COVID-19, Contact Tracing, and Expectations about Privacy
-- By
AbbyGraegin - 28 Feb 2024 - Revised 6 May 2024
Contact Tracing during the COVID-19 Pandemic
During the height of the pandemic, many countries implemented contact tracing apps in an attempt to contain the spread of COVID-19. Dessie Otachliska,
The Constitutionality of Technology-Assisted Contact Tracing, Harvard Law School Bill of Health (December 29, 2020). The application used in the US, Exposure Notifications, was introduced jointly by Google and Apple. Betsy Ladyzhets,
We investigated whether digital contact tracing actually worked in the US, MIT Technology Review (June 16, 2021). Google and Apple stressed two aspects of the app in anticipation of privacy concerns: first, the app used Bluetooth rather than GPS (meaning it only tracked which other users an individual was in close contact with over a period of time, not the individual’s location data), and, second, the app was opt-in. Fong at 659. The app likely would have been much more effective if it was more widely adopted, as exemplified by South Korea’s remarkably successful, government-mandated contact tracing app. Otachliska. However, rational concerns about data privacy significantly hurt opt-in rates.
Fourth Amendment Concerns
Fourth Amendment caselaw leaves the question of the protection of this contact tracing data unclear. Under the
Katz test, the Fourth Amendment protects an individual’s information when that individual has “exhibited an actual (subjective) expectation of privacy” and “the expectation be one that society is prepared to recognize as ‘reasonable.’
Katz v. United States, 389 U.S. 347, 361, 88 S. Ct. 507, 516, 19 L. Ed. 2d 576 (1967) (Harlan, J., concurring). On one hand, opting into a service that openly collects data could be seen as surrendering one’s expectation of privacy. How can one knowingly allow a third party to track their close contacts and expect that information to remain private at the same time? On the other hand, Apple and Google’s reassurances about privacy may be seen to foster this expectation among users.
The most on-point precedent is a case about cell-site location data used by law enforcement to connect an individual to a series of robberies.
Carpenter v. United States, 585 U.S. 296, 138 S. Ct. 2206, 201 L. Ed. 2d 507 (2018). There, the Court first established that a third party’s possession of the information does not sever its Fourth Amendment protection.
Id. at 2217. “[A]n individual maintains a legitimate expectation of privacy in the record of his physical movements” whether the government obtains the information directly through its own surveillance or indirectly from a wireless carrier.
Id. The Court based much of its reasoning on the nature of the technology. Because so many of our everyday functions are supported by cell phones, carrying one has become “indispensable to participation in modern society.”
Id. at 2210. Further, a cell phone user’s cell-site location data is gathered constantly, without any action, any opt-in, from the user. Id. In contrast, Exposure Notifications was a completely voluntary service. Users would have to opt in before the app would gather their contact data.
Additionally, the special needs doctrine provides an exception to the requirement for a search warrant when the primary purpose of the search is not crime control. 68 Am. Jur. 2d Searches and Seizures § 117. This doctrine provides a three-factor test for determining whether a special needs search is reasonable: “(1) the nature of the privacy interest involved, (2) the character and degree of the governmental intrusion, and (3) the nature and immediacy of the government's needs and the efficacy of the program in addressing those needs.”
Id. This doctrine may allow the government to access data collected through digital contact tracing, even if this information is found to be protected by the Fourth Amendment. The use of Bluetooth technology rather than GPS may actually be detrimental to users’ privacy interests under this doctrine—since no location data was collected through Exposure Notifications, the nature of the privacy interest and degree of government intrusion would both likely be discounted.
Impact on Expectations of Privacy
The implication of the law surrounding contract tracing data, and of the COVID-19 pandemic generally, is an overwhelming sense of resignation to a more glaring lack of privacy than we have ever seen. Contact tracing apps have certainly shed light on this issue. Some people remained resistant to that kind of data gathering during the height of the pandemic, and, because the US contact tracing app was opt-in, they had the ability to refuse to use it. On the other hand, many people who were hesitant at first have since given in to the sense of helplessness in maintaining their own privacy.
The general public seems to appreciate the danger of conspicuous data gathering through an app designed for that very purpose much more than the danger of other pandemic-related privacy and security risks. Yet, some other pandemic-related changes are at least as concerning. As one example, more people working from home, even after the height of the pandemic, has led to more vulnerability online without the security measures that many companies have put into place for their employees. Zoom in particular, which has hosted countless work-related and personal videocalls over the past four years, is susceptible to data breaches. An overwhelming number of Americans have resigned to using Zoom for work meetings, calls with friends, and even telehealth appointments, despite these risks.
The pandemic has left the country in a state of suspicion, but suspicion that most people have decided to tolerate. Many distrust technology, whether it be explicit data collection for disease tracking or the front-facing camera on a laptop. In particular, there is distrust surrounding medicine—many distrust their doctors. However, so many have decided they are still willing to use the things they distrust—the most obvious one being the smart phone. For that reason, there is no real driver to change. Individuals will continue to live without a sense of privacy or even a sense that they deserve privacy. For most, this is just the way it is and will continue to be.
Contact tracing through smartassphone proximity detection proved to be of now use to anyone during the epidemic. Some societies made use of it, of which the US was never one. The UK wasted billions on it without ever achieving even a working system. The epidemiology of the disease and the overwhelming of tracing-based public health services showed that the whole thing was a technological illusion.
So why write about it now? Why spend all these words only to reach a conclusion as jejune as "clearly technological advancements have muddied the waters of numerous legal doctrines"? I think the best route to improvement is to figure out what the central idea is you want to discuss and to divorce it from a factual substrate that won't bear its weight. If this is really an essay about administrative search doctrine under the Fourth Amendment, the cases to be discussed are actually about junkyards, I think. But if it is about the effect on the epidemic on either the law about or the social expectations concerning privacy (a subject on which there is indeed much to be thought and written), contact tracing and the Fourth Amendment seem to me equally not very relevant.
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.
To restrict access to your paper simply delete the "#" character on the next two lines:
Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.