clock menu more-arrow no yes mobile

Filed under:

The government might want your phone location data to fight coronavirus. Here’s why that could be okay.

Privacy advocates want restrictions on how much phone location data the government gets from tech companies.

A man wearing a breathing mask and sitting on the New York City subway looks at his phone.
Facebook is already using aggregate, un-indentified data to track the spread of disease.
Robert Nickelsberg/Getty Images
Sara Morrison is a senior Vox reporter who has covered data privacy, antitrust, and Big Tech’s power over us all for the site since 2019.
Open Sourced logo

The United States government wants tech companies to tell it where you’ve been as part of its effort to fight the Covid-19 coronavirus pandemic, according to the Washington Post. And while that sounds invasive on its face, it is possible for the government to do this and preserve our digital civil rights — as long as the correct safeguards are put in place first.

The Post reported on Tuesday that the US government is in “active talks” with tech companies including Facebook and Google about using location data they collect from users to map the spread of the virus or predict future outbreak areas. The government has yet to confirm the report, but the details we have suggest that this plan is in its early stages.

Still, even the idea must seem unsettling to some. Many Americans lack trust in both the federal government and in how companies handle their personal data, so it’s understandable that even a hint of collaboration between the two would come under suspicion. We’ve also seen a litany of problematic privacy invasions from other countries’ governments, as they battle this virus.

However, in this case, there are some limits to what the government can get from tech companies. America has rules when it comes to what it can force businesses and individuals to give up and how it can force them to do it. Cellphone location data is seen as particularly sensitive because of the immense amount of personal information that can be gleaned from it. The Federal Communications Commission (FCC) recently moved to issue massive fines to cellular phone carriers that were accused of selling individual location data; in 2018, the US Supreme Court ruled that law enforcement must obtain a search warrant to access an individual’s cellphone location data.

But what the government wants, the Post said, is not the location information of specific people but the location data of many people in aggregate that would be very difficult — perhaps impossible — to trace back to individuals. So this is a different situation from, say, the government working with a private company to create an app that assigns users a “health code” that restricts their movements and can report their locations to law enforcement. As the New York Times recently reported, this is what’s been happening in China.

David O’Brien, a senior researcher and assistant research director for privacy and security at the Berkman Klein Center for Internet & Society, told Recode that the American government will have to walk a fine line if it wants to get useful information while still preserving citizens’ privacy rights.

“It is possible to do this and to provide some privacy,” O’Brien said. “But I think that the trade-off has always been you want to very carefully match any types of privacy measures you put in place against what is it that you ultimately want to learn from the data.”

Adam Schwartz, senior staff attorney for the Electronic Frontier Foundation, similarly says that current circumstances give the government a little more leeway here — but just a little — to strike the balance between gathering information for the public good and protecting individuals’ privacy.

“We are in the middle of a public health crisis,” Schwartz told Recode. “And some rebalancing of collective and individual interests may be appropriate. But those adjustments need to be temporary and science-driven and not discriminate.

“Any time you’ve got location data in the mix, that’s a concern,” he added.

The government must be as restrictive as possible with the data it uses, how it uses it, and for how long, Schwartz said.

“It might be that some times of day are more important than other times of day, and if that’s true, you don’t need location for every time of day,” Schwartz said. “Or it might be that some places are more important than other places, so you don’t get all the places.”

O’Brien says that, ideally, there would be rules in place regarding what data the government can use and what it can use it for that could perhaps be overseen by an independent party.

“Right now, we’re relying on the goodwill of both the government and the tech companies to have our interests in mind,” he said. “It would be useful if there was some sort of accountability mechanism here, so it’s not just a tech company saying that they’re making a decision that’s in the best interest for everyone in the country. Somehow it could be verified by outside experts that the types of privacy protections they say they put in place are, in fact, there.”

All that said, the government may not get or even want access to raw data. It might just be interested in insights gleaned from the aggregate data, which some companies already sell. Facebook already provides de-identified aggregate data for free through its Data for Good program that, among other things, offers Disease Prevention Maps, which sound very similar to what the Post says the government is considering using. Facebook also says that universities and health organizations have used its disease prevention maps — it’s likely some are using them to combat coronavirus right now — but doesn’t mention working directly with governments in this way.

“Disease Prevention Maps have helped organizations respond to health emergencies for over a year and we’ve heard from a number of governments that they’re supportive of this work,” Laura McGorman, the policy lead for Data for Good, told Recode in a statement. “In the coronavirus context, researchers and nonprofits can use the maps, which are built with aggregated and anonymized data that people opt in to share, to understand and help combat the spread of the virus.”

If this is something you want your Facebook data to be a part of, you can opt in to sharing your location data to be used for purposes like this. Simply go to Settings & Privacy > Privacy Shortcuts > Manage your location settings > and then switch location history to “On” if you’re using a mobile app, or click this link on your browser. (Note that even if you turn all location services off or simply don’t opt into them in the first place, Facebook can and does still track your location for ad targeting purposes.)

Neither the US government nor Google responded to Recode’s request for comment.

Without knowing yet what kind of collaboration the government is discussing with tech companies, O’Brien said a bigger concern could be that any kind of partnership between the two entities that includes people’s data now could set a precedent that leads to something more invasive down the road.

“It does sort of set up, perhaps in the future, a willingness among tech companies to aid the government in certain types of situations by providing more information on the population than the government otherwise would have access to,” O’Brien said.

As privacy experts argue, this sounds like a Big Brother scenario, but it doesn’t have to be. If the tech companies and the government keep people’s privacy in the fronts of their minds, the greater good can be balanced out with individuals’ digital rights.

Open Sourced is made possible by Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.

Sign up for the newsletter Today, Explained

Understand the world with a daily explainer plus the most compelling stories of the day.