DL Seminar | Privacy/Disaster: When Information Flows are Taken Out of Context
By Monica Merino and Nayun Xu
On April 16, 2020, the Digital Life Seminar series at Cornell Tech welcomed Dr. Madelyn Rose Sanfilippo and Professor Yan Shvartzshnaider to discuss “When Information Flows Are Taken Out of Context”. Sanfilippo and Shvartzshnaider’s discussion first highlighted the contentious tradeoffs that exist between emergencies and privacy, and the tension in resolving these tradeoffs carefully. In the context of disaster apps, they then focused on introducing their framework of Contextual Integrity and how such a framing can help address governance and regulatory gaps that exist in the disaster response space. With respect to the current COVID-19 global pandemic, Sanfilippo and Shvartzshnaider’s work seems particularly poignant, prescient and informative.
Disaster Privacy Status Quo
In a disaster response environment, many apps are used to help coordinate and inform rescue responses and efforts while simultaneously collecting a swath of private information from users, such as real time location and date of birth. Alarmingly, there are more third parties with more access to personal information flows than current governance models account for. Our regulatory system does not currently govern all parameters of disaster information flows and does not have a clear understanding of the boundaries of disasters as contexts for information flows.
Contextual Integrity of Disaster Information Flows
Much of federal disaster privacy governance focuses primarily on information types, rather than overall information flows. For example, FEMA delimits what types of information may be collected and further lists specific actions and purposes for which these types of information may be only collected or shared. However, FEMA’s statement about what types of situations can be considered “need to know” circumstances are vague. Given the expansive room for interpretation of “need to know” circumstances, it is unclear what are the applicable transmission principles applied in the context of disaster apps.
One particularly concerning event that highlights privacy concerns in this area was the recent information leak incident involving 2.3 million survivors of Hurricanes Harvey, Irma, Maria and the California wildfires in 2017 by FEMA. FEMA did not ensure only required data elements are provided to some third-party businesses, and this incident was in violation of federal law and relevant Department of Homeland Security (DHS) policy. Sanfilippo and Shvartzshnaider notably emphasized that while information sharing is an important part of disaster relief, the design of these practices must account for the reality that the purposes served in the disaster context are different from norms that structure information flows in other contexts.
Experiments on Selected Apps
The experiment had three phases. The first research phase focused on textual policy analysis and primarily looked at public and private parameters, ranging from regulations and agency directives to app-specific privacy policies. They sought to understand what the regulations and policies were prescribing, and then used this understanding to identify the parameters of information flows that are permissible and how these in turn are applied to individual disaster apps. By learning what exactly is being said and what the information flows are, endogenous and exogenous rules are classified. The second phase focused on data collection by examining the apps themselves through dynamic and static app analysis. The dynamic analysis looked at the actual information flows that happen while the app was running in a controlled environment, while static analysis involved analysis of the app code and looked for permissions and how the app is actually set up. The third phase, in part, looked at user reviews of the selected sample of disaster apps and took users on board a controlled simulated setup to understand the effectiveness of those permissions.
Their results revealed that many of the studied disaster apps share their collected data with other third-party businesses, use the private data for advertising, and collect data when the app is not open or actively in use. For example, the “Presidential Alert” can take over access to your phone, which means user privacy options may not be effective during an emergency. Comparing the governance regulations and the actual practice of the disaster apps, there are clearly troubling gaps in between.
Ringing the Alarm
The lecture revealed a problem that might not be noticed by many of us. It begins with some news report to remind us of what’s going on behind the disaster-aiding apps and uses solid experiments and data to tell us how it happens. As internet and smart devices have been increasingly important in modern society, this lecture is ringing the alarm for all of us.
The tradeoffs in consideration here between emergency and privacy, that Sanfilippo and Schvartzshnaider empirically address, are especially concerning to cultural minorities and other marginalized populations, given the inequitable impact that disasters tend to have across cultural groups.[i] A very real concern here is that those populations who are most vulnerable to gaps between regulation and actual practice in the disaster app context are disproportionately minorities. Moreover, this is a current pressing concern given that the current global pandemic is disproportionately affecting groups of color, as illustrated by early data showing such an effect with respect to African Americans. For example, in Louisiana, African Americans make up 32% of the total state population[ii] but accounted for over 56% of COVID-19 deaths as of April 20, 2020.[iii] In Michigan, where African Americans make up 14% of the total state population,[iv] they accounted for 33% of confirmed cases and 40% of deaths as of April 23, 2020.[v]
Understanding the role of race in pushing forth the framework of Contextual Integrity, now more than ever, is key. The alarm is ringing, and hopefully our current global crisis can centralize the importance of protecting the privacy concerns, as necessary, of vulnerable communities.
[i] A large body of research suggests that cultural minority populations have a higher risk of disaster exposure and are affected by them at disproportional rates. See Alice Fothergill, et al., Race, Ethnicity and Disasters in the United States: A Review of the Literature, 23(2) Disasters 156-173 (1999) and Tatiana M. Davidson, et al., Disaster Impact Across Cultural Groups: Comparison of Whites, African Americans, and Latinos, 52 Am. J. Comm. Psych. 97-105 (2013). See also Julia L. Perilla, et al., Ethnicity, Culture, and Disaster Response: Identifying and Explaining Ethnic Differences in PTSD Six Months After Hurricane Andrew, 21 J. Soc. & Clinical Psych. 20-45 (2002) (finding that Latinos and African Americans expressed higher rates of PTSD when compared to Caucasians, after Hurricane Andrew). [ii] Kaiser Family Foundation, Population Distribution by Race/Ethnicity, https://www.kff.org/other/state-indicator/distribution-by-raceethnicity/?currentTimeframe=0&sortModel=%7B%22colId%22:%22Location%22,%22sort%22:%22asc%22%7D. [iii] Louisiana Dep’t of Health, Coronavirus (COVID-19), http://ldh.la.gov/Coronavirus/. [iv] See note ii. [v] Michigan.gov, Coronavirus: Michigan Data, https://www.michigan.gov/coronavirus/0,9753,7-406-98163_98173---,00.html.
Monica Merino is a JD Candidate at Cornell Law School. Nayun Xu is a MS student at Cornell Tech.