In August 2020, the University of Illinois at Urbana-Champaign (UIUC) welcomed approximately 60,000 students, faculty, and staff for a hybrid in-person/online semester. According to campus leadership, the decision to open was made possible by its innovative SHIELD: Target, Test, Tell initiative.
A crucial part of this program was the Safer Illinois app, a health-tracking app designed in-house through a public-private, for-profit relationship called the ROKWIRE initiative. This app provided users with COVID-19 symptom tracking, monitored COVID-19 exposure, and organized COVID-19 saliva-test results and communications with health officials.
Despite this novel technology, on-campus COVID-19 cases reached two thousand less than a month after the semester began, but UIUC refused to let this surge halt its reopening. Since then, UIUC has been making plans to sell their COVID-19 testing-and-monitoring infrastructure to similar institutions. (See also here.)
While COVID-19 provided an impetus for rolling out the app, its development started before the pandemic. The app’s beginnings can be found in the cloud services, databases, information technologies, and public-private relationships that have made the campus a hot spot for student-data extraction and market experimentation.
Once the pandemic began, UIUC wasted no time in fitting the app into to the alleged needs of the moment. Along the way, UIUC and the Safer Illinois app entered into students’ lives, homes, classrooms, and campus, bringing the violence of the border, too.
How did this happen? Under COVID-19, the general approach universities take in managing the campus can be described as “pandemic capitalism.” As Naomi Klein illustrates in her analysis of disaster capitalism, the pandemic provided the necessary “disruption” to undermine public institutions and radically transform them.
UIUC’s SHIELD initiative gained traction as a solution to the pandemic; however, SHIELD’s accomplishments come at a price, such as the lack of public accountability and oversight. Due to the legal nature of the public-private relationships associated with the SHIELD initiative, multiple requests by concerned campus-community members regarding details of the app and the initiative itself have gone unanswered.
The SHIELD initiative uses ROKWIRE’s (UIUC) platform, which is a version of ROKMETRO’s (private) open-source “ecosystem.” ROKWIRE is a UIUC smart-city initiative developed prior to the pandemic. It includes the Illinois app, which students can download to gain access to campus resources, activities, and discounts. But the Illinois app also offers the campus as a test lab for companies and product testing. (See the “sandbox” video here.)
Before the pandemic, UIUC had ambitious plans to institute ROKWIRE’s Illinois app as “the official mobile app of the University of Illinois at Urbana-Champaign.” These plans included a summer 2019 procurement for ROKWIRE, and UIUC awarded a $13-million contract to Bureau Gravity to help market the app.
Ostensibly, this procurement will pay off, since the app functions as the key to a profit-generating scheme to exploit and sell student data. Once students download and consent to the app’s privacy policy, their data is available for purchase by third parties, including state agencies like local law enforcement, US Immigration and Customs Enforcement (ICE), and the Department of Homeland Security (DHS).
Eventually, this app figured in the COVID-19 reopening strategy. Initial plans were designed to require all students to download the Illinois app to obtain access to the university’s COVID-19 testing program and, thus, to campus. However, these plans were successfully challenged by the Graduate Employees’ Organization (GEO) and some members of the university’s senate who expressed privacy concerns related to the app. Together, they forced the university to lift the mandate requiring the downloading and use of the app.
In response, the university created a second app: Safer Illinois. Administrators claim that Safer Illinois, although related to ROKWIRE’s Illinois app, is not directly tied to the university’s profit-generating plans. Yet, conflicting details on the app’s privacy and consent webpages suggest otherwise.
Safer Illinois exemplifies Silicon Valley’s ideology of techno-utopianism, which posits that technology will eventually solve or dissolve all social problems. Techno-utopian solutions appear apolitical, technical, and backed by scientific authority. In practice, they are often expensive, untested, for-profit initiatives that fail to live up to their promises.
These initiatives are often realized through public-private partnerships that usurp the role of government in vital areas such as public health and education. These toxic partnerships exploit public resources for private profit under the guise of streamlining institutional functions. Moreover, these murky public-private relations produce spaces where state violence is hidden and rendered beyond accountability.
Many university administrators, already pushing a move toward online learning prior to the pandemic, received carte blanche to move forward with these initiatives. These administrators often bypassed the Family Education Rights and Privacy Act (FERPA), through partnerships with for-profit private online-learning platforms; they even engaged in online proctorships, mandating the use of invasive facial-recognition technologies with well-known racial biases.
Universities cannot assume that student-data collection is safe for every student.
