The 9/11 Playbook for Protecting Privacy


Adam Klein and Edward Felten at Politico: “Geolocation data—precise GPS coordinates or records of proximity to other devices, often collected by smartphone apps—is emerging as a critical tool for tracking potential spread. But other, more novel types of surveillance are already being contemplated for this first pandemic of the digital age. Body temperature readings from internet-connected thermometers are already being used at scale, but there are more exotic possibilities. Could smart-home devices be used to identify coughs of a timbre associated with Covid-19? Can facial recognition and remote temperature sensing be harnessed to identify likely carriers at a distance?

Weigh the benefits of each collection and use of data against the risks.

Each scenario will present a different level of privacy sensitivity, different collection mechanisms, different technical options affecting privacy, and varying potential value to health professionals, meaning there is no substitute for case-by-case judgment about whether the benefits of a particular use of data outweighs the risks.

The various ways to use location data, for example, present vastly different levels of concern for privacy. Aggregated location data, which combines many individualized location trails to show broader trends, is possible with few privacy risks, using methods that ensure no individual’s location trail is reconstructable from released data. For that reason, governments should not seek individualized location trails for any application where aggregated data would suffice—for example, analyzing travel trends to predict future epidemic hotspots.

If authorities need to trace the movements of identifiable people, their location trails should be obtained on the basis of an individualized showing. Gathering from companies the location trails for all users—as the Israeli government does, according to news reports—would raise far greater privacy concerns.

Establish clear rules for how data can be used, retained, and shared.

Once data is collected, the focus shifts to what the government can do with it. In counterterrorism programs, detailed rules seek to reduce the effect on individual privacy by limiting how different types of data can be used, stored, and shared.

The most basic safeguard is deleting data when it is no longer needed. Keeping data longer than needed unnecessarily exposes it to data breaches, leaks, and other potential privacy harms. Any individualized location tracking should cease, and the data should be deleted, once the individual no longer presents a danger to public health.

Poland’s new tracking app for those exposed to the coronavirus illustrates why reasonable limits are essential. The Polish government plans to retain location data collected by the app for six years. It is hard to see a public-health justification for keeping the data that long. But the story also illustrates well how a failure to consider users’ privacy can undermine a program’s efficacy: the app’s onerous terms led at least one Polish citizen to refuse to download it….(More)”.

The War on Coronavirus Is Also a War on Paperwork


Article by Cass Sunstein: “As part of the war on coronavirus, U.S. regulators are taking aggressive steps against “sludge” – paperwork burdens and bureaucratic obstacles. This new battle front is aimed at eliminating frictions, or administrative barriers, that have been badly hurting doctors, nurses, hospitals, patients, and beneficiaries of essential public and private programs. 

Increasingly used in behavioral science, the term sludge refers to everything from form-filling requirements to time spent waiting in line to rules mandating in-person interviews imposed by both private and public sectors. Sometimes those burdens are justified – as, for example, when the Social Security Administration takes steps to ensure that those who receive benefits actually qualify for them. But far too often, sludge is imposed with little thought about its potentially devastating impact.

The coronavirus pandemic is concentrating the bureaucratic mind – and leading to impressive and brisk reforms. Consider a few examples. 

Under the Supplemental Nutrition Assistance Program (formerly known as food stamps), would-be beneficiaries have had to complete interviews before they are approved for benefits. In late March, the Department of Agriculture waived that requirement – and now gives states “blanket approval” to give out benefits to people who are entitled to them.

Early last week, the Internal Revenue Service announced that in order to qualify for payments under the Families First Coronavirus Response Act, people would have to file tax returns – even if they are Social Security recipients who typically don’t do that. The sludge would have ensured that many people never got money to which they were legally entitled. Under public pressure, the Department of Treasury reversed course – and said that Social Security recipients would receive the money automatically.

Some of the most aggressive sludge reduction efforts have come from the Department of Health and Human Services. Paperwork, reporting and auditing requirements are being eliminated. Importantly, dozens of medical services can now be provided through “telehealth.” 

In the department’s own words, the government “is allowing telehealth to fulfill many face-to-face visit requirements for clinicians to see their patients in inpatient rehabilitation facilities, hospice and home health.” 

