Health systems in Israel and around the world have been dealing recently with the outbreak of the new Coronavirus (COVID-19). Since Covid-19 is a new disease, research into it is of great importance to developing new ways of management and treatment. Since the outbreak, healthcare organizations collected a lot of data about their patients. This information can be used to save lives, to find new drugs and procedures, and to develop policy tools that will enable optimal operation of the health care systems as well as consider the application of government responses like lockdowns and social distancing, which have detrimental effects to the economy and society.
To this end, the Israeli Ministry of Health is establishing a national Repository infrastructure for research about the Covid-19 disease. The Corona Research Repository will gather data collected in the Israeli healthcare system about the disease and allow using de-identified data for research under privacy and security policy measures.
The Israel Tech Policy Institute is presenting this project based on the information published by the Ministry of Health on May 7th, 2020.
Data available in the Corona Research Repository
The Repository will be based on various sources from the health system and other sources, including government agencies, and will include data on people infected with the new Coronavirus (‘confirmed patients’), in particular: data from the Ministry of Health’s Repositories; hospital Repositories: inpatients; inpatient diagnoses; clinical indices; inpatient examinations and procedures; HMOs Repositories; background diseases, clinical index, BMI and recent laboratory testing and drugs information. The data will be de-identified in order to exclude individual identification of the people included in it.
Furthermore, the Repository will provide data from anonymous questionnaires collected from the general population on related symptoms for the new Coronavirus. The Repository will also include the following public Repositories: population data by locality; population data by statistical area; mapping and other public repositories will be added later.
The studies in the Corona Research Repository will be conducted under the law and the Ministry of Health’s guidelines for conducting research. The studies will be carried out in virtual “research rooms” that comply with information security and privacy protection standards. The data will be used under the supervision and control of the Ministry of Health. The researcher will conduct the study only after obtaining all the required ethical and legal approvals. Data for research shall be de-identified following processes that reduce the ability to re-identify the data subjects. Access to data in the designated “research rooms” will only be authorized for a person who has been granted permission for that study. Any party who gets access to data in the study rooms will sign a confidentiality agreement and will commit not to try to re-identify the people from the data.
Corona Repository Opt-Out Mechanism – A person who was diagnosed with the Coronavirus and does not want his or her data to be used for research purposes may choose to opt-out. The Ministry of Health will establish a dedicated website and call center for the opt-out mechanism.
The technological infrastructure
The Repository will be cloud-based and hosted in the Ministry of Health cloud. It will allow the use of SQL, R, Python, Scala languages on Azure Databricks infrastructure and will include different open source directories. The “research rooms” will not have access to the internet nor to GitHub. The “research room” will be accessed through Notebooks.
Any request to export data outside the “research room” environment will undergo information security and de-identification processes by the Ministry of Health and may take up to 48 hours. The data exported must be aggregate and adhere to the principle of K anonymity = 15. The Ministry of Health will allow the export of code written during the research (algorithm). The management of the “research rooms”, including the preparation and de-identification of the research data will be performed by the Ministry of Health and will be supported by external technical service providers.
How much does it cost?
Currently, the use of the research platform will be free.
How to get access to the Corona Data Repository for research?
Researchers interested in researching the Corona Repository will apply through a new research portal. The research portal will allow the researcher to apply through a personal area. The researcher will authenticate by username and password. Access to the study room is dependent, among other things, on the existence of an ethical review board (Helsinki Committee) approval. The researcher can obtain such approval by submitting a request to the Ministry of Health ethics committee (currently in formation), or through an institutional review board.
Generally, the process for gaining access to the Corona Repository for research includes:
The Ministry of Health will give access preference to healthcare organizations and hospitals that provide data to the Repository – any health organization will be allocated several “research rooms” to prioritize researchers’ applications from contributing organizations.
Public Bodies requiring information from the Corona Repository for policy-making purposes can apply without Helsinki committee approval. The Ministry of Health will determine the degree of suitability of the Corona Repository application for such use and the process required to gain access.
The Ministry of Health will allow conducting studies under regulations applicable to research use of health information, including the relevant circular of the Director-General of the Ministry of Health, and operating procedure for the Corona Research Repository, that will be published in the coming days.
