Last Monday, Sarinee Achavanuntakul, a finance academic and writer, released a leaked document that detailed a meeting hosted by the Ministry of Defence (MOD).
At the meeting were the Department of Disease Control (DDC), National Broadcasting and Communications Commission (NBTC), “Big Telco” companies and the Ministry of Digital Economy and Society (MDES).
The meeting was about using mobile phone location data to track COVID-19. They plan to use a solution involving “Big Data” to accomplish this.
One may be inclined to ask, “What has the MOD got anything to do with tracking COVID-19?”
Sarinee asked the same question. The director-general of the MOD office that hosted the meeting replied, “Because we mean well.”
She also questioned that, since the meeting was a month before the launch of Thai Chana, what’s even the point of asking people to scan QR codes if the government is planning to take our location data without consent anyway?
For this question, the MOD didn’t have an answer.
How does this “Big Data” solution work?
“Good intentions” aside, the meeting’s agenda was to ask Big Telco companies (AIS, DTAC, TRUE, CAT and TOT) to send 14 days of cell phone location data of infected patients, based on the phone numbers provided by DDC, to a “data lake” hosted by NBTC.
When making a call or using the internet, the cell towers collect your location data. When a phone connects, it also gives away its approximate location. Connecting to multiple cell towers allows Telco companies to guess their position more accurately; this is called “triangulation.”
The government’s data scientist team may then analyze the location data to determine areas they deem to be risky; this is called “Points of Interests” (POI). They may then send their coordinates in “blocks” (imagine a square surrounding Siam Paragon, rather than the shopping mall itself) back to the Big Telcos.
The operators use the block coordinates to identify mobile phones used in the same POIs and around the same time as the infected. They would then dump the high volume of matched phone numbers into the data lake. The data scientists now have much more data they can use for “other purposes.” (More on this later.)
The users of these phones would also get an SMS that contains a link leading to a questionnaire form used for screening high-risk individuals. How they are planning to get these phone users to complete the questionnaire is not clear yet, but returned questionnaires would be analyzed by the data scientists to pick out people with high risk. They would then pass the names to DDC for further investigation.
Additionally, DDC wants Big Telcos to provide location data of people under self-quarantine orders, to track their movement 24/7 for 14 days. If they travel outside the permitted area, there would be an alert. The method is similar to what Taiwan did with their “electronic fence” system.
With this level of data hoarding, NBTC’s data lake will grow big. With a significant volume of data, the government’s data scientists would be able to create a mathematical model and map the spread of COVID-19 in Thailand if it reoccurs. Undoubtedly, this would be a lovely thing to have.
However, the system also opens up an avenue for the data to be used in a much more devious way.
The data has to be “Big” to be dangerous.
“What if the government has my location data?”
“What can they do with my data anyway?”
Perhaps your data alone might not be of much use to the government. Still, a mass aggregation of location data over time can tell many things about the people that the government may be interested in monitoring.
A mathematical model can be used to map the spread of diseases and relationships between “persons of interest” and other phone users whom they may be associated with, or detect a travel pattern that may give some insights into a person’s routine.
It certainly has been done before, if not by our government.
Back in 2013, Edward Snowden exposed the U.S. National Security Agency (NSA), revealing that the agency gathered billions of mobile phone location data records daily from across the globe, possibly surveilling millions of their citizens.
How the NSA used the data is similar to how our DDC uses it to track COVID-19. Triangulation of cell towers gives away a person’s location. In NSA’s case, they wanted to follow associates of foreign intelligence agents. By locking on the target’s phone, they would finally be able to identify the associates after multiple location matching hits.
With billions of location data records at their disposal, there is no escape from the NSA. That’s how powerful Big Data can be in knowing hands.
We mean well. Trust us.
Of course, the government is trying to reassure us that they don’t intend to use our location data for any other purpose than the control and prevention of COVID-19, even though many representatives from the MOD attended the meeting.
The DDC director-general even stated in his request for cooperation from the NBTC that collected data will not have any personally identifiable information, likely to address Big Telcos’ concerns.
But like Thai Chana, there is no legislation to govern the handling of data between Telco companies and the government. And if there hasn’t been a leak, this likely would have happened without our knowledge.
Again, we are supposed to entrust our data to hands that are reluctant to be open, with only a few weakly convincing words to offer.
Trust us. We mean well.