本文翻譯自電子前線基金會 (EFF):在公衛危機期間保障公民權(Protecting Civil Liberties During a Public Health Crisis),譯者:周冠汝
Across the world, public health authorities are working to contain the spread of COVID-19 (Coronavirus Disease 2019). In pursuit of this urgent and necessary task, many government agencies are collecting and analyzing personal information about large numbers of identifiable people, including their health, travel, and personal relationships. As our society struggles with how best to minimize the spread of this disease, we must carefully consider the way that “big data” containment tools impact our digital liberties.
橫跨全球的公共衛生當局正著手阻擋COVID-19病毒的散播。為了完成這項急迫且必要的任務,許多政府機關蒐集並分析數量龐大且可識別出個人的資料(包含健康、旅遊、人際關係)。當我們的社會竭力減緩疾病的散播,我們必須謹慎思考「大數據」防疫工具對數位權利的衝擊。
Special efforts by public health agencies to combat the spread of COVID-19 are warranted. In the digital world as in the physical world, public policy must reflect a balance between collective good and civil liberties in order to protect the health and safety of our society from communicable disease outbreaks. It is important, however, that any extraordinary measures used to manage a specific crisis must not become permanent fixtures in the landscape of government intrusions into daily life. There is historical precedent for life-saving programs such as these, and their intrusions on digital liberties, to outlive their urgency.
公衛機關用以打擊COVID-19散播的特別措施是社會需要的。如同在實體世界,數位世界中的公共政策須平衡集體利益與公民權,以保障傳染病爆發下的社會安全及健康。然而重要的是,必須確保任何用以管控特定危機的非常手段,不能成為政府入侵日常生活的固定標配。歷史前例讓我們看見,這些救命措施以及其對數位權利的侵害,存續得比對抗病毒的急迫性還來得久。
Thus, any data collection and digital monitoring of potential carriers of COVID-19 should take into consideration and commit to these principles:
因此,對於COVID-19潛在帶原者的任何資料蒐集和數位監控,均須將以下原則納入考量並實踐:
- Privacy intrusions must be necessary and proportionate. A program that collects, en masse, identifiable information about people must be scientifically justified and deemed necessary by public health experts for the purpose of containment. And that data processing must be proportionate to the need. For example, maintenance of 10 years of travel history of all people would not be proportionate to the need to contain a disease like COVID-19, which has a two-week incubation period.
- 侵犯隱私的措施需符合必要性及比例原則。蒐集人民可識別資訊的措施必須有科學依據,並由公衛專家認定對達成防疫目的有必要性,且資料處理方式需合乎比例。比如,COVID-19只有兩週潛伏期,因此在防疫需求上採取儲存十年的全民旅遊史就不符合比例原則。
- Data collection based on science, not bias. Given the global scope of communicable diseases, there is historical precedent for impropergovernment containment efforts driven by bias based on nationality, ethnicity, religion, and race — rather than facts about a particular individual’s actual likelihood of contracting the virus, such as their travel history or contact with potentially infected people. Today, we must ensure that any automated data systems used to contain COVID-19 do not erroneously identify members of specific demographic groups as particularly susceptible to infection.
- 基於科學事實蒐集資料,而非偏見。著眼於傳染病的全球流行,歷史顯示存在政府採取偏見(國籍、種族、宗教、人種),而非基於事實(例如以旅行史或接觸潛在感染者計算實際得病機率)的不當防疫措施。眼下,我們必須確保任何用以防治COVID-19的自動化資料系統不會誤將特定人口歸為易受感染的族群。
- Expiration. As in other major emergencies in the past, there is a hazard that the data surveillance infrastructure we build to contain COVID-19 may long outlive the crisis it was intended to address. The government and its corporate cooperators must roll back any invasive programs created in the name of public health after crisis has been contained.
- 退場機制。我們現在面臨為了防治COVID-19建立的資料監控基礎設施,可能在危機結束後仍然存在的危險,就像過去許多重大緊急事件一樣。政府和其配合的公司在危機解除後,必須撤除所有以保障公共衛生為名的侵入措施。
- Transparency. Any government use of “big data” to track virus spread must be clearly and quickly explained to the public. This includes publication of detailed information about the information being gathered, the retention period for the information, the tools used to process that information, the ways these tools guide public health decisions, and whether these tools have had any positive or negative outcomes.
- 透明機制。政府使用「大數據」追蹤病毒傳遞,必須盡快向大眾清楚解釋。解釋內容包含公布以下詳細資訊:蒐集的資料、保存資料的期間、處理資訊的工具、工具引導公衛判斷的方法,以及工具可能產生的正面及負面效果。
- Due Process. If the government seeks to limit a person’s rights based on this “big data” surveillance (for example, to quarantine them based on the system’s conclusions about their relationships or travel), then the person must have the opportunity to timely and fairly challenge these conclusions and limits.