Disclosure of the studies carried out in the Corona Research Repository
The Ministry of Health will publish the list of the studies that have been granted access to the Corona Repository for Research. The publication will include the study title, the date of commencement of the study, the name of the principal researcher, and the name of the organization.
Data Sets related to Covid-19 that have already been made public by the government can be found here.The Israeli Privacy Protection Authority Guidelines concerning privacy at the entrance to work and commercial places within the fight against Coronavirus
In the midst of the Coronavirus health crisis, as the economy gradually returns to routine and commercial activity and work resumes, non-invasive temperature testing and health questioning are becoming a condition for allowing entry into workplaces or shopping centers, by force of the Emergency Regulations (New Coronavirus – Restriction of Activity (2020), sec. 3A(1)) (“the regulation”).
Employers in workplaces and commercial places are required to check those seeking to enter the premises under their responsibility and restrict access to certain individuals, where there are indications of potential health risks to others, all in an effort to prevent the spread of the epidemic.
The health questioning, conducted by employers or anyone on their behalf, consists of these three questions:
1. Are you coughing?
2. Was your body temperature higher than 38°C or have you had a fever like this in the past week?
3. Have you been in close contact with a Corona patient in the past two weeks?
Entry will be denied to anyone found to have a body temperature above 38°C,
and/or those who did not respond negatively to each of the questions.
The Israeli Privacy Protection Authority (PPA) has recently issued guidelines for “Privacy at the entrance to work and commercial places within the fight against Coronavirus” (“the guidelines”), with the aim of clarifying the privacy aspects of the regulations, and providing guidance for employers, in particular.
The gist of these guidelines is adherence to the principle of purpose limitation. Namely, restricting the use of information collected during the process of temperature testing and health questioning to that required by law, and refraining from using it for any purpose other than preventing entry into work and commercial places of potentially infected individuals. Any other use of the information may be deemed as a violation of privacy.
Furthermore, despite a clear justification for looking at the Coronavirus-related health status of individuals seeking to enter a work or commercial place, involving violation of their privacy – it must be ensured that such violation will be reasonable and proportionate and done in accordance with the regulations and privacy protection principles.
The guidelines clarify and advise the following:
o Work and commercial places required to conduct questioning under the
regulations, shall avoid introducing additional questions about Coronavirus-
related health aspects, or request other personal information.
o Work and commercial places shall avoid as much as possible from collecting and storing personal, potentially identifiable information, including Coronavirus-related health aspects, about individuals seeking to enter these places, disclosed during the questioning process.
Body temperature testing
o Work and commercial places shall avoid using the information registered and processed during the technological examination, including the body temperature data of those entering their premises, for any other purpose.
o Work and commercial places are advised to refrain from retaining the
information received through the use of heat measurement technology,
particularly where the information that can be associated with a specific,
potentially identifiable, individual.
To the extent that the heat measurement technology employed includes
sensing devices such as thermal cameras, it is recommended that these
measures will operate only in real-time, that is, without automatic retention
and documentation of the information collected within them.
Insofar as such information has been collected, it must be deleted within a
few days time (unless a special need for its collection has arisen).
The information gathered during testing will not be used for other purposes
and shall not be transferred to other parties, except as required by law
and/or as part of a legal, mandatory requirement on the part of enforcement
and public health bodies.
For the original guidelines (in Hebrew) please click here.Israeli Supreme Court Rules Using Surveillance for Fighting a Pandemic Requires Primary Legislation
The Supreme Court (President A. Hayut concurred by Deputy President H. Meltzer and Justice N. Solberg) today received petitions directed against the Government’s decision to authorize the Israel Security Agency, with the approval of the Intelligence and Secret Services Parliament Subcommittee, to implement technological measures to monitor the nation’s citizens and residents in the fight against the spread of the Corona virus. It was held that as the government seeks to continue to enlist the ISA after April 30, 2020, it would have to begin a process of primary legislation, which should be completed within a few weeks at most.
