Blogs | Open internet and inclusive technology | Privacy and data protection | Artificial intelligence (AI) | Biometrics | Surveillance and data retention

COVID-Tech: Emergency responses to COVID-19 must not extend beyond the crisis

In EDRi's new series on COVID-19, we will explore the critical principles for protecting fundamental rights while curtailing the spread of the virus, as outlined in the EDRi network's statement on the virus. Each post in this series will tackle a specific issue at the intersection of digital rights and the global pandemic in order to explore broader questions about how to protect fundamental rights in a time of crisis.

By EDRi · April 15, 2020

In EDRi’s new series on COVID-19, we will explore the critical principles for protecting fundamental rights while curtailing the spread of the virus, as outlined in the EDRi network’s statement on the virus. Each post in this series will tackle a specific issue at the intersection of digital rights and the global pandemic in order to explore broader questions about how to protect fundamental rights in a time of crisis. In our statement, we emphasised the principle that states must “[i]mplement exceptional measures only for the duration of the crisis”. In this first post of the series, we take a look at what experiences in the UK, Poland and Hungary could teach states as they work out the most effective ways of stopping the spread of coronavirus – without leaving the door ajar for future fundamental rights violations to creep in.

Public health responses to the coronavirus pandemic are putting unprecedented limits on the daily lives of people across the world. A range of important rights, including to life and health, are of course threatened by COVID-19 – but the responses that we are seeing across Europe also threaten fundamental liberties and freedoms, both freedoms to do things (express ourselves, associate in public) and freedom from things (government surveillance, abuses of power, discrimination). In some cases, fundamental rights in the EU are not just under threat, but are already being unjustifiably, disproportionately and unlawfully violated under the guise of public health.


The state of play in Hungary:

On 30 March 2020, the Prime Minister of Hungary was granted sweeping powers to rule the country by decree. Hungary has been under the EU’s spotlight over the last two years for failing to comply with the EU’s core values, with the European Parliament launching infringement proceedings about the deteriorating respect for the rule of law, and civil society raising serious concerns including lack of respect for privacy and data protection, evidence of widespread state surveillance, and infringements on freedom of expression online. Following the enactment of a state of emergency on 11 March and the tabling of the indefinite decree on 23 March, ostensibly in response to the coronavirus pandemic, EU Parliament representatives issued a clear warning to Hungary, stating that “extraordinary measure adopted by the Hungarian government in response to the pandemic must respect the EU’s founding values.” This warning did little to temper Orbán’s ambitions, and leaves the people of Hungary vulnerable to expanded powers which can be abused long after the spread of coronavirus has been checked.

The state of play in Poland:

The European Parliament have also raised concerns about the worsening rule of law in Poland, in particular threats to the independence of the judiciary, with investigations activated in 2016. On 19 March 2020, the country’s efforts to tackle the spread of coronavirus received widespread attention when the government announced the use of a ‘Civil Quarantine’ app which they explained would require people in quarantine to send geo-located selfies within 20 minutes of receiving an alert – or face a visit from the police. according to the announcement, the app even uses controversial facial recognition technology to scan the selfies.

Early in April, the Polish government looked to make the use of the app mandatory, in a move which, as reported by EDRi member Panoptykon, was not proportionate [PL] (due to factors like people’s images being sent to government servers) and additionally not compliant with Poland’s constitution [PL]. Panoptykon emphasise important rules [PL] when implementing technological applications to combat COVID-19 such as minimising the data collected and having strict time periods for its retention, which states must follow in order to comply with fundamental rights.

The state of play in the UK:

The UK’s Coronavirus Act was passed on 25 March 2020, giving the UK government a suite of extraordinary powers for a period of 2 years. Following pressure from civil society, who called the proposed Bill “draconian”, the disproportiontely long period for the restrictions of people’s rights was adjusted to include parliamentary checks every 6 months. Yet NGOs have continued to question why the Bill is not up for renewal every 30 days, given the enormous potential for abuse of power that can happen when people’s fundamental rights protections are suspended or reduced. This is especially important given that, as EDRi member Privacy International has pointed out, the UK already has worryingly wide powers over forms of surveillance including bulk data interception and retention.

