“While some of these systems could offer public health benefits, they may also cause significant risks to privacy, civil rights, and civil liberties,” the ACLU’s Surveillance and Cybersecurity Counsel Jennifer Stisa Granick wrote in a blog post. “If such systems are to work, there must be widespread, free, and quick testing available.”

While Apple and Google’s proposal “offers a strong start,” the companies could do more, Granick writes. Among the concerns: giving phone owners more control over how and when their data is used. This “voluntariness,” will help ensure enough people use the tech in order for it to be effective. But if some of the more “coercive and scary” proposals are implemented, it could result in people intentionally avoiding the tracing tech by turning off their phones or disabling location data.

Other principles include use limitations, in order to ensure data isn’t used for advertising or non-public health purposes; minimization, to prevent unnecessary data collection; data destruction, so user data isn’t saved longer than necessary; and transparency, so people know how the government is using data.

The group is also concerned about government use of the data, and the potential to exploit the surveillance tech for other purposes. The ACLU also sent a Freedom of Information Act (FOIA) request to the Department of Health and Human Services (HHS) and Centers for Disease Control (CDC), requesting records of its communications with tech companies.

Among their concerns: “mission creep” — that contact tracing efforts used to track the spread of Covid-19 will continue long after the coronavirus pandemic.

“In emergencies, we understand that many previously unacceptable practices may be adopted temporarily,” the ACLU writes in its FOIA request. “But details matter, and it’s critical that the government be transparent with the public about its plans to use location data or health data during the crisis.”