President Hayut stressed that the outbreak of the Corona pandemic and its spread led to a change in ways of life in Israel and around the world. Under these unique and exceptional circumstances, the government was empowered by article 7(b)(6) of the ISA law to decide to operate the ISA. This is to use its technological means to conduct epidemiological investigations, which are aimed at locating people who have come into close contact with authenticated patients and informing them that they should enter home isolation. The above article of the ISA Law allows the government, with the approval of the Intelligence and Secret Services Parliament Subcommittee, to authorize ISA to carry out activities that are not at the core of security activity in the narrow sense. The actions should be necessary to safeguard and advance “essential national security interests when there is grave and immediate danger to the citizens of the state and its inhabitants or to its regime.”
The President stated that at the time when the decision was made, the need to deal with the outbreak of the Corona epidemic did meet the test, but as the ISA’s involvement in crisis management extends beyond 30 April 2020, its authority must be anchored in appropriate primary legislation such as a temporary order.
The reason being since the measure chosen by the government under the authorizing decision is a serious infringement of the constitutional right to privacy, and should not be taken lightly. The president noted that the choice to use the government’s security organization to monitor those who did not seek to harm it, without the consent of the subjects of surveillance, raises great difficulty. We should strive to find another suitable alternative that fulfills the principles of privacy protection. The exceptional and rare crises we are dealing with has justified taking extreme measures, but we should diligently avoid a Slippery Slope that will leave us using exceptional means without justification.
Deputy President H. Meltzer, to whom Justice N. Solberg joined, added that in the emergency situation the Corona epidemic presents, state authorities may follow the “precautionary principle” that allows them to take substantial threat prevention measures against broad and irreversible damage, even If its probability is only low. However, the Deputy President emphasized that this principle should be set in limits. Therefore, the ISA’s authority should be enacted in primary legislation, and the process requires consideration of alternatives that present proportionate measures to achieve the same purpose.
Justice N. Solberg added that at this difficult time, social responsibility and solidarity are also needed. It is reasonable, and public opinion polls during this period have indicated so, that citizens are willing to give up some privacy, in order to assist in the early detection of infected patients; There is a willingness not to fully exhaust individual rights, out of responsibility for others and for society.
This decision was given on a group of petitions filed by civil society organizations. One of them was filed by the Journalists Association, arguing the use of the ISA technology on journalists constitutes an infringement of the principles of Freedom of the Press and the protection of sources. These are argued to be essential in times of national crises. The court set a special measure to allow for the protection of these principals, adding a 24-hour notice and appeal option to journalists who were diagnosed with the virus. Justice Solberg in a minority opinion objected to this ruling on the grounds that the right to life should supersede the low risk of damage to the Freedom of the Press and that the potential harm to people who will receive a delayed alert of their proximity to an infected person doesn’t justify this.
Minister for Energy, Dr. Yuval Steinitz, Chair of the Ministerial Oversight Committee over the ISA involvement in the fight against the virus commented this is a troubling decision and an impossible deadline. He noted that the ISA technology’s contribution to the ability to lift restrictions on the population and support citizens freedom of movement and occupation is crucial.Guidance to help K-12 School Administrators and Educators Protect Student Privacy during the COVID-19 Pandemic
Schools, including both educators and administrators, are facing tough privacy questions as COVID-19 continues to spread across the world. In particular, schools are grappling with how to inform communities and public health officials of health incidents among students and how to respond to those cases, while still respecting students’ privacy.
Israel’s Basic Law: Human Dignity and Liberty (5752 – 1992) provides constitutional protection to all persons, including students, from any arbitrary or Illegal injury to the privacy of their self, family or home. Under this law, schools are required to uphold and protect each individual student’s right to privacy in the physical school environment as well as outside it. Specifically, the Pupils Rights Law defines all student information received or accessible to persons associated with the education system as confidential. Specifically, section 14 of this law prohibits the disclosure of such student information, unless such disclosure is necessary to fulfill one’s job or duty.
These student privacy protections extend online as well. Relevant obligations and responsibilities are placed on schools to protect their students’ private information in the context of any school-operated website. Consent from a student and their parent or legal guardian is required for the disclosure of certain types of personal information, such as a student’s name or email, while other types of personal student information are explicitly prohibited from being posted on a school’s website whatsoever. Additional online privacy protections are also afforded under Israel’s broad Privacy Protection Law, 5741-1981.