The UK has also come under fire for the sharp rise in disproportionate police responses since the introduction of the Bill, including stopping people from using their own gardens or using drones to chastise dog walkers. If not properly limited by law, these powers (and their abuse) have the potential to continue in ordinary times, further feeding the government’s surveillance machine.

POLITICO reports that UK authorities are not alone, with countries across Europe exploiting the climate of fear to encourage people to spy on and report their neighbours, alongside a rise in vigilante attacks, public shamings and even support for police violence. Such behaviour indicates an increasingly hostile, undemocratic and extra-judicial way of enforcing lockdowns. And it is frighteningly reminiscent of some of the most brutal, repressive twentieth-century police states.

What an open door could mean for the future of digital rights:

Allowing states to dispense with the rule of law in times of crisis risks putting those rights in a position of vulnerability in ordinary times, too. The legitimation and normalisation of surveillance infrastructures creates a sense that being watched and analysed all the time is normal (it is not) and contributes to societies filled with suspicion, abuse and mistrust. Before coronavirus was a household name, for example, Hungary’s secretive Szitakötő project was preparing to install 35,000 facial recognition cameras across the country for mass surveillance. This would allow the state to undermine the principle of investigatory warrants, and instead watch and analyse everyone, all the time. The current, indefinite state of emergency could remove any potential checks and balances on the Szitakötő plans, and allow Orbán to push through a wide range of ever-more-violatory measures such as repression of the free media, freedom of expression and political dissent.

Throughout 2019, Poland made its aspirations for global AI leadership clear, having experimented with automating state welfare since at least 2015. As UN Special Rapporteur Philip Alston has emphasised, the global uptake of “automated welfare” is a direct result of government goals to spend less on welfare, control people’s behaviour and punish those who do not conform. There is a risk that the Polish state could exploit new tech, like their quarantine app, to expand an undemocratic agenda and make technology the go-to solution for any public or societal issue. And the UK is already infamous for having one of the highest rates of surveillance cameras per capita in the world. Combined with the fact that the UK’s health service have employed the help of notorious personal-data-exploiting software company Palantir to manage coronavirus data, this suggests that the UK’s pre-existing public-private surveillance economy is the one area profiting from this crisis.

Conclusion:

Desperate times call for desperate measures – or so the saying goes. But this should not undermine the core values of our societies, especially when we have many reasons to be positive: compassionate and brave health workers treating patients; civil society working to protect rights in coronavirus apps and help governments make the right decisions; and global health organisations working to prevent future incidences of the virus and develop vaccines.

As the EU’s Committee for civil liberties state, mass surveillance does not make us safer. It puts undue limits on our liberties and rights which will continue long after the current emergency has been eased. As a result, we will all be less safe – and that really would be desperate times. In the words of Yuval Noah Harari:

[T]emporary measures have a nasty habit of outlasting emergencies, especially as there is always a new emergency lurking on the horizon […] Centralised monitoring and harsh punishments aren’t the only way to make people comply with beneficial guidelines. […] A self-motivated and well-informed population is usually far more powerful and effective than a policed, ignorant population.

Read more:
Fundamental rights implications of COVID-19 (various dates)
https://fra.europa.eu/en/themes/covid-1

Extraordinary powers need extraordinary protections (20/03/2020)
https://privacyinternational.org/news-analysis/3461/extraordinary-powers-need-extraordinary-protections

Use of smartphone data to manage COVID-19 must respect EU data protection rules (07.04.2020)
https://www.europarl.europa.eu/news/en/press-room/20200406IPR76604/use-of-smartphone-data-to-manage-covid-19-must-respect-eu-data-protection-rules

Contract Tracing in the Real World (12.04.2020)
https://www.lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/

(Contribution by Ella Jakubowska, EDRi Policy Intern)