How to create a trustworthy COVID-19 tracking technology

In the fight against COVID-19, tech governance is at a clear crossroad. Either it will be part of the recovery debate, leading to the emergence of public-private global cooperation for a trustworthy use of technology. Or we might observe a dramatic surrender of public liberties in the name of using surveillance technologies in the continuous battle against coronavirus and potential novel viruses.

Many tech companies and at least 30 governments have started proposing or deploying tracking tools. Privacy International has been collecting these initiatives, showing the wide range of approaches in terms of privacy and respect of freedoms. The lack of a shared governance framework is manifest.

Tracking technologies using smartphones could help monitor the evolution of the virus among the population and quickly prevent new clusters of confirmed cases from building up, helping countries emerge from lockdowns. But they also bring dauting privacy risks associated with collecting health data from citizens and tracking movements. These tools may lead to an unprecedent infringement of our freedoms, unless governments and tech companies turn to robust governance frameworks and rely on true cooperation.

“There may be no turning back if Pandora’s box is opened,” noted Irakli Beridze, Head of the Centre for Artificial Intelligence and Robotics for the United Nations Interregional Crime and Justice Research Institute (UNICRI), in a recent article.

How can we navigate the gray zone of ending lockdowns while avoiding any infringement of freedom?

The World Economic Forum’s Centre for the Fourth Industrial Revolution recently launched a pilot project in France to test a governance framework for the responsible use of facial recognition. This work suggests four lessons to ensure the responsible use of technologies in a post-COVID-19 world.

1. Lean on a multistakeholder approach

COVID-19 allows tech companies to take a new lead on health or security infrastructures, domains historically occupied by governments. A multistakholder approach could help balance and coordinate the roles of the public and the private sectors and put the rights of the citizen first – at the local, regional and global levels.

2. Clearly identify potential limitations

It is critical to agree on what the objectives and limits of tracking technologies should be. For example, the Berkman Klein Center of Harvard University has built a tool to list many of the initiatives to ensure ethical approaches to AI. Policymakers and tech companies must examine nine main principles, asking questions that will help inform essential requirements for any tools.

3. Ensure continuous internal evaluation

Once the principles are established, the next step is to ensure that the system meets the requirements. One way to do so is to draft a list of questions to guide the product team to internally check its compliance. This questionnaire helps bridge the gap between political principles and technical requirements.

For example, IBM Research has a framework called “FactSheets” to increase trust in AI services, Google has recently proposed a framework for internal algorithmic auditing, and Microsoft a list of AI Principles and the tools to apply them internally. These promising projects could serve as best practices for other tech companies.

4. Identify an independent third party for oversight

In addition to the internal questionnaire, there must also be external oversight of systems through an independent third party. Trust depends on the ability of this independent body to have access to the system to conduct verifications.

Recent history shows that the need for audits or audit reforms surges in the aftermath of crises. For example, the 2002 Sarbanes-Oxley Act that created new regulations to respond to fraud in financial services emerged after the failure of Enron. In the aerospace industry, the recent Boeing 737MAX accidents may lead to a new series of stronger controls.

As of now, tech companies have largely avoided any external audit, even when failures to protect citizens have been reported and have led to scandals. For example, consider the case of clearview.ai, a facial recognition tool working on a never-seen database of more than three billion images scraped from the Internet, including social media applications and millions of other websites. This startup has not only raised privacy concerns but also been reportedly exposed to a recent data breach. What is true for traditional industries should be true for the tech sector as well.

We know that tech governance is key to mitigating the potential risks brought by the Fourth Industrial Revolution. The COVID-19 crisis represents its truth test. We must act now to build frameworks that can help ensure any tracking tools not only aid in the recovery but also protect the rights of users.