Finally, according to the Patient Rights Act of 1996 (Sec. 20), the disclosure of students’ health information (by either caregiver or medical institution), in the context of the present public health crisis, would be permitted only if: the student (or her legal representative) has provided consent to such disclosure; the caregiver or medical institution are obligated to do so by force of law; or where the Ethics Committee, after giving the student (or her legal representative) the opportunity to be heard, determined that such disclosure is essential for the protection of the health of others or the public and that the need for disclosure outweighs the student’s privacy interests. The disclosure of the student’s health information shall be done only to the extent necessary for the purpose of maintaining public health, and with the utmost avoidance of disclosing her identity.
However, the constitutional right to privacy and the additional specific protections afforded under these laws are not absolute. The right to privacy in Israel should not be applied to an extent greater than required. As well, disclosures of personal information may be ordered by a court, for example, when such disclosure is required to protect lives. In the face of the current public health emergency presented by COVID-19, schools face unique challenges when deciding how to best protect students’ privacy in a balanced way. Therefore, the following offers a framework of guiding principles and best practices to help schools navigate questions and dilemmas which may arise regarding the adequate protection of students’ private information.
The Underlying Framework
Consent has always been, and should remain, the core requirement for any disclosure of student information from school records. However, exceptions may be made to this basic rule if disclosures are needed to protect the health or safety of others in an emergency. Therefore, if a school determines they must disclose a student’s personal information without receiving their consent due to such a threat, they should perform a case by case analysis considering all of the circumstances related to the threat.
In doing so, they should determine whether the following criteria are met:
1. Significant and articulable threat: Is there an articulable and significant threat related to a student or other student’s health or safety?
2. Necessity: Is the disclosure of student PII needed to protect against such health or safety threat?
3. Data Minimization: What is the minimum amount of student information needed to address the issue at hand? Who are the relevant parties who need to receive this information?
4. Document Disclosures: In the event such a disclosure was made, the school should record the specifics, including the significant and articulable threat, the information disclosed, and the parties who received the information.
As well, schools should consider the below best practices surrounding such communications if they choose to share student information:
1. Provide useful facts not rumours: Schools should be mindful to consider information that they share to be tailored towards effective threat prevention rather than simply spreading rumours. For example, if a school learns indirectly that a student may be infected, they should verify this information before deciding if and what should be shared with the community or with health-care professionals.
2, Weigh potential harms against intended benefits: School administrators and educators should consider potential harms that could occur if they identify a student, and should use alternative approaches to effectively advocate precautionary measures. Sharing information that a particular student may be infected could cause harm to the student, including bullying and/or shaming them. As well, sharing that a student has symptoms before they have been tested or ruled out other possible conditions like the flu may simply cause fear. Instead perhaps just continue to encourage social distancing.
3. Consider additional school policies that may apply: Schools may be subject to additional policies, covering social media or other forms of communication or interaction. School staff should be cognizant of any such applicable policies, which may impose disciplinary action for posting or sharing this type of information.
4. Consider alternatives to personally identifiable information: If and when possible, schools should opt to provide non-identifiable information in lieu of personally identifying information. This may mean providing generalized information that does not directly or indirectly identify an individual student. It could also mean providing aggregated or de-identified information to various agencies to assist in their response to the pandemic.
The following are a number of concrete examples to illustrate how schools can share information about students while protecting their privacy during a public health emergency:
Can a school share with the community if they know or suspect a student has COVID-19?
To start, it is worth emphasizing that in many situations, in order to receive sufficient notification of risks to their children, parents do not need to know which student specifically was or may be infected (even if they would like to know). Therefore, schools should determine whether they can disclose that a student may have COVID-19 without directly or indirectly identifying the particular student.
For example, let’s say that Eli on the school soccer team has tested positive for COVID-19, or the school suspects he has been infected. Eli is the only boy on the soccer team. Administrators will want to proactively notify the relevant community including the parents of other students on the team, that COVID-19 may be in the school community to facilitate prevention efforts and ensure that people have the information necessary to address a potential outbreak. Given COVID-19’s high degree of infectiousness, it may be wise for schools to err on the side of caution and notify the entire school when suspected but unconfirmed cases exist.
