Since the COVID-19 crisis began, many universities have looked to novel technologies to assist their efforts to retain in-person operations. Most prominent are untested contact tracing and notification applications or devices. While universities must commit to public health, too often these programs invade privacy and lack transparency. To make matters worse, some universities mandate these technologies for students, faculty, staff, and even visitors. As we’ve stated before, forcing people to install COVID-related technology on their personal devices is the wrong call.
This is why the EFF is launching our new campaign: End University App Mandates. Please help us call on university officials to publicly commit to the University App Mandate Pledge (UAMP). It contains seven transparency and privacy-enhancing policies that university officials must adopt to protect the privacy, security, and transparency of their community members. Whether you are a student, a worker, a community member, or an alum, we need your support in defending privacy on campus.
Surveillance Is No Cure-All
Technology is not a silver bullet for solving a public health crisis. If COVID-related apps or devices will help at all, they must be part of a larger public health strategy, including participation and trust from the affected community. In other words, even the best contact tracing and notification software cannot be a substitute for regular testing, PPE, access to care, and interview-based contact tracing. And no public health strategy will work if coercive and secretive measures undermine trust between the educational community and university administrators.
Beyond the invasion of our privacy, public health measures that use digital surveillance also can chill our free speech. These programs, and the ways they are implemented and enforced, also can have a disproportionate impact on vulnerable groups. This is why university leadership can encourage participation in these measures, but ultimately these programs must remain voluntary.
Users can’t offer their informed consent to the app or device if it is a privacy black box. For example, leadership must make it clear whether any collected information can be accessed by law enforcement, and must disclose the privacy policies of external vendors.
Universities must also outline exactly what precautions and protocols they are implementing to protect their community from data breaches. Novel technologies created in rapid response to a crisis have a greater potential for security vulnerabilities, as they have not fully received the sort of rigorous testing that would happen in a normal development process. This makes it even more essential to open these programs to public scrutiny and allow individuals to assess the risks.
How You Can Help
There are 4,000 colleges and universities in the United States, all impacted by the current pandemic. There is a vast variety of tools and policies being implemented at educational institutions across the United States.
So we are targeting every college and university with our campaign. Every time a college or university receives 100 new petitioners, we will deliver the petition letter to the institution’s leadership. We will also work with local advocates to implement these necessary and urgent changes.
To make this campaign possible, we’re turning to our nation-wide network of grassroots and community activists in the Electronic Frontier Alliance and beyond. If you are part of a student group or community group potentially impacted by these app mandate policies, please sign the petition and consider applying to join the Alliance. We want to work with you to push leadership to adopt this pledge through direct action, and assist your local efforts in defending privacy on college campuses