COVID-19 vaccinations
© REUTERS/Henry Nicholls
COVID-19 vaccinations in London
Israel's vaccines-for-data deal shows that records governments keep on their citizens are now a highly valuable asset. But what gives states the right to sell our medical data and who's keeping it safe from being hacked?

Disaster contingency planning is the sort of thing to make any consultant's mouth water. Dreaming up catastrophic scenarios where things go very wrong is a good way to milk a client by exploiting their fears.

When I worked on Fleet Street, one big newspaper group used to host regular disaster contingency exercises. A number of us would hole up in a remote location, and we would run a shadow operation producing the next day's edition, away from head office - which in this instance was considered to have been levelled by a terrorist bomb, with all lives lost. (It's not a far-fetched scenario - the 1996 London Docklands bombing by the IRA just outside Canary Wharf caused several nearby newspaper offices to be evacuated).

But since then, and the cessation of The Troubles, there has been no need to imagine worst-case scenarios from some soy latte and chocolate-digestive fuelled white-board brainstorming sessions. We have had the real thing to deal with.

We had the 2008 financial crisis and its lingering chaos, with greedy bankers working at institutions that are household names trousering billions and bringing the global economy to its knees. People lost their homes, their businesses, their jobs, their savings and even their lives. At the time, we asked ourselves, "What could be worse than this?".

Now we have Covid-19, sprung from an unimaginable species-crossing virus from bats, of all things, that has had a devastating global effect we could never have foreseen, killing more than 2.5m people in little over a year. And again we ask, "What could be worse than this?"

Well, Israeli philosopher Yuval Noah Harari has the answer: he expects our next major worldwide catastrophe will come in the digital realm, and, frighteningly, you have to think that he's onto something.

As he pointed out in a recent essay, the global digital infrastructure has been a tremendous weapon in fighting the coronavirus pandemic. Daily cases, deaths and hospitalisations have been able to be tallied almost instantly as information pings off satellites circling miles above our heads; scientists have collaborated over vaccines and variant outbreaks online in real time; video calls have become an everyday thing for millions of workers and school children; while large scale computerised agriculture has carried on, and freight ships continued their largely automated journeys along global trade routes, without too much disruption.

It is no stretch to say that mankind's advances in technology have reduced the risk of wiping out millions more people from the virus and starvation, yet we barely even think about that. As Harari succinctly puts it: "In the war between humans and pathogens, never have humans been so powerful."

But he also points out that if hostile agents or a rogue state successfully attacked that digital infrastructure and brought it crashing down around us, life - and death - would be very different. "It has been our salvation during this pandemic, but it could soon be the source of an even worse disaster," he warns.

However, while the tools of our digital infrastructure have proved invaluable in recent times, it is the data they manipulate that is a cause for even deeper concern. Suddenly, everyone wants our most intimate details, all in the name of fighting Covid-19 and in determining who has been immunised against it.

This is not the same data that tech giants Google, Facebook and Amazon collect as you go about your daily online browsing; this is information about what is happening inside your own body. And that is very different.

While most of us are happy to disclose our debit card details to a total stranger over the phone or online without really thinking of what happens to that data next, we would not be so quick to confess full details of a check-up for heart disease, cancer, haemorrhoids or a mental health disorder, let alone something like cirrhosis or, I dunno, HIV or gonorrhea.

Mark Zuckerberg and Jeff Bezos know data is a currency, and a lucrative one for them. And the more that data tells about someone, the higher its value. That is why pharma giant and vaccine manufacturer Pfizer was quite happy to hand over enough doses of the Covid-19 jab to cover the entire 9m population of Israel - but they didn't just want cash. Crucially, the deal included handing over for bundles of Israeli citizens' personal medical data.

For Pfizer, cash is no longer king.

What it intends to do with that data is anyone's guess; but they must see a way in which they can leverage it to make themselves more money. But if that's the sort of deal that is on the table and Israel is prepared to accept it, even with its deep knowledge of spyware and snooping on people, then you have to wonder what some nations in the developing world or those with more unquestioning regimes might make of such an offer.

And this is where the governments, the accomplices hiding in plain sight, are exploiting their access to valuable data on its citizens - personal, highly private information - for commercial and even political ends. As Harari says, this raises "concerns about privacy and data monopoly... demonstrating that citizens' data is now one of the most valuable state assets."

It is a catastrophe for our privacy. Who will hold this data, who will it be shared with and how safe will it be?

Harari paints a picture of a disaster arising from an attack on digital infrastructure. Where email and telecoms go down and stay down, and everyone is forced to hunt for envelopes and stamps in order to communicate in old-fashioned ways with others. And where our medical data has been hacked and is in the hands of malevolent players - whether rapacious corporations, criminal gangs or rogue states.

It's why I have grave concerns about the recent disturbing announcement from the president of the European Commission, the underwhelming Ursula von der Leyen, about the introduction of a vaccine-proving "Digital Green Pass" to "facilitate Europeans' lives".

Hand over your personal data to EU authorities and you can go on holiday to Greece this summer. Woohoo! Although the UK is no longer in the EU - remember Brexit? - we've been told we can take part in the scheme anyway! And we are supposed to be delighted with that?

I don't buy it. Call me suspicious or cynical, but to use the cover of a public health crisis as a means to gather valuable data on every citizen needs a very good reason and full transparency about what is to be done with that information by the authorities responsible once the public health crisis has eased.

Brussels has not had a good pandemic and we would be insane to trust them with rolling out an EU plus UK-wide scheme of this size and complexity. Who will store the data? Who will handle it? How will it be protected?

I have not seen or heard anything that makes me feel comfortable about this attack on our privacy and freedom that passes muster. Not in the least. To sign up willingly is a very bad idea, and as the price of a brief summer holiday abroad? I'll pass.
Damian Wilson is a UK journalist, ex-Fleet Street editor, financial industry consultant and political communications special advisor in the UK and EU.