Whether or not a school knows or merely suspects infection, it may not be necessary to identify Eli as the symptomatic individual. Schools should avoid identifying Eli either directly or indirectly. Therefore, because it is widely known that Eli is the only boy on the team, schools should not share that a boy on the soccer team has, or may have, COVID-19. Rather, they should generalize this announcement sharing only that a student on the team who attended the most recent soccer match is, or may be, infected.
Of course, the school may want to specifically notify parents of other students who had close contact with Eli when he was potentially contagious so that they can take measures to self-quarantine. In this case, the school should contact Eli’s parents and obtain consent to release this information. However, if they determine that an exception to obtaining this consent is required, they should consider the aforementioned criteria in determining whether to disclose, and if so, what information specifically may be shared and with whom.
Articulable and significant threat of a health or safety emergency:
Is the school able to explain, based on all the information available at the time, what the threat is and why it is significant? If a local public health authorities determine that a public health emergency, such as COVID-19, is a significant threat to students or other individuals in the community, it is reasonable that an educational agency or institution in that community will likewise determine that an emergency exists. Sharing this information may be particularly necessary in the early stages of a pandemic to facilitate prevention efforts and ensure that people have the information necessary to address a potential outbreak.
The disclosure is necessary to protect the health or safety of the student or other individuals:
Schools should decide whether Eli’s teacher, classmates and their parents, or students with whom Eli spent significant time need to know that Eli has COVID-19 in order to protect their health.
Only disclose the minimum amount of information required to address the issue at hand to the relevant parties:
Disclosures do not have to be “all or nothing”. Rather, the school should consider carefully how much information is actually necessary in order to address the issue at hand given the particular circumstances. Would it be sufficient, for example, to just say that “someone on the soccer team” has COVID-19, without identifying Eli as the infected student to his classmates? If the school does believe they need to identify Eli, they should make sure they provide the minimum information needed—that he has COVID-19 and perhaps a window of time when he may have been infectious, if known—and not additional information such as any other specifics regarding his health history. Likewise, disclosures should be limited to the parties to whom this information is pertinent. For example, if administrators know that Eli is exhibiting symptoms of COVID-19 but hasn’t yet been diagnosed, they could choose to tell only immunocompromised or at-risk students and faculty that a student may have the virus, before communicating with the larger school community. Schools can also combine communication approaches, for example by identifying Eli as necessary to classmates and their parents but sharing only de-identified information, such as “a sixth-grade student likely has contracted COVID-19,” with the broader school community.
Can a school share with health officials, for example a student’s primary care physician, if they suspect a student may have COVID-19?
If a school cannot reach a student or their parents, and suspects that student might have COVID-19, they may want to reach out to the student’s primary care physician to ask if the physician can confirm that the student has COVID-19 so the school can notify the community. If so, they should follow the above framework and best practices to determine the best course of action. Specifically, they should be aware that the physician may not be able to disclose health information back to the school due to medical confidentiality protected under the Patient Rights Act of 1996 (Sec. 10a), according to which a physician is obligated to maintain the dignity and privacy of her patient, as well as due to physicians’ ethical fiduciary duty towards their patients. However, if a school suspects a positive case, administrators could recommend that other parents take their children to get tested.
Can a school share student information in response to a voluntary request from a researcher, newspaper, or government agency in order to assist in responding to the COVID-19 outbreak?
As noted above, schools should feel free to share de-identified or aggregated information to help in the public response to the COVID-19 pandemic. However, if and when doing so, schools should keep in mind the widely accepted standard for properly de-identified information: whether a reasonable person who does not have personal knowledge of the relevant circumstances, could identify the student with reasonable certainty based on both the information the school discloses at that time and other information in the recipient’s possession that could be combined with the information disclosed.
For example, let’s say an agency wants to learn about visits to the school nurse in late February involving typical COVID-19 symptoms. Utilizing the above framework and best practices, schools could provide an aggregated percentage of student visits. This should be provided rather than for example, other information that is more than the minimum required to address the issue at hand, for example i. more granular data that breaks down visits by class-year, gender and ethnicity, that could allow individual students to be identified; ii. Specific health records of individual students.
