If there’s one thing that securocrats and surveillance tech companies have in common, it’s a love for public safety. It’s no small wonder then that Covid-19 has spurred new growth in the surveillance industry. From facial recognition to automatic number plate scanners, from spying smartphone apps to Covid-19 vaccine passports, the world has seen some truly invasive and some downright illegal efforts to track the disease and enforce protocols to curb its spread. With the relentless third wave threatening to coincide with a fourth, surveillance practices from around the world could provide South Africa with some valuable guidelines.
Read the article Growth in global mass surveillance linked to Covid-tracking measures here.
This article speaks to a research report that explores the impact of the Covid-19 pandemic on the use of surveillance technologies. The report was commissioned by the C-19 People’s Coalition Anti-Repression Analysis Sub-Group and launched this month. You can find it here.
In January 2021, I got Covid-19. In less than 48 hours after my test, someone from the national Department of Health called me. How am I feeling? Am I isolating? Who is living with me? I was somewhat feverish, so I gave him extensive answers without thinking twice. Then a friend living in the UK told me about a similar experience. She was annoyed that the government had her number.
“That’s not even legal,” she complained. “How did they get it?”
It was only then that I thought about privacy in my own situation. I subsequently learnt that, given our state of disaster, the medical practitioner taking the sample during my Covid test was legally compelled to obtain (if the information was available) my name and surname, contact number, residential address, identity number and, preferably, also a copy or photo of my ID. All of this had to be submitted to the director-general of health for inclusion in the Covid-19 tracking database. That was news to me.
I don’t mind giving my number to the government for the greater good. (I just hope they keep my data safe and destroy it when they don’t need it anymore. Unfortunately, I have no way of finding out if they will.) But the incident did illustrate how easily, in the face of public panic, governments can create regulations and change the law to jack up their surveillance capabilities.
Forcing you to give up your phone number so that the government can do contact-tracing is a relatively simple way to increase surveillance capacity. But around the world, governments are using sophisticated surveillance technologies in efforts to curb the pandemic. Researchers have warned that these surveillance practices could persist even once nations get the virus under control. All of these technologies are readily available in countries with sufficient infrastructure. Many of them are normally used to fight crime, while others are for everyday use.
Take, for instance, smartphone location data. Your phone tracks you all the time. Location data are constantly being generated and recorded by apps on your phone. Usually, these apps use Wi-Fi and GPS to calculate your location. With some apps, this is necessary – think of ride-hailing or delivery apps such as Uber, or navigation apps like Waze and Google Maps. Some don’t need your location to work, but still compel you to surrender location data if you want to use the app. Usually, the app developers sell these data on to third parties and data brokers, who sell it again. It’s a valuable commodity and helps marketers to target their audiences. There’s not much you can do about this, save refusing to download the app.
Location data can be bought by governments and used for surveillance. In November 2020, the US military reportedly bought location data (from a private company) generated by a Muslim prayer app. Similarly, some governments have jumped at the chance to use location data to fight Covid. In some cases, it went horribly wrong.
In South Korea, citizens downloaded Covid-19 tracking apps. The location data from these apps were used to create publicly available maps showing people where persons with Covid-19 had been so that they could avoid those spots. But some of the data released were so personal and extensive that it became possible to identify individuals. Researchers asked if it was really necessary to publicly reveal all this information, warning that exposing people with a positive diagnosis could increase social stigma surrounding Covid-19. This could in turn discourage people from testing. The South Korean government was heavily criticised.
Other approaches showed little regard for public criticism. The government in Taiwan used location data from phones to triangulate people’s positions to alert police when they broke quarantine. With triangulation, people didn’t even need to download an app. The Iranian government was a bit sneakier: It asked people to download an app that would assist with a Covid-19 self-diagnosis. What it was really doing was collecting names, birthdays, addresses and phone location data. Equally sneaky, Singapore’s government forced citizens to install track-and-trace apps if they wanted to access shops and workplaces. The government also happened to keep the data to assist in police investigations. The Israeli government went all out and scrapped all warrant requirements that intelligence services might have needed to track people’s phones, essentially treating the virus as a threat to national security.
In South Africa, the track-and-trace app is known as CovidAlert. It works with Bluetooth instead of connecting to a central database with everyone’s personal information. The app can tell you if you’ve been in contact with someone who tested positive for Covid-19. The app’s terms and conditions say that no personal information is collected by the state, and it’s similar to more moderate track-and-trace measures used in Europe. But it almost didn’t happen. Initially, the government said it would use mobile phone location data obtained from mobile operators to track and trace people, but that idea was scrapped for a less invasive approach.
Another common surveillance technology South Africans encounter daily was used in some countries to enforce lockdown and quarantine restrictions. Automated number plate recognition (ANPR) camera networks scan all drivers’ vehicle licence plates and compare each scan to a database of registration numbers of wanted vehicles (vehicles stolen or associated with a crime). If there’s a match, police receive an alert and can pursue the suspect. Often, government law enforcement ANPR systems are linked to national vehicle databases containing the identifying details of all registration holders. This means the government can quickly identify a vehicle owner by searching for the registration number in the database.
