A new round of surveillance

Surveillance capitalism could lead the way to the surveillance state. Digital contact tracing, once introduced, won't go away any time soon.

A hallmark of Marxist critique is that labour is exploited by capitalists. But what if it’s no longer labour, or labour alone, that’s being exploited, but human experience and attention? The result is then a new kind of capitalism. In last week’s post, we missed the final step: this kind of capitalism is what Shoshana Zuboff vigorously calls surveillance capitalism.

Now this is a stark antidote to the optimistic note we ended on last week. But it’s something we’ve discussed for years now. The reason that draws us back to this topic is a global crisis that shares a key characteristic with surveillance capitalism: both are unprecedented. And the current crisis may well lead to a new round of surveillance, and this time by the state (again).

Mass surveillance has long been the domain of governments and their agencies. In Germany, many people are well aware of the Stasi, short for the Ministry for State Security, the official state security service of the German Democratic Republic. The Stasi maintained a huge surveillance database, almost entirely on paper.

Now I’d rather not speculate about what the Stasi could have achieved through the digital transformation. Rather, let’s have a look at a more current concern: contact tracing through a mobile app. That’s a topic high on the agenda – and burdened with high hopes – during the current lockdown.

What could go wrong?

Contact tracing is a classical task of medical authorities dealing with the spread of infectious diseases. The goal is to find people who possibly got infected and send them into quarantine to contain the spread of the disease. Health authorities do this in a centralised way: physicians must inform them about new cases of notifiable diseases, with or without disclosing personal data. Authorities can then act on this information.

A mobile app can, in theory at least, do this both more efficiently and more effectively. It can automatically record every possible contact a mobile user has (with other mobile users who use a compatible app, that is) and then alert the contact chain about possible and actual infections. It can also inform the authorities, disclosing personal data. What could possibly go wrong?

There are roughly two ways to design such an app: data could be stored in a central database, controlled by the authorities. Or it could be stored on the devices of the users, with limited access. In the latter approach, it could be up to the user to share his data with the authorities, in case of sickness.

The authorities would then publish a list of anonymous IDs of devices that reported infections. The app can check this list for IDs it already knows and alert users in case of contact with such an ID. It would still be up to the user to act appropriately. IDs can change regularly, to increase the level of privacy and security.

No app? No access.

All this could, of course, be made mandatory by law. Maybe supermarkets (or restaurants) could demand access to the app in exchange for access to the facilities. This, in turn, could be either illegal or even mandatory, or something in between. We’ve already seen this approach in some Asian countries, so it’s not too far-fetched.

We could end up not only with another more or less centralised location database (like the one Deutsche Telekom and Google already have for me), but also with a powerful system of access control. Imagine an app used to open up big sport events later this year or next year. Just show your green health status at the entrance check. No app? No access.

This may sound justifiable in times of unprecedented infectious diseases. But it’s not hard to imagine a possible next step: disallowing hooligans to enter. It might be the same app, just with added functionality – perhaps even hidden, so that hooligans would simply get a red health status. It could be another app, just for the purpose of regulating access to stadiums. See where this could go?

The UK is currently testing an app with a centralised approach that possibly won’t work well, asks for your location and may be illegal. In Germany, it will probably take weeks or even months until an app will be available. Only after Apple and Google announced their support for the decentralised approach (and disapproval of the centralised option), German authorities decided to follow this path.

We are years behind Estonia

It is interesting to note that Google, the pioneer of surveillance capitalism, positions itself as a defender of privacy. While Google itself has my location history, the company won’t support government agencies to build up such a thing. At least, not in this case. To be fair: Google gives me the option to turn off location history, edit or delete my data. The government wouldn’t.

The current crisis also highlights the relatively low degree of digitalisation in the public health sector. Contract tracing doesn’t scale well when it’s done with pen, paper and telephone. We’ve seen this approach failing and leading to nationwide lockdowns. All these important questions of surveillance, privacy, the storage and sharing of data or the use of apps for health issues could have been sorted out years ago.

Estonia is often credited as a digitally advanced country. In a recent podcast episode with Kersti Kaljulaid, President of Estonia, Azeem Azhar explained how this approach helped to navigate the current crisis. It is still surprising how little other European countries have learned from Estonia. It seems that the small Baltic country has effectively solved the privacy problem and minimised state surveillance while digitising every public service that could be digitised.

We’ve already learned that surveillance capitalism is a hard problem with no easy fix. We’re about to learn another lesson: digital mass surveillance by the state, once introduced, won’t go away anytime soon.

Photo by 🇨🇭 Claudio Schwarz | @purzlbaum on Unsplash