The COVID-19 pandemic represents a public health crisis and there may be significant public interest in sharing student data due to the circumstances. Nevertheless, it remains vital that decisions to share such information could have a significant impact on student privacy and as outlined above there may be effective alternatives that do minimize the potential harms while still addressing the serious health risks at hand. Schools should keep these principles and guidelines in mind as they navigate the myriad situations they may be facing in order to best safeguard their students and student privacy.
This resource is intended for informational purposes only and should not be considered as legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem.Brief on Digital Means Employed by the Government of Israel RE: Covid-19
The Government of Israel has activated two parallel and separate digital programs against the spread of the Covid-19 virus. Both programs interact with a central data base of diagnosed patients and their full movements in the 14 days prior to their diagnosis.
1/ Meta-Data collected by law by the Israeli Security Agency for counter terrorism efforts, from cellular service providers
The Health Ministry sends requests to the Security Agency including the following data of diagnosed patients: name, government i.d number or passport number, cell phone number, date of diagnosis and date of 14 days prior to diagnosis.
The citizens receive a text message informing them that their data has been shared.
The Security Agency then extracts meta data about the people these patients were in proximity to, including name, I.D number, phone number, data of birth, last date of exposure to the diagnosed patient, location of exposure. The data is sent automatically to the Health Ministry.
The Ministry then generates text messages to the people who crossed paths with patients, ordering them to self quarantine. The identity of the diagnosed patients is not disclosed in the message.
The reported criteria for triggering an alert is proximity of less than 2 meters for c. 15 minutes.
o No opt-out mechanism
o Large scale mandatory data collection triggering quarantine orders
o Non-compliance with the orders is a criminal offence punishable by fine
o Suspected slippery slope of civic rights violations when a security agency is involved with a civic crisis
o Insufficient transparency and oversight
o Lack of appeal process on quarantine orders and citizen redress
o Based on new emergency regulations enacted in a speedy process
Privacy and Security measures:
o The data extracted by the Security Agency will be kept separate from any other data the service has
o It will not be uploaded to a cloud service
o The data extracted will be deleted 7 days after the transfer to the Health Ministry, and unnecessary data will be deleted immediately
o No human will be exposed to the data, which is sent automatically, unless there is a claim or error that needs investigating
o The use of this data for a purpose other than the authorized one will be a criminal offence
o The arrangement is temporary and in force only until 30.4.2020 when the necessity to continue will be re-examined by a team of ministers who will consult with the head of the Security Agency and the Head of the National Security Council
o The examination will be based on measures of effectiveness of the solution in light of it being privacy intrusive
o The conclusion will be brought to the Prime Minister whose decision on continuing the program requires approval by a parliamentary committee and further legislation
This program was petitioned against at the Supreme Court by civil society groups. The discussions have generated changes in the program and strengthening of oversight mechanisms but didn’t bring its cancellation. Proceedings are still undergoing.
The government reported that between 18.3.2020 when this activity begun, and 6.4.2020, 1,800 of the people who received proximity alerts and were quarantined were found to be infected.
2/ Israel Proximity application “Hamagen” (the “Shield”)
“Hamagen” is an opt-in, voluntary program where the application requires the user to download and install it from the app store and give it permissions to collect location data.
It processes GPS data, Wi-Fi data, Google Timeline history upon separate consent.
Bluetooth data feature in development.
The app collects data from the moment of download and retains it on the user’s device.
Every hour it checks the database provided by the Health Ministry with the current data and detailed itineraries of officially diagnosed patients.
If there is a positive result the user gets an alert of being in proximity to a patient, and the time and location, without the patient’s identity.
This alert is shown only to the user and is not reported to the government.
The user is recommended to self quarantine but may use discretion if he/she thinks there is no need.
If a user is diagnosed with the virus, the location history paths are already retained on the device and can be shared with the government database in order to accurately support the epidemiological research that is very laborious and challenging.
As of 11 April, the App was downloaded by c. 1,480,000 people.
The app was deleted by c. 452,000 people.
The desired number for effectiveness of the program is 4 million installed devices.
Currently c. 25% of the desired population is using the app.
HaMagen was developed on open source code with the intention to share the code with all. The Health Ministry planned to publish the code on GitHub.