In 2018, the MIT Technology Review reported that ICE was accessing immigrant data through Palantir’s Integrative Case Management system, which then stored its data on the federally authorized Amazon Web Services (AWS). This is the same cloud service that UIUC uses to host the data from the Safer Illinois app. The proximity of these datasets is alarming, especially because the way these “public-private” contracts operate allows no public oversight or accountability. What UIUC has failed to acknowledge is that these data-storage practices have the potential to compromise the privacy and security of vulnerable populations, like Deferred Action for Childhood Arrivals (DACA) students. Indeed, CNN has reported that in spite of a federal law that protects DACA information from ICE, ICE does have access to this data. And even the Safer Illinois app, despite its claims to robust data privacy, is required to follow the University of Illinois System Privacy Statement, which allows for the sharing of information with “U.S., state, local, and foreign government entities.” This data sharing has potentially devastating consequences for the DACA and undocumented UIUC community.
With the potential surveillance capacity of COVID-19 tracking apps like UIUC’s Illinois or Safer Illinois apps, we ask: Where is the border? Common sense might point to a line on a map or draw attention to more legal and jurisdictional definitions. However, Étienne Balibar put forward the provocative thesis that borders are everywhere, challenging us to reflect on the many ways in which borders are instantiated.1 More concretely, border scholars have expanded the definition of the border so that it does not so much refer to states’ official territorial limits but to their practices of managing migration, often far from these official borders. In this sense, borders extend outward to allow for maritime interceptions and for immigration enforcement carried out by foreign governments and private actors. They also extend inward, through the 100-mile border zone that allows US Customs and Border Protection to set up checkpoints and conduct routine searches without Fourth Amendment safeguards. Borders also insidiously intrude into our everyday lives.
Meanwhile, biometric surveillance, information technology, and computational power have advanced in recent decades. Combined, these advances allow for complex, hi-tech borders and increasingly fine-grained migration management. This is not a simple case of whether or not migrants are included in the data; nor are borders almost ever entirely open or closed. Rather—amplified by this new tech—borders are filters that interact with the legal statuses that they both detect and assign (e.g., citizen, permanent resident, temporary worker, refugee, or unauthorized immigrant). All this means that some migrants pass effortlessly through such tech borders; others gain—or are denied—entrance at a cost.
This “smart” border may not be everywhere, but neither is it solely localized in official ports or checkpoints. Instead, it is deployed strategically with precision in our cities, workplaces, and schools, facilitated by everyday objects such as our mobile phones.
In recent years, the private sector rushed to profit off data collection. And this private collecting has been a crucial site in which DHS and ICE surveil, monitor, track, detain, and deport migrants. ICE is particularly eager to access private databases that do not face the same restrictions as government agencies in data collection.
COVID-19 tracking apps are by no means the only problematic technology on campus. As university legal communities have pointed out, legal-research tools like Westlaw (owned by Thomson Reuters) and LexisNexis (owned by RELX) share their data with the data-analytics contractor Palantir. Palantir in turn provides tools to ICE to facilitate the deportation and detention of immigrants. And, as noted above, ICE accesses data not only through Palantir. The agency already uses and accesses the same servers and datasets that are employed by UIUC and its latest app.
How to stop such private surveillance for public violence? Our ability to influence national legislation or the administration of powerful agencies such as the Department of Homeland Security is diffuse. (That said, we should not overlook opportunities to support campaigns by organizations such as Mijente, the Electronic Frontier Foundation, and the ACLU.)
Even so, the response to UIUC’s experiment was, for now, successful. How the UIUC campus stopped the demand to use the first app reveals that people can take action to protect themselves and the most vulnerable members of their community. Workers, students, and community members wield considerable power in their organizations and communities.
People need to be able to opt out of their data being collected and to control how it is used and shared. This requires regulations on what data is collected, how it is stored, and how long it remains available. Of particular importance for immigration justice is a specific need: to construct legal firewalls between divisions of government and public organizations, so that the data they collect cannot be abused for immigration enforcement.
Institutions like universities must also be clear and direct about their intentions and plans for data collection. Current privacy laws are insignificant against technically legal but nonetheless predatory practices. And in today’s legal landscape, once consent is given and a student’s data hits the market, there is little protection about who can access the data and how they use it.
Universities also need to understand that the politics of data collection has differential consequences for individuals and their social networks. They cannot assume that student-data collection is safe for every student.
Because of these high stakes, it becomes even more urgent to treat universities and other organizations as sites for mobilization. Data justice, campus organizing, and immigration justice are closely intertwined. Therefore, universities are key spaces for collective struggle.
This article was commissioned by A. Naomi Paik.
- Étienne Balibar, “The Borders of Europe,” in Cosmopolitics: Thinking and Feeling beyond the Nation, edited by Pheng Cheah and Bruce Robbins (University of Minnesota Press, 1998). ↩