Armed Conflict Cybersecurity & Tech Surveillance & Privacy

COVID-19 Apps Are Terrible—They Didn't Have to Be

Jane Bambauer, Brian Ray
Monday, December 21, 2020, 8:01 AM

COVID-19 apps in the United States have been ineffective as public health tools because they are designed primarily to protect privacy. Poor design choices, effectively mandated by Google and Apple, were driven by ongoing consumer privacy and national security debates that shortsightedly rejected tracking technologies.

Published by The Lawfare Institute
in Cooperation With

During March and April 2020, we watched with growing unease as China, South Korea and Israel dramatically expanded government surveillance to contain the spread of the novel coronavirus. In these early weeks of the pandemic—as the U.S. surpassed Italy to lead the world in coronavirus deaths, millions of small businesses faced permanent closure from lockdown restrictions, and the unemployment rate skyrocketed from 3.8 percent to 14.4 percent—American observers routinely worried that U.S. government agencies might expand surveillance under the cover of public health in similar ways that national security was used after 9/11.

In fact, state and federal governments (as well as influential private firms) did exactly the opposite, prioritizing a fetishized notion of individual privacy over collective public health. They actively distanced themselves from the use of digital contact-tracing and infection-risk-scoring tools. The reluctance to leverage communications technologies to stem the spread of the novel coronavirus was so strong and so pervasive that the COVID-19 apps in operation today are underpowered and undersubscribed by design. They languish on a few phones and in app stores as the ghosts of clever programming.

As we explain in this paper, a complex mix of social preconditions caused the United States to squander its opportunity to use apps for pandemic management. We investigate four intersecting sources of dysfunction: (a) political hesitance due to preexisting techlash and surveillance politics, (b) public relations problems for Google and Apple, (c) de facto immunity for other actors (including major retailers) that might have invested in a reliable app, and (d) lost interest among the general public. From these analyses, we derive three lessons to improve preparedness for the next crisis of communicable disease.

Jane Bambauer is a professor of law at the University of Arizona, where she teaches and researches about free speech, privacy and technology policy.
Brian Ray is the Leon M. and Gloria Plevin Professor of Law at Cleveland-Marshall College of Law where he co-founded and directs the Center for Cybersecurity and Privacy Protection. His research focuses on cybersecurity and privacy regulation, surveillance technologies, and public data governance.

Subscribe to Lawfare