Information in English from the Health Ministry can be found here: https://govextra.gov.il/ministry-of-health/hamagen-app/download-en/Use of Digital Means to Fight the Coronavirus
This article was written on the morning of March 15, 2020.
On March 16 Israel’s government has adopted a resolution and on March 17 approved Emergency Regulations which allow the General Security Services (SHABAK) to monitor the location of the mobile devices owned by COVID-19 patients and people who interacted with them in the 14 days before being confirmed with the virus. The stated purpose of the monitoring is to notify the confirmed and suspected patients with a text message that they need to go into home quarantine and to enforce the quarantine obligation. The specific process will be determined by the Health Ministry and approved by the Attorney General.
The directives apply only to the COVID-19 situation and are in place for 14 days. The SHABAK will not save the data produced and will make no other use of the data. The data will be forwarded directly to the Health Ministry, which will be responsible for sending the text messages to the public. The entire information collected by the government will be purged after the regulations expire, and a 60-day period of evaluation by the Heath Ministry of its function has ended. The data obtained by these means will not be used for a legal or criminal process.
Do Desperate Times indeed call for Desperate Measures? This adage is believed to have been coined by Hippocrates, the Greek physician and the father of Western medicine, who also gave us the tenets of medical ethics with the Hippocratic Oath.
Indeed, the current situation is unusual. It challenges our values and confronts us with moral dilemmas. Humanity has known epidemics before, but the technologies available to us today to monitor people’s movement, physiological biometrics, the crossing of Big Data, and insight generation were not in existence in previous eras. The COVID-19 epidemic started a crisis that juxtaposes the basic human rights to life and health with the right to privacy and liberty. We are now on the verge of a decision, which, unless restrained with significant measures, may constitute a dangerous precedent of the government penetrating citizens’ life, transforming Israel into a Police State.
Last night, the Prime Minister announced the government is planning to use technology to fight COVID-19. The resolution, which will be put before the government today, will probably talk about adopting the capabilities usually reserved to Israel’s General Security Service, which to this day have been restricted to fighting terrorism. The use of such capabilities at ill or suspected-ill civilians is a dramatic development. Let us not underestimate the danger that such a decision poses to our democratic values. The Prime Minister pointed out that this is an extreme measure, which is nonetheless required, even though it violates people’s privacy. The announcement provided no details of the plans, the types of information to be monitored, the purposes the information is meant to serve, and by whom or the implications of the analysis of the information collected. The Prime Minister provided no details on the checks and restraints that will apply to the use of these measures.
The government has pointed out that this is an extraordinary measure, which violates people’s privacy, but is required nonetheless. The announcement gave no details of the plans, the types of information to be monitored and for what uses, the consequences of the analysis of the information, or which control and restraint measures will be implemented. It is possible that only confirmed patients will be monitored to enforce their isolation. At this stage, confirmed patients amount to merely several hundreds of people. It is possible, however, that the measures will include monitoring or collection of location data from all of the Israeli citizens and their cross-matching with the location data of the confirmed patients to identify the people who were in the vicinity of a confirmed patient and for how long. If this is the plan, the State will be able to tell each one of us how probable it is that we have been exposed to the virus or contracted it. Yet another possibility is requiring us to report our whereabouts and how we feel on a daily basis.
During regular times, a State agency that believes it needs information from a citizen’s cellphone must apply for a court order and present enough evidence to justify the invasion of privacy because of a suspected offense. This procedure applies whether the State seeks to investigate a cellphone in its possession or asks the telecom provider for data on communication between persons. The police or the government ministries are not allowed to use the measures reserved for the Secret Services to fight terrorism, namely eavesdropping and monitoring. In a democratic state, our most fundamental civilian rights include protection against surveillance and breach of our private space by the State. This protection is critical to preserve the freedom of opinion and faith, freedom of expression, and freedom of movement.
But during this particular time, the Health Ministry issues directives under the People’s Health Ordinance and orders which the Ministry’s Director General is authorized to issue. The government may be planning to rely on this framework. Note that in so doing, the government is crossing a significant boundary in a State that is built on fundamental values, where the Knesset grants authority to the government, and where the courts serve as auditors. Resorting to an ordinance that does not require approval by the Knesset or the judicial system is a potential risk to the elementary democratic rights of all Israeli citizens.
Regardless of the legal authorization framework approved by the Attorney General, some issues have not been clarified to the public (although the government probably discussed them). Clarification of these issues is essential for assessing the risk to individuals’ privacy and liberty posed by the State’s use of technology to protect health and life.
How will the mobile data be used? Is it to inform us of possible exposure to a confirmed patient so we confine ourselves to our houses? Or is it to enforce disobedient confirmed patients to enter quarantine? Along the continuum of civilian liberty, lies a distance between encouraging social responsibility to policing and forced monitoring. Is the government planning to scan the cellular signals of clusters of more than 100 people to enforce the prohibition on gathering? If this is the case, the breach of privacy of each one of us would be smaller, since the information collected is aggregated, not personal. Or is the government going to track us individually at all times?
Given the current risk assessment, it makes sense to fine-tune the balance between civilian freedom (as reflected in individual privacy) and public health. However, any decision that attempts to modify the balance must ensure the following:
In grappling with the COVID-19 pandemic, humanity has many more tools than it ever had. These may come in handy in overcoming the disease as a significantly lower loss of human lives. Nonetheless, we must be cautious, responsive, and proportionate in employing these measures. In the absence of independent checks and balances, we risk letting in one of the biggest threats to democracy: a Police State.The virus that crowned us: COVID-19
A crisis that threatens public health, such as the outbreak of epidemic, or worse still, pandemic, entails a twofold test for human society: devising resourceful ways to outwit the biological health threat imposed upon us and ,not less important, coping with this threat in a way that protects human rights and interests of the individual.
The outbreak and spread of the novel coronavirus, COVID-19, is one such challenge. Grappling with COVID-19 is a complicated, multipronged battle with local, national, and global implications. It has to be waged on several fronts simultaneously: healthcare, economics, and foreign policy. Challenges of this scale call for inventive use of technology to help in developing various solutions.
The current outbreak is characterized by resorting to technology, in particular to data science and Artificial Intelligence (AI), to contain the virus’ spread and address its health implications. In the COVID-19 crisis, technology serves us in several ways:
A more ideal, future-looking, way involves harnessing technology to predict in advance the outbreak of epidemics and understand the pattern in which they spread. This is done by using AI, more particularly – machine learning (ML), which is capable of detecting patterns within big data sets indicating such outbreak.
While we work diligently to mitigate the risk of transmission and appreciate the apparent and potential benefits offered by technology, we must not overlook the risks that technological applications may pose to human and civil rights, as well as to social values. These risks raise the following key ethical difficulties:
One may even argue that providing remote medical care via robots and cameras instead of human care violates the human dignity of the patient. This argument raises the question of the boundaries of the ethical-professional commitment of the medical personnel, in particular during an epidemic: does the Hippocratic Oath entail the provision of care while risking the medical professional’s health and life?
Being informed about the situation is essential for allowing people to choose how to protect (or not) themselves and their loved ones, against the health risk posed to them by the virus. Knowledge and transparency are crucial also for the medical and public health professionals, so they know what and whom to avoid and which medical measures to employ.
Individual autonomy is also physically at risk, in the face of quarantine enforced by technological means, among others. Imposing large-scale confinement on civilians primarily denies them of the freedom of movement. While designed to protect public health and should only be employed following careful consideration, quarantine also compromises the right to health and the right to life of non-infected individuals. Forced into quarantine, these people cannot flee the infected area to free themselves and their dear ones from the risk of disease transmission.
Quarantine is a truly radical measure that restricts individual rights and liberties. In order to be ethically justified, it is required to meet a number of conditions:
The range of technological measures employed to deal with the COVID-19, and the ingenuity of the solutions, reflect society’s determination to ward off the danger. However, the palpable threat to public health inevitably leads to the violation of rights and liberties of individuals. We must never grow accustomed to this compromise or regard the seemingly temporarily-frail umbrella of human rights, as part of normal life. Human society, through its leaders and policymakers, will only make it through the pandemic test if it navigates the right path, implementing technological measures in a manner that results in the most limited and temporary (short-termed) violation of human and civil rights, and only where strictly necessary. Only then will the citizens of the world be allowed to celebrate the coronation of a humane and just society.