An interview with Paolo Attivissimo. He is an information technology writer and journalist, science communicator, public speaker, technical translator and interpreter, and hoax buster. He has followed from the early stages the intense debate that has been going on about the dispute that has arisen within the PEPP-PT consortium. The interview took place by telephone on Tuesday 28 April.
Why is there so much talk about contact tracing technology as a necessary choice?
Paolo Attivissimo: I think there are two basic reasons. The first is political. Technology is something that is easily introduced and responds to the need to be seen to do something. There is a security problem, in this case of health, and at the political level it is necessary, showing that there is something to be done and that it is being done. Effectively or not, that is another matter. The second aspect is the fact that this is the first pandemic in the age of ubiquitous smartphones. We now have such a widespread use of smartphones and a habit of using them that at least we can justify trying. It is an experiment. In fact, having no precedent, none of us know whether this system is effective and so we try. The reasonable assumption is: if we could track people when they come into contact with another positive person, then we could do more automated contact tracing and thus prevent the spread of the disease. There is a risk that a whole complex operation will be carried out without any result other than allowing violations of privacy, abuses that could very well have been avoided.
What risks can a contact tracing program entail?
Paolo Attivissimo: My impression is that there has been an immediate interest – not only from the health authorities but also from the public safety authorities – in a system that allows people’s movements to be tracked. I make this conjecture because the same principle was applied many years ago, with the introduction of digital mobile telephony. Initially, GSM calls were encrypted. Then the GSM encryption system was deliberately changed to allow the police to exercise some surveillance. This kind of mechanism, this desire to access to private information ’for public security’ is always there. We must, however, think about the political implications as well. A collective tracking system where all the movements of all people flow into a central archive means giving a central power an extraordinary power: to supervise the gatherings, to supervise the political meetings, to supervise the opposition, to supervise the journalists. I can understand that there has been a much greater interest in centralised solutions than decentralised ones. Then, fortunately, those in the field intervened forcefully and did not bow to either governmental or social pressure or demands. Workers who are normally very calm and silent have mobilised themselves to slow down a rapid development that could have got out of hand.
Often the debate is almost about a choice between privacy or security. Does one exclude the other?
Paolo Attivissimo: I think that this kind of vision stems from the fact that privacy and security are seen as antithetical. It is often said that ‘to have security you have to give up privacy and vice versa’. The reality is very different. When you use technological tools correctly you can guarantee privacy without weakening security. On the contrary, there is the risk of thinking that security is achieved by abolishing privacy. This is not the case. These are concepts that those who do not work in the field of digital security and privacy may find it very difficult to understand. Because we are beginning to think that the right not to be observed, spied on, lapses because we are facing a greater emergency. Instead, we should focus on handling this major emergency without giving up a precious asset such as the right to privacy. In addition, the basic question here should be “are you asking me to give up a fundamental right of our democratic society in exchange for what? In exchange for a guarantee that I will be safe? Or in exchange for: let’s make an app now and see if it works?. ” These are the terms of the barter proposed to us and this is why many people have raised doubts.
Why would centralisation of data be a problem?
Paolo Attivissimo: Centralising a collection of sensitive data has two risks. First, if they are in a central location, they are easier to attack, as they represent a specific target. A central database would be particularly easy to hit. The second risk is that with a central database, the citizen is no longer in control. This means that there is an inevitable temptation to keep this data. When we think of entrusting data to a government agency in our country, we think of the current government, but in reality, when we give data, we give it to all possible future governments. There could be a radical change of government mentality whereby the behaviour that was previously acceptable becomes punishable and I could be considered guilty of that particular behaviour.
Who wants to get their hands on this data? Why is there all this attention?
Paolo Attivissimo: The data is the oil of the 21st century. Data can be interesting even in seemingly remote fields, such as insurance, for example. The problem is when you are able, thanks to data, to make predictions. Let’s imagine a world where all this data flows into and is collected. At a job interview you might be told “no, look we don’t want you because you have a very high probability of contracting a disease that will make you useless for our business”. Then the illness may not come but the probability is high and therefore the job interview has a negative outcome at the beginning: it is not even given the chance. The data not only allow us to better calibrate our sales but also to influence our destinies.
Maybe this debate will be useful tous, creating greater awareness?
Paolo Attivissimo: This is a great opportunity to start talking seriously about it. We have already done so in recent years when we realised with scandals like Cambridge Analytics what is possible now with our data. I think this is an opportunity to teach about the right to privacy and the implications of data surrender. You do not teach enough or you do not teach this concept at all. It is such an important concept that without it we would not be the society we are.
