is possible to have a completely decentralised system, positive COVID-19 diagnoses still have to be authenticated to prevent abuse and fraudulent reports leading to unnecessary panic. Capacity permitting, having a human-in-the-loop system is prudent and reliable,” Bay explained.
Centralised contact tracing—which occurs once users provide consent and upload their data to MOH—gives the contact tracing experts room to make their professional judgement in classifying contacts as either transient, casual or close contacts, he continued. The thresholds for classifying contact between individuals can be adjusted for individual circumstances and tuned as necessary to fill gaps in a patient’s memory. For example, short-duration encounters in enclosed spaces can lead to a higher risk of exposure to the COVID-19 virus than longer-duration encounters in well-ventilated open spaces. A fully automated system is unlikely to take these factors into account and will not be able to provide useful information to the national public health authorities.
It is important to note that the TraceTogether solution does not replace the contact tracing process. “Instead, it is an important tool in the toolbox of contact tracers. It is not sufficient to rely on technology alone, as we need the expertise in public health and communicable diseases to make sense of the data collected using this technology,” added Mr Sutowo, MOH’s Director of Analytics and Information Management.
This website has an article "Apps and Covid-19" which surveys the approaches taken by a large number of countries. I will not try to summarise the article, but recommend reading it.