In addition, Medicare will now pay laboratory technicians to travel to people’s homes to collect specimens for testing – thus eliminating the need for people to travel to health-care facilities for tests (and risk exposure to themselves or others). There are many other examples….(More)”.

Citizen input matters in the fight against COVID-19


Britt Lake at FeedbackLabs: “When the Ebola crisis hit West Africa in 2015, one of the first responses was to build large field hospitals to treat the rapidly growing number of Ebola patients. As Paul Richards explains, “These were seen as the safest option. But they were shunned by families, because so few patients came out alive.” Aid workers vocally opposed local customs like burial rituals that contributed to the spread of the virus, which caused tension with communities. Ebola-affected communities insisted that some of their methods had proven effective in lowering case numbers before outside help arrived. When government and aid agencies came in and delivered their own messages, locals felt that their expertise had been ignored. Distrust spread, as did a sense that the response pitted local knowledge against global experts. And the virus continued to spread. 

The same is true now. Today there are more than 1 million confirmed cases of COVID-19 worldwide. The virus has spread to every country and territory in the world, leaving virtually no one unaffected. The pandemic is exacerbating inequities in employment, education, access to healthcare and food, and workers’ rights even as it raises new challenges. Everyone is looking for answers to address their needs and anxieties while also collectively realizing that this pandemic and our responses to it will irrevocably shape the future.

It would be easy for us in the public sector to turn inwards for solutions on how to respond effectively to the pandemic and its aftermath. It’s comfortable to focus on perspectives from our own teams when we feel a heightened sense of urgency, and decisions must be made on a dime. However, it would be a mistake not to consider input from the communities we serve – alongside expert knowledge – when determining how we support them through this crisis. 

COVID-19 affects everyone on earth, and it won’t be possible to craft equitable responses that meet people’s needs around the globe unless we listen to what would work best to address those challenges and support homegrown solutions that are already working. Effective communication of public health information, for instance, is central to controlling the spread of COVID-19. By listening to communities, we can better understand what communication methods work for them and can do a better job getting those messages across in a way that resonates with diverse communities. And to face the looming economic crisis that COVID-19 is precipitating, we will need to engage in real dialogue with people about their priorities and the way they want to see society rebuilt….(More)”.

The Routledge Companion to Smart Cities


Book edited by Katharine S. Willis, and Alessandro Aurigi: “The Routledge Companion to Smart Cities explores the question of what it means for a city to be ‘smart’, raises some of the tensions emerging in smart city developments and considers the implications for future ways of inhabiting and understanding the urban condition. The volume draws together a critical and cross-disciplinary overview of the emerging topic of smart cities and explores it from a range of theoretical and empirical viewpoints.

This timely book brings together key thinkers and projects from a wide range of fields and perspectives into one volume to provide a valuable resource that would enable the reader to take their own critical position within the topic. To situate the topic of the smart city for the reader and establish key concepts, the volume sets out the various interpretations and aspects of what constitutes and defines smart cities. It investigates and considers the range of factors that shape the characteristics of smart cities and draws together different disciplinary perspectives. The consideration of what shapes the smart city is explored through discussing three broad ‘parts’ – issues of governance, the nature of urban development and how visions are realised – and includes chapters that draw on empirical studies to frame the discussion with an understanding not just of the nature of the smart city but also how it is studied, understood and reflected upon.

The Companion will appeal to academics and advanced undergraduates and postgraduates from across many disciplines including Urban Studies, Geography, Urban Planning, Sociology and Architecture, by providing state of the art reviews of key themes by leading scholars in the field, arranged under clearly themed sections….(More)”.

The significance of algorithmic selection for everyday life: The Case of Switzerland


University of Zurich: “This project empirically investigates the significance of automated algorithmic selection (AS) applications on the Internet for everyday life in Switzerland. It is the first countrywide, representative empirical study in the emerging interdisciplinary field of critical algorithm studies which assesses growing social, economic and political implications of algorithms in various life domains. The project is based on an innovative mix of methods comprising qualitative interviews and a representative Swiss online survey, combined with a passive metering (tracking) of Internet use.


