本文翻譯自電子前線基金會 (EFF):在公衛危機期間保障公民權(Protecting Civil Liberties During a Public Health Crisis),譯者:周冠汝

Across the world, public health authorities are working to contain the spread of COVID-19 (Coronavirus Disease 2019). In pursuit of this urgent and necessary task, many government agencies are collecting and analyzing personal information about large numbers of identifiable people, including their health, travel, and personal relationships. As our society struggles with how best to minimize the spread of this disease, we must carefully consider the way that “big data” containment tools impact our digital liberties.


Special efforts by public health agencies to combat the spread of COVID-19 are warranted. In the digital world as in the physical world, public policy must reflect a balance between collective good and civil liberties in order to protect the health and safety of our society from communicable disease outbreaks. It is important, however, that any extraordinary measures used to manage a specific crisis must not become permanent fixtures in the landscape of government intrusions into daily life. There is historical precedent for life-saving programs such as these, and their intrusions on digital liberties, to outlive their urgency.


Thus, any data collection and digital monitoring of potential carriers of COVID-19 should take into consideration and commit to these principles:


  • Privacy intrusions must be necessary and proportionate. A program that collects, en masse, identifiable information about people must be scientifically justified and deemed necessary by public health experts for the purpose of containment. And that data processing must be proportionate to the need. For example, maintenance of 10 years of travel history of all people would not be proportionate to the need to contain a disease like COVID-19, which has a two-week incubation period.
  • 侵犯隱私的措施需符合必要性及比例原則。蒐集人民可識別資訊的措施必須有科學依據,並由公衛專家認定對達成防疫目的有必要性,且資料處理方式需合乎比例。比如,COVID-19只有兩週潛伏期,因此在防疫需求上採取儲存十年的全民旅遊史就不符合比例原則。
  • Data collection based on science, not bias. Given the global scope of communicable diseases, there is historical precedent for impropergovernment containment efforts driven by bias based on nationality, ethnicity, religion, and race — rather than facts about a particular individual’s actual likelihood of contracting the virus, such as their travel history or contact with potentially infected people. Today, we must ensure that any automated data systems used to contain COVID-19 do not erroneously identify members of specific demographic groups as particularly susceptible to infection.
  • 基於科學事實蒐集資料,而非偏見。著眼於傳染病的全球流行,歷史顯示存在政府採取偏見(國籍、種族、宗教、人種),而非基於事實(例如以旅行史或接觸潛在感染者計算實際得病機率)的不當防疫措施。眼下,我們必須確保任何用以防治COVID-19的自動化資料系統不會誤將特定人口歸為易受感染的族群。
  • Expiration. As in other major emergencies in the past, there is a hazard that the data surveillance infrastructure we build to contain COVID-19 may long outlive the crisis it was intended to address. The government and its corporate cooperators must roll back any invasive programs created in the name of public health after crisis has been contained.
  • 退場機制。我們現在面臨為了防治COVID-19建立的資料監控基礎設施,可能在危機結束後仍然存在的危險,就像過去許多重大緊急事件一樣。政府和其配合的公司在危機解除後,必須撤除所有以保障公共衛生為名的侵入措施。
  • Transparency. Any government use of “big data” to track virus spread must be clearly and quickly explained to the public. This includes publication of detailed information about the information being gathered, the retention period for the information, the tools used to process that information, the ways these tools guide public health decisions, and whether these tools have had any positive or negative outcomes.
  • 透明機制。政府使用「大數據」追蹤病毒傳遞,必須盡快向大眾清楚解釋。解釋內容包含公布以下詳細資訊:蒐集的資料、保存資料的期間、處理資訊的工具、工具引導公衛判斷的方法,以及工具可能產生的正面及負面效果。
  • Due Process. If the government seeks to limit a person’s rights based on this “big data” surveillance (for example, to quarantine them based on the system’s conclusions about their relationships or travel), then the person must have the opportunity to timely and fairly challenge these conclusions and limits.
  • 正當程序。若政府基於「大數據」監控限制個人的權利(例如:以系統對其人際關係及旅遊史得出的結論,決定對當事人施行隔離),那麼必須保障當事人有機會得以即時且公平地對相關結論及限制表達異議。

In light of these principles, we are troubled by reports about how the Chinese government is using “big data” to contain COVID-19. Reportedly, that government is requiring its citizens to download software to their phones, and then use their phones to scan QR codes when they arrive at checkpoints for entry to public spaces (e.g., trains and malls). This software assigns each citizen a color code (i.e., green, yellow, or red) to indicate their health status. The software dictates whether each citizen should be quarantined, and whether they may enter public spaces. The software also sends information to the local police. The Chinese government says it is only using this system to identify people who may be infected. Citizens report they have been quarantined because this tracking system identified contact between them and an infected person.


We also have questions about a new rule from the U.S. Centers for Disease Control and Prevention (CDC). It requires airline companies to collect the name and contact information of all passengers and crew arriving in the United States on international flights, and to transmit this information to the CDC within 24 hours of an order to do so. The CDC intends to use this information for “contact tracing,” that is, to rapidly identify people who were in contact with an infected person, so those contacted people can be timely notified, tested, and possibly quarantined. Such data processing may be necessary and proportionate to the public health need.


But we must not lose sight of the great sensitivity of the personal data at issue–this data paints a clear picture of the travel, health, and personal relationships of airline passengers. EFF would like the CDC to explain what it will do to ensure this sensitive data is used only to contain communicable diseases. For example, what measures will ensure this data is purged when no longer helpful to contact tracing? Also, what safeguards will ensure this newly collected data is not used by police for ordinary crime fighting, or by ICE for immigration enforcement?


EFF has long advocated against digital surveillance by government and corporations of our movementshealth, and personal relationships, and against big data systems that can turn our lives into open books. Such data processing often invades our privacy, deters our free speech and association, and disparately burdens racial minorities. Some use of big data may now be warranted as public health officials work to contain COVID-19. But it must be medically necessary, as determined by public health experts; any new processing of personal data must be proportionate to the actual need; people must not be scrutinized because of their nationality or other demographic factors; and any new government powers must expire when the disease is contained.