As with mobile location data, governments have used this technology (primarily intended for law enforcement) to control ordinary citizens’ movements. Both democracies and authoritarian regimes have done so. In Britain, Devon and Cornwall police used ANPR technology to spot residents travelling unnecessarily during lockdown. ANPR was similarly used in Australia and India. In China, police tracked drivers and personally contacted them if they’d been in an area where they may have contracted Covid. They were then ordered to self-isolate.
In South Africa, ANPR camera networks are used in major cities, and are operated by local government and private entities. The systems of different towns and municipalities aren’t linked. To boot, not all systems are linked to the electronic National Transportation Information System (eNatis), which contains the identifying details of vehicle registration holders. Such a disjointed and limited system could hamper authorities’ efforts to use ANPR to keep South Africans in line during the pandemic. However, on a municipal level, it would be possible to use ANPR systems connected to eNatis to enforce the quarantine.
Up next: facial recognition – a technology increasingly used to verify people’s identities at airports and banks, and slowly finding its way into national identification systems. During the pandemic, the Russian government has taken its uses a step further, with reports that facial recognition technology has been used to identify people who left their homes while they were supposed to be self-isolating. China has also started using the technology to track people’s movements in an effort to curb Covid.
Police in the Philippines announced late in 2020 that they would monitor social media to make sure people didn’t break quarantine. An Italian research agency reportedly scraped data from half a million Instagram profiles to see if people were sticking to lockdown rules.
But facial recognition technology can be used in other ways to prevent the spread of Covid. Developers have adapted the software, enabling it to recognise someone even if they’re wearing a mask. It’s also been adapted to detect when a person isn’t wearing a mask, or if they are wearing one incorrectly. Another type of facial recognition technology, face detection, can be used to count how many people are gathered in a certain space, or calculate if people are not adhering to physical distancing protocols. The system can then alert authorities.
In South Africa, very few street surveillance camera systems are equipped with facial recognition technology, meaning it’s one less tool available to monitor adherence to Covid-19 regulations. But using facial recognition technology to detect mask-wearing contraventions isn’t such a big stretch. Vumacam, the country’s biggest public space surveillance company, is already envisioning the use of analytical software to enforce mask mandates and physical distancing. Being arrested and landing a criminal record for this type of contravention is a real possibility. Thousands of South Africans have been arrested for not adhering to mask protocols in public and contravening physical gathering regulations. (The SAPS did not respond to requests for an updated arrest figure.)
Another type of digital surveillance is far less conspicuous than surveillance cameras and licence plate readers. What you do and say on social media can also reveal if you’re not adhering to Covid-19 protocols, such as breaking lockdown rules. One may think that authorities are unlikely to detect lone individuals’ social media posts, but social media monitoring software now allows police, intelligence services and private corporations to scour thousands of social media posts and pick up keywords hinting at unwanted behaviour.
Police in the Philippines announced late in 2020 that they would monitor social media to make sure people didn’t break quarantine. An Italian research agency reportedly scraped data from half a million Instagram profiles to see if people were sticking to lockdown rules. It is not known if this type of technology has been used in South Africa to enforce Covid-19 regulations. If it were, proving it would be difficult because it is virtually impossible to know if your social media information has been subjected to such monitoring. The surest way to escape it, is to give up social media.
As vaccine roll-out progresses, the introduction of Covid-19 vaccine passports is stirring controversy. It can be electronic (such as a QR code on your smartphone) or a hard copy (similar to a yellow fever certificate). There is no global standard for Covid-19 vaccine passports, but countries are already coming to mutual agreements about which passports are acceptable in order to allow international travel. For instance, the European Union is now making a “Digital Green Certificate” available as proof of vaccination for EU residents.
Vaccine passports can also be used at the local level. It may become mandatory to show proof of vaccination if you want to access your place of employment, restaurants or sports venues. In March 2021, New York became the first American state to require digital vaccine passports for people wanting to attend social events at sports stadiums and wedding venues, among others.
Vaccine passports, particularly digital ones linked to a centralised national database, pose privacy concerns. They usually reveal your name, identity number, address and vaccination status, all of which constitute personal information. That data can be hacked, leaked or simply sold illegally to third parties. There are also social concerns. Some people cannot be vaccinated, including children and people with certain medical conditions. Others may not have access to vaccines because of delayed vaccine roll-outs.
As of 4 September, South Africa had administered 13.4 million vaccine doses, with the government aiming to have 67% of the population fully vaccinated by the end of the year. Until then, it seems unlikely that compulsory vaccine passports will even be considered for domestic movement. However, on 2 September the spokesperson for President Cyril Ramaphosa announced that the government would be looking into vaccine passports as a way to aid the country’s economic recovery.
Fortunately, South Africans have thus far been spared many of the more invasive surveillance methods used in other countries in the face of the pandemic. That means the country has the benefit of hindsight and learning from others’ experience; whether we do so, is another matter. DM