  • Latzer, Michael
     / Festic, Noemi / Kappeler, Kiran (2020): Use and Assigned Relevance of Algorithmic-Selection Applications in Switzerland. Report 1 from the Project: The Significance of Algorithmic Selection for Everyday Life: The Case of Switzerland. Zurich: University of Zurich. http://mediachange.ch/research/algosig [forthcoming]
  • Latzer, Michael / Festic, Noemi / Kappeler, Kiran (2020): Awareness of Algorithmic Selection and Attitudes in Switzerland. Report 2 from the Project: The Significance of Algorithmic Selection for Everyday Life: The Case of Switzerland. Zurich: University of Zurich. http://mediachange.ch/research/algosig [forthcoming]
  • Latzer, Michael / Festic, Noemi / Kappeler, Kiran (2020): Awareness of Risks Related to Algorithmic Selection in Switzerland. Report 3 from the Project: The Significance of Algorithmic Selection for Everyday Life: The Case of Switzerland. Zurich: University of Zurich. http://mediachange.ch/research/algosig [forthcoming]
  • Latzer, Michael / Festic, Noemi / Kappeler, Kiran (2020): Coping Practices Related to Algorithmic Selection in Switzerland. Report 4 from the Project: The Significance of Algorithmic Selection for Everyday Life: The Case of Switzerland. Zurich: University of Zurich. http://mediachange.ch/research/algosig [forthcoming]…(More)”.

The Concept of Function Creep


Paper by Bert-Jaap Koops: “Function creep – the expansion of a system or technology beyond its original purposes – is a well-known phenomenon in STS, technology regulation, and surveillance studies. Correction: it is a well-referenced phenomenon. Yearly, hundreds of publications use the term to criticise developments in technology regulation and data governance. But why function creep is problematic, and why authors call system expansion ‘function creep’ rather than ‘innovation’, is underresearched. If the core problem is unknown, we can hardly identify suitable responses; therefore, we first need to understand what the concept actually refers to.

Surprisingly, no-one has ever written a paper about the concept itself. This paper fills that gap in the literature, by analysing and defining ‘function creep’. This creates conceptual clarity that can help structure future debates and address function creep concerns. First, I analyse what ‘function creep’ refers to, through semiotic analysis of the term and its role in discourse. Second, I discuss concepts that share family resemblances, including other ‘creep’ concepts and many theoretical notions from STS, economics, sociology, public policy, law, and discourse theory. Function creep can be situated in the nexus of reverse adaptation and self-augmentation of technology, incrementalism and disruption in policy and innovation, policy spillovers, ratchet effects, transformative use, and slippery slope argumentation.

Based on this, function creep can be defined as *an imperceptibly transformative and therewith contestable change in a data-processing system’s proper activity*. What distinguishes function creep from innovation is that it denotes some qualitative change in functionality that causes concern not only because of the change itself, but also because the change is insufficiently acknowledged as transformative and therefore requiring discussion. Argumentation theory illuminates how the pejorative ‘function creep’ functions in debates: it makes visible that what looks like linear change is actually non-linear, and simultaneously calls for much-needed debate about this qualitative change…(More)”.

Synthetic data offers advanced privacy for the Census Bureau, business


Kate Kaye at IAPP: “In the early 2000s, internet accessibility made risks of exposing individuals from population demographic data more likely than ever. So, the U.S. Census Bureau turned to an emerging privacy approach: synthetic data.

Some argue the algorithmic techniques used to develop privacy-secure synthetic datasets go beyond traditional deidentification methods. Today, along with the Census Bureau, clinical researchers, autonomous vehicle system developers and banks use these fake datasets that mimic statistically valid data.

In many cases, synthetic data is built from existing data by filtering it through machine learning models. Real data representing real individuals flows in, and fake data mimicking individuals with corresponding characteristics flows out.

When data scientists at the Census Bureau began exploring synthetic data methods, adoption of the internet had made deidentified, open-source data on U.S. residents, their households and businesses more accessible than in the past.

Especially concerning, census-block-level information was now widely available. Because in rural areas, a census block could represent data associated with as few as one house, simply stripping names, addresses and phone numbers from that information might not be enough to prevent exposure of individuals.

