Life during COVID-19: why privacy-protected contact tracing matters
Contact tracing has come a long way from the days of the Spanish Flu when epidemiologists had to manually find and trace victims' contacts. But at what price for our privacy?
The World Health Organization says there are three ways out of the COVID-19 crisis: testing, social distancing and contact tracing.
Contact tracing can help governments relax lockdown restrictions and start to get economies moving again, but until now it's been a slow and laborious process.
However, with smartphones beaming out a steady trail of location data, tracking the disease and tracing people's movements is relatively easy.
Henri Kujala, director of global data privacy at HERE, believes there needs to be a balance between protecting public health and meeting people's privacy rights.
Henri explains: “The discussion around tracing technology has become polarized, with the fear of compromising citizens' privacy on the one hand, and the need to reduce the spread of the virus as the lockdown is progressively lifted on the other.
“The current discussions around privacy implications come from whether contact tracing apps will use a centralized system. This means that the matching process happens on a computer server rather than being confined to the device itself."
Some tech companies have proposed apps where the contact tracing data will stay on the device, which they believe limits the possibility of a breach, while others are held in a central server, which allows authorities to adapt faster as more data about the virus is accumulated, but need greater protocols for data protection. "Both methods have their pros and cons, but ultimately share the desired outcome of minimizing the virus spread," he adds.
Singapore was the first country to launch a voluntary contact-tracing app, helping it ease back lockdown restrictions and curb the transmission rate. TraceTogether uses Bluetooth to speak to other phones with the app, exchanging anonymized user data so that health authorities can trace if you've been in contact with an infected person.
Experts say Bluetooth-based apps are better for privacy as generally they only send and receive anonymous data that remains on your device and not a centralized server. Apple and Google's new application programming interface, for instance, will use Bluetooth and is being lauded as the right way to go about this. The jointly-developed API will bolt into existing apps and allow users to opt-in to allow information to be collected and shared while protecting user privacy.
The UK's NHSX contract-tracing app launched recently, in a trial on the Isle of Wight. This opt-in app will be downloaded on a voluntary basis, so no information will be processed unless a person opts in, and its use limited to a specific time frame. Based on Bluetooth technology, it will focus on the proximity of people to one another rather than on their specific location. In the US, three local governments have so far signed up to MIT's Private Kