Privacy, health and the economy: the debate around contact tracing

Autore : Alessandro Piol

Data: 03-06-2020

Tipo: Other

Tematica: Innovation

As the world tries to defeat COVID-19 and get back to normality, the attention is shifting to what we can do to protect ourselves and others from infection, and how to contain the spread of the disease. There is no single action that can solve the problem: it is a systematic approach that includes wearing protective gear, maintaining social distance, and following basic rules of personal hygiene. It also requires ubiquitous testing and the ability to warn individuals who might have been in the proximity of an infected patient. This last element is particularly important because this coronavirus scan spread very quickly and it may take days before a victim becomes symptomatic, during which time many more people could get infected. One way to address this problem is to trace the whereabouts of the infected patients over the previous two weeks and warn the individuals who have been in physical contact with them, so that they can in turn get tested and act.


Contact tracing is not new and is generally recognized by health experts to be an effective technique when trying to contain and understand infectious disease outbreaks. During the HIV epidemic in the 1980s, for example, health officials at the Center for Disease Control (CDC) would interview people who had contracted HIV and find out what places they had visited recently, and with whom they had interacted. Health workers would then phone potentially infected people and ask them to get tested: a cumbersome and slow process, but effective. Before the HIV/AIDS crisis, contact tracing had already been successfully used in Africa during the Ebola emergency, and subsequently employed to help contain the SARS and H1N1 viruses from spreading. It is hence only logical that in order to contain a highly infectious disease like COVID-19, government officials around the world are planning to hire teams of health workers to help trace potentially infected people. In the state of New York, for example, Governor Andrew Cuomo, with the help of former New York City Mayor Michael Bloomberg’s philanthropic donation of $10.5 million, is planning to hire as many as 17,000 tracers. By some estimates, the United States need to deploy 100,000 to 300,000 contact tracers to tackle the spread of COVID-19.


Differently from previous crises, though, today we have an additional arrow in our quiver: we have ubiquitous technology, in the form of smartphones, that can help us in the process of early warning. The advantage of using technology is that you can collect data faster and more precisely than if you do it in a traditional way, and you can communicate to a large audience instantaneously. Digital contact tracing now more appropriately renamed “exposure notification,” is seen by many as a critical and vital technology to tame the virus and get the world back to normality.


Hundreds of organizations, states and countries have been hard at work, in conjunction with technologists from all over the world to create the perfect solution, one that would guarantee privacy, be widely used, work effectively and flawlessly, minimize false positives and negatives, and not deplete the phone’s battery life too quickly. Sadly, that solution cannot be implemented today. It is not as much a question of technology (technical challenges can be solved over time), but rather because its implementation touches on a number of socio-political issues, that require trade-offs and will take a while to get resolved in a way that can be accepted by most people. Depending on how the technology is implemented, it has the potential of violating people’s privacy, and even civil rights. The debate around this issue is exposing citizens’ trust in their governments (or lack thereof), generating debates about haves and have-nots, fueling technology squabbles, and, at the end, we don’t even know whether a solution that makes everyone happy can even deliver on its promise.


Some of the technical problems have already been solved largely because the two big players in the smartphone business, Apple and Google (“A/G”), got together in an unprecedented collaboration to come up with technology (built into the iOS and Android operating systems) that can run in the background, avoid interference with other applications, and consume less power. This technology can then be accessed through an API (“Application Programming Interface”) by any exposure notification app that is being created for smartphones. It uses a clever mechanism of encrypted “keys” that are used to exchange anonymous tokens between phones when they are in proximity of each other. The detection happens via Bluetooth and the information is kept strictly on the phones. GPS is not used, so location is not recorded. This is all done in a way to protect user privacy. When someone tests positive, they can – at their option – upload the encrypted key onto a “neutral” server. The server decodes the key from the infected person’s phone and makes all the tokens that were generated available to all the phones that were in its proximity within the previous two weeks (or whatever length of time is deemed necessary). If you have a “match” (one or more of the tokens you collected match the ones created by the “infected” phone), then you know you were in the proximity of an infected person and you need to get tested. All the tokens on all the phones are erased after two weeks. A/G also advocates turning off the exposure notification technology after the crisis is over. Of course, exposure notification may turn out to be a constant feature of our new life post-COVID-19.


The architecture developed by A/G is “decentralized” because all tokens are kept on users’ phones and the “matching” happens on the single phones as well. Only the infected person’s key is uploaded to the server (in an anonymous way) and no data about all the other users is collected. The users who have been exposed don’t know who the infected person is, and it’s hard to guess because no location data is gathered. In Europe, a coalition of researchers from several European institutions have developed the Decentralized Privacy-Preserving Proximity Tracing (“DP-PPT”) protocol, that syncs up with the API A/G have developed. This protocol has been adopted by many European countries.


The other school of thought is to have a “centralized” approach. In this case, the data from the infected person as well as the data from all users’ smartphones are loaded onto a server (likely government-controlled) and the matching is done there. In this case the app creator won’t be able to use A/G’s API because currently, and by design, that technology does not allow for the data to leave the individuals’ phones. A group called Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT), has developed a centralized protocol that is being adopted by a few countries. In some cases, the apps might also collect other information that will expose the users’ identities further, as we have seen in China and South Korea.


In South Korea, as well as Taiwan, data sharing legislation passed since the MERS and SARS outbreaks, now give emergency powers to the government to collect and publish detailed contact tracing information. If someone tests positive for COVID-19, the health authorities broadcast a message notifying resident that they have been in proximity of an infected person and inviting them to look at a website to get further instructions. While the information is decoupled from the name of the person, data about gender, age and location are published on the website, sometimes with a detailed log of their movements, in some cases generated by analyzing closed-circuit television feeds and credit-card transaction information, with the time and names of the businesses they visited. It may even include information about which rooms of a building the person was in, when they went to the bathroom and whether they wore a mask. Even overnight stays at ‘love motels’ have been recorded. Prioritizing health over privacy, public health officials were able to take swift, decisive action that helped flatten the curve quickly and save lives.


In China, contact tracing is just a small expansion of what’s already happening: the government has for a long time employed facial recognition technology to control the activities of their citizens (as well as, it is believed, to target ethnic minorities). Now they have expanded their existing digital surveillance network to capture people’s health data as well, by compelling residents to check and report their body temperature and medical conditions. They have rolled out apps that can determine who can safely leave their home without infecting others, by creating a “health code” based on information like a user’s location, recent travel, and health data. Upon entering a shopping center or taking the subway, individuals now must prove that they are at low risk of infection by scanning their health code and receiving a color-coded answer (green, yellow or red) depending on their conditions. Because they can track location, Chinese authorities can quickly identify suspected virus carriers, track their movements and identify anyone they encountered. This approach completely ignores privacy concerns and employs all available information, from GPS, to biometric information, to user-provided data. It is an effective, though autocratic method of containing the spread of a virus.


Within Europe, different countries advocate different solutions. In France, the government has adopted the centralized PEPP-PT framework. But Apple’s operating system prevents contact-tracing apps using its Bluetooth technology from running constantly in the background if that data is going to be moved off the device, a limit designed to protect users’ privacy. France has been trying, unsuccessfully so far, to convince A/G to modify their technology to be able to capture more data than what A/G are planning to let through. According to French Digital Minister Cedric O, “It is up to the public authorities, with their qualities and their faults, to make the choices they consider to be the best for protecting French women and men.” An interesting statement by a country that was one of the key promoters of the General Data Protection Regulation (“GDPR”) aimed at protecting individuals’ data privacy (and delivering stiff penalties to the infringers). Aside from the risk to privacy, there is the additional security risk of having millions of personal data records in a single place: a nice target for hackers.


While the UK seems to be following on France’s footsteps, proposing a centralized solution, the rest of Europe is going towards decentralization. Italy has launched its app, based on the A/G technology, in regional pilot testing. Norway has already launched an app that is decentralized, and so has Austria, even before A/G’s announcement. It is not clear why Europe cannot get together and come up with a single solution that would fit everyone’s needs while at the same time respect the GDPR privacy guidelines issued a couple of years ago. Using different protocols and different apps could be fine as long as people stay within their regions but creates an interoperability problem for travelers moving from one country to another, as they won’t be able to detect their proximity to infected individuals outside their own region.


One additional issue is that the system can only be effective if a critical mass of people uses it. Epidemiologists say that 60% of the population needs to use it to assure a dense enough network of devices exchanging information. Given that the penetration of smartphones among the adult population in the US and Western Europe hovers between 76% and 81% (according to Pew Research Center data for 2019), to get to 60% usage we would need to have 74-78% of smartphone owners opt-in to use the proximity apps: a lofty goal. Even if 60% usage is reached, it won’t cover all cases and record all close interactions. With a 60% penetration, 36% of close contacts would be recorded on average, leaving out about 2/3 of the interactions. In China, where the opt-in is practically mandatory because it’s the only way to enter subways and shops, 90% of residents have signed up for the app. But the take rate in countries where residents are not forced to use the technology is much lower.


It should also be noted that in some nations it might be hard to reach the population most at risk. In the US, for example, the penetration of smartphones within the adult population is 81%, with total penetration of mobile devices (simple cellphones + smartphones) around 95%. According to the Pew Research Center, the poorer segment of the population, as well as the population over 65, are the demographic segments most likely to be using a simple cellphone that cannot track potential exposure. And those seem to be the two segments of the population that COVID has hit more harshly. If an infected person is likely to have interacted with high risk individuals without a smartphone, traditional contact tracing will have to be employed. In many countries, at least initially, digital exposure notification won’t completely replace traditional contact tracing, but it will be complementary to the traditional methods.


The density required for this technology to work is an issue that touches on civil liberties, privacy and civic duties. The fact that it differentiates among demographics, with the “haves” owner of smartphones in a privileged position over the “have-nots,” who happen to be the population most at risk, has already been fodder for discussion. In an ideal world, when your privacy is at stake, it should be up to the user to decide whether to download the app and use it. But it should also be a civic duty to use the app, as it is a way to protect both yourself and others. Since it cannot be made mandatory, at least not in a “democratic” country, the citizens will need to be convinced to opt-in and make use of the technology, which means that they will need to trust the authorities that the approved app is safe and protective of their privacy. The authorities, in turn, will have the challenge of communicating clearly to the public the advantages and the necessity of using the app. It is a test of civic education for the citizen, and transparency for the government authorities.


It all comes down to a key question: is the well-being of a society the sum of its individuals’ well-being? Is it acceptable to make some people worse for the sake of others? We must accept that we cannot reject off-hand a technological quantum leap on the grounds that it might deprive us of liberty. That’s because during a pandemic, the alternative is interminable lockdowns, which rob us of even more freedom. At the end, you can only choose two out of three among health, privacy and the economy. Preserving health and privacy will inevitably lead to longer lockdowns. Prioritizing economy and health will require some compromises on the privacy side. And if you want the economy to be open and data to be private, mitigation systems will be less effective and population health will suffer.


Given all these difficulties, is deploying a digital exposure notification system still worth the effort? The quick answer is yes. It is worth it because every little bit helps. It can help track down at least some of the people who have been exposed and warn them to take the necessary steps to get tested. It is also worth it because we are at risk of future pandemics and being able to launch and test a system now, and learn from it, will put us in a much better position for a quicker and more effective reaction next time. But it is not a solve-all solution. It is a piece of what we need to do to solve the bigger problem of restarting our economy. We still need to take the necessary precautions to minimize the accidental spread of the disease: wearing protective gear, like masks; maintaining social distance; and following basic rules of personal hygiene, like washing our hands with soap often. We need to take additional precautions for the people at high risk, because they are also harder to track and protect with technology. And contact tracing is almost useless without ubiquitous and aggressive testing, with quick turnaround time, because it’s the only way to pinpoint who is infected, isolate them, and avoid going into massive lockdown again. Finally, proximity notification is not a substitute for traditional contact tracing, but a complement to it, hoping that it will be able to handle a good portion of the cases and point the health workers in the right direction more quickly.


Let me remind you that credit is the lifeblood of business, the lifeblood of prices and jobs.

Herbert Hoover […]


Good health is essential to social and economical development and it empowers all of the public sectors.

World Health Organization […]


Innovation is the specific instrument of entrepreneurship. The act that endows resources with a new capacity to create wealth.

Peter Drucker […]

Human Capital

Talent is a source from which water flows constantly renewed. But this source loses its value unless it is properly used.

Ludwig Wittgenstein […]