“There was pretty widespread angst” among statisticians, said John Abowd, the bureau’s associate director for research and methodology and chief scientist. The hand-wringing led to a “gradual awakening” that prompted the agency to begin developing synthetic data methods, he said.

Synthetic data built from the real data preserves privacy while providing information that is still relevant for research purposes, Abowd said: “The basic idea is to try to get a model that accurately produces an image of the confidential data.”

The plan for the 2020 census is to produce a synthetic image of that original data. The bureau also produces On the Map, a web-based mapping and reporting application that provides synthetic data showing where workers are employed and where they live along with reports on age, earnings, industry distributions, race, ethnicity, educational attainment and sex.

Of course, the real census data is still locked away, too, Abowd said: “We have a copy and the national archives have a copy of the confidential microdata.”…(More)”.

Birth of Intelligence: From RNA to Artificial Intelligence


Book by Daeyeol Lee: “What is intelligence? How did it begin and evolve to human intelligence? Does a high level of biological intelligence require a complex brain? Can man-made machines be truly intelligent? Is AI fundamentally different from human intelligence? In Birth of Intelligence, distinguished neuroscientist Daeyeol Lee tackles these pressing fundamental issues. To better prepare for future society and its technology, including how the use of AI will impact our lives, it is essential to understand the biological root and limits of human intelligence. After systematically reviewing biological and computational underpinnings of decision making and intelligent behaviors, Birth of Intelligence proposes that true intelligence requires life…(More)”.

The explanation game: a formal framework for interpretable machine learning


Paper by David S. Watson & Luciano Floridi: “We propose a formal framework for interpretable machine learning. Combining elements from statistical learning, causal interventionism, and decision theory, we design an idealised explanation game in which players collaborate to find the best explanation(s) for a given algorithmic prediction. Through an iterative procedure of questions and answers, the players establish a three-dimensional Pareto frontier that describes the optimal trade-offs between explanatory accuracy, simplicity, and relevance. Multiple rounds are played at different levels of abstraction, allowing the players to explore overlapping causal patterns of variable granularity and scope. We characterise the conditions under which such a game is almost surely guaranteed to converge on a (conditionally) optimal explanation surface in polynomial time, and highlight obstacles that will tend to prevent the players from advancing beyond certain explanatory thresholds. The game serves a descriptive and a normative function, establishing a conceptual space in which to analyse and compare existing proposals, as well as design new and improved solutions….(More)”

Experts warn of privacy risk as US uses GPS to fight coronavirus spread


Alex Hern at The Guardian: “A transatlantic divide on how to use location data to fight coronavirus risks highlights the lack of safeguards for Americans’ personal data, academics and data scientists have warned.

The US Centers for Disease Control and Prevention (CDC) has turned to data provided by the mobile advertising industry to analyse population movements in the midst of the pandemic.

Owing to a lack of systematic privacy protections in the US, data collected by advertising companies is often extremely detailed: companies with access to GPS location data, such as weather apps or some e-commerce sites, have been known to sell that data on for ad targeting purposes. That data provides much more granular information on the location and movement of individuals than the mobile network data received by the UK government from carriers including O2 and BT.

While both datasets track individuals at the collection level, GPS data is accurate to within five metres, according to Yves-Alexandre de Montjoye, a data scientist at Imperial College, while mobile network data is accurate to 0.1km² in city centres and much less in less dense areas – the difference between locating an individual to their street and to a specific room in their home…

But, warns de Montjoye, such data is never truly anonymous. “The original data is pseudonymised, yet it is quite easy to reidentify someone. Knowing where someone was is enough to reidentify them 95% of the time, using mobile phone data. So there’s the privacy concern: you need to process the pseudonymised data, but the pseudonymised data can be reidentified. Most of the time, if done properly, the aggregates are aggregated, and cannot be de-anonymised.”

The data scientist points to successful attempts to use location data in tracking outbreaks of malaria in Kenya or dengue in Pakistan as proof that location data has use in these situations, but warns that trust will be hurt if data collected for modelling purposes is then “surreptitiously used to crack down on individuals not respecting quarantines or kept and used for unrelated purposes”….(More)”.