Americans are being told to stay at home and keep their distance from others in an effort to slow the spread of COVID-19. But for populations that can’t or won’t abide by social distancing protocols, government officials are considering using smartphone location data to track individuals and how they might be spreading the disease.

During a paper hearing held Thursday—Congress’ social-distancing method, in which written testimony was submitted to legislators, who then asked questions of the witnesses in writing and gave them 96 days to respond—the Senate Committee on Commerce, Science and Transportation heard from big data and privacy experts about the potential uses for location data in staving off a pandemic, as well as the potential damage such systems can do to society as a whole if left unchecked.

In his open remarks, committee Chair Sen. Roger Wicker, R-Miss., cited reports of mobile advertising companies using consumer location data to track the spread of the disease.

“This location data is purported to be in aggregate form and anonymized so that it does not contain consumers’ personally identifiable information,” he wrote. “Data scientists are also seeking ways to combine artificial intelligence and machine learning technologies with big data to build upon efforts to track patterns, make diagnoses and identify other environmental or geographic factors affecting the rate of disease transmission.”

While these programs claim to anonymize the data, Wicker stressed the importance of keeping consumers informed about how their data is being used and what steps are taken to ensure bad actors can’t reidentify people using multiple data points.

“There can be little doubt that better access to and analysis of information will play a prominent role in addressing the ongoing pandemic,” wrote Ryan Calo, a professor at the University of Washington School of Law and co-director of the university’s Tech Policy Lab. “Yet even as we bring to bear the considerable ingenuity of our academic, public, and private institutions, my research into privacy and technology counsels a measure of humility and caution regarding the use of data analytics to address this crisis.”

Calo said big data can and is being used primarily in two distinct ways: first, to analyze broad trends and get a better idea of how the virus spreads; and second, to track infected persons to determine where they went and who they came into contact with.

He offered an example of the first use case in Google’s mobility app.

“Google’s COVID-19 Community Mobility Report sheds light on social distancing compliance across the country and the world by displaying month-by-month reports on how much given communities are traveling to work or using public transportation relative to a pre-coronavirus baseline,” he wrote. “Google is using consumer location information, which is a highly sensitive form of data. But because the data is aggregated and displayed only as a relative percentage, the risks to individuals are mitigated. Meanwhile, the data is useful to policymakers in determining where additional social-distancing measures might be needed and to health officials in assessing the correlation between social distancing and rates of viral transmission.”

Calo said he understands the utility of that use case but is highly skeptical of the second, “as I fear that it threatens privacy and civil liberties while doing little to address the pandemic.”

“The appeal of contact tracing apps is intuitive,” he said. “Many Americans today face a Hobson’s choice: remain at home in isolation, leaving social relations—and the economy—in tatters, or venture out into the world and potentially contract and spread COVID-19. The developers of contact tracing apps hope to offer a third way: safe mobility even in the absence of herd or vaccine immunity by crowd-sourcing the detection and avoidance. Laudable as this goal may be, the technique is unproven and the drawbacks potentially significant.”

Calo offered a number of scenarios in which that data could be abused, including by foreign operatives or “unscrupulous” politicians or government officials. Meanwhile, “The process of threat modeling apps that purport to trace the prevalence of coronavirus is limited or nonexistent.”

For Calo, any such tracing program would need to include significant safeguards to ensure it does not become a tool of oppression and abuse.

“To paraphrase the late Justice Robert Jackson, a problem with emergency powers is that they tend to kindle emergencies,” he wrote.

Michelle Richardson, director of the Data and Privacy Project at the Center for Democracy and Technology, categorized tracing programs being used in other countries into two buckets: location comparisons and proximity detection.

Location tracking has been used in China, South Korea and Israel to differing degrees.

In China, a government-built app tells people whether they are at risk of spreading the disease with a color-coded ranking system: green, yellow and red. According to a New York Times report, that data is shared with law enforcement and connects with health checkpoints that feed into the central government.

Israel is using a similar tactic, tapping its domestic spy agency, Shin Bet, to monitor cellphone locations throughout the country and text people who might have been exposed to COVID-19, telling them to quarantine.

“Shin Bet states that this program has led to the isolation of more than 500 people who later tested positive for COVID-19,” Richardson wrote. “The program has been criticized by privacy advocates and is also facing scrutiny by the Israeli Parliament.”

On the other side of the divide is proximity monitoring currently being used in Singapore and India, in which users install an app on their phone—either by choice or government decree—that uses Bluetooth to determine if the user has been within six feet of an infected person.

For India’s version of the app, “According to reports, the anonymized data collected by the app is checked against a database of known cases and their movements,” Richardson wrote. “If an app user tests positive or has been in close contact with someone who has, the app will share that data with the Indian government.”

Technologists in the European Union have been working on a similar system that would also comply with the eurozone’s General Data Protection Regulation, a multinational consumer privacy law.

The Privacy-Preserving Proximity Tracing, or PEPP-PT, “model does not collect location data, contact information, or identifiable features of the end devices,” she said. “Instead, the app will generate temporary IDs. When two or more smartphones running the app come into proximity, they exchange these IDs, encrypt and save them locally on the device.”

Richardson offered a checklist for governments to think through before instituting any such program:

Focus on prevention and treatment, not punishment.

Ensure accuracy and effectiveness.

Provide actionable information.

Require corporate and government practices that respect privacy.

Build services that serve all populations.

Empower individuals when possible.

Be transparent to build trust.

Be especially rigorous when considering government action.

However, Richardson also argued the lack of federal consumer data privacy laws in the U.S. is the biggest problem. Without such laws, she said, citizens do not have assurances their data is being used and protected properly.

“Instead, we have a patchwork of federal, state, and local laws that regulate specific sectors or data sets like education records, financial records, children’s information, and health records if they are held by certain entities,” she wrote. “This has led to the explosion of risky and exploitive data-driven behaviors in the vast unregulated space in between.”

Further, “It has reduced public trust in technology companies, and as a result, may discourage people from using legitimate services or waste precious time and resources on untested products. This in turn may inhibit the coronavirus response,” she said.

Wicker agreed.

“Strengthening consumer data privacy through the development of a strong and bipartisan federal data privacy law has been a priority for this committee,” he wrote. “The collection of consumer location data to track the coronavirus, although well intentioned and possibly necessary at this time, further underscores the need for uniform, national privacy legislation.”