- 正當程序。若政府基於「大數據」監控限制個人的權利(例如:以系統對其人際關係及旅遊史得出的結論,決定對當事人施行隔離),那麼必須保障當事人有機會得以即時且公平地對相關結論及限制表達異議。
In light of these principles, we are troubled by reports about how the Chinese government is using “big data” to contain COVID-19. Reportedly, that government is requiring its citizens to download software to their phones, and then use their phones to scan QR codes when they arrive at checkpoints for entry to public spaces (e.g., trains and malls). This software assigns each citizen a color code (i.e., green, yellow, or red) to indicate their health status. The software dictates whether each citizen should be quarantined, and whether they may enter public spaces. The software also sends information to the local police. The Chinese government says it is only using this system to identify people who may be infected. Citizens report they have been quarantined because this tracking system identified contact between them and an infected person.
鑑於上述原則,我們對於報導指出中國政府使用「大數據」防疫深感憂心。據報載,中國政府要求公民下載軟體到手機,並在進入公共場所(如:火車、賣場)的入口檢查站掃二維條碼。這款軟體指派給每個公民一種顏色(綠、黃、紅)暗示每個人的健康狀態。這款軟體支配著公民是否需要隔離,以及誰可以進入公共場所。它甚至也會傳資料給當地警察。中國政府聲稱,軟體僅用作識別可能的感染者。有公民指出他們因此而被隔離,因為這套追蹤系統發現他們曾接觸感染者。
We also have questions about a new rule from the U.S. Centers for Disease Control and Prevention (CDC). It requires airline companies to collect the name and contact information of all passengers and crew arriving in the United States on international flights, and to transmit this information to the CDC within 24 hours of an order to do so. The CDC intends to use this information for “contact tracing,” that is, to rapidly identify people who were in contact with an infected person, so those contacted people can be timely notified, tested, and possibly quarantined. Such data processing may be necessary and proportionate to the public health need.
我們對美國疾病管制暨預防中心(CDC)的新規定也有疑問。它要求航空公司蒐集抵達美國的國際航班所有旅客及機組人員姓名、聯絡資訊,並在24小時內傳給CDC。CDC打算將資訊用做「接觸追蹤」,也就是快速辨識接觸過感染者的人,使得接觸者可以被即時通知、檢測,並可能採取隔離。這樣的資料處理模式可能對維繫公共衛生需求是必要且合乎比例原則的。
But we must not lose sight of the great sensitivity of the personal data at issue–this data paints a clear picture of the travel, health, and personal relationships of airline passengers. EFF would like the CDC to explain what it will do to ensure this sensitive data is used only to contain communicable diseases. For example, what measures will ensure this data is purged when no longer helpful to contact tracing? Also, what safeguards will ensure this newly collected data is not used by police for ordinary crime fighting, or by ICE for immigration enforcement?
但我們並不能忽視個人資料強烈的敏感性,這些資料描繪出航空旅客旅行、健康、人際關係的清晰圖像。電子前線基金會呼籲CDC解釋會如何確保這些敏感資料只會用在防治傳染病。例如,採取何種措施,確保資料在無法幫助追蹤接觸史時刪除?以及有什麼防護措施,能確保近期蒐集的資料,不會被警方用作打擊普通犯罪,或者被移民及海關執法局用於查緝非法入境及遣返行動。
EFF has long advocated against digital surveillance by government and corporations of our movements, health, and personal relationships, and against big data systems that can turn our lives into open books. Such data processing often invades our privacy, deters our free speech and association, and disparately burdens racial minorities. Some use of big data may now be warranted as public health officials work to contain COVID-19. But it must be medically necessary, as determined by public health experts; any new processing of personal data must be proportionate to the actual need; people must not be scrutinized because of their nationality or other demographic factors; and any new government powers must expire when the disease is contained.
電子前線基金會長期倡議,反對政府及企業對我們的移動、健康及人際關係進行數位監控,以及反對可將我們生活攤於眾人眼目的巨量資料系統。這樣的資料處理模式時常侵犯我們的隱私,使我們受驚擾而不敢實踐自由發表言論及舉行集會,並讓少數族裔承受額外的負擔。部分大數據運用可能因公衛機關開始防治COVID-19而有需要,但必須經公衛專家認定對醫療有必要。任何新採取的個資處理手段,必須依實際需求符合比率原則。應保障任何人不會因其國籍或其他人口分類的位置受到放大檢視。以及當疫情受到控制時,任何政府掌握的新權能都必須終止。
