Tony Romm, reporting for the Washington Post about a proposed bipartisan bill to regulate privacy among virus-tracing apps:
“I think if you ask most people, ‘Do you trust Google to respect your privacy?’ …they don’t trust Google,” said Republican Sen. Bill Cassidy (La.), one of the bill’s sponsors. “This is a matter of perception. It’s not an indictment of Google,” added Cassidy, a doctor by background before arriving in the Senate. “We’re making sure people are comfortable with this.”
The way Cassidy frames this is about providing reassurance to people so that they are more likely to opt in to tracing features, because many people are suspicious of tech giants and what they do with their information. I can quibble about how so many people are perfectly willing to trade their privacy for convenience, but I also appreciate that these virus-tracking systems won’t work without most people participating, and government reassurance that they can’t be used for an invasion of privacy could help grease the skids.
But then there’s this:
The bill by Cantwell and her peers requires companies developing contact-tracing applications to do so in collaboration with public-health authorities. These tools must also obtain consent before they can begin tracking a user’s location to determine the spread of the coronavirus.
Under the proposed, bipartisan legislation, any data collected as part of coronavirus monitoring technology could not be used for commercial purposes, and users could request at any time to delete it. App makers and other companies behind contact-tracing tools further would have to notify users in the event of a breach, and the U.S. government would gain new powers to penalize privacy and security abuses, the bill prescribes.
The debate over these tools has largely involved public-health authorities demanding more information than Google and Apple’s system is willing to provide. This line suggests to me that the government may expect Google and Apple to weaken the privacy restrictions built into their system in exchange for legal protection against the extra personal data being misused.
I wouldn’t bet against this having the opposite of its intended effect, by making the resulting system even more invasive—and leading people to opt out rather than pass even more personal information to a government agency, whether or not there are legal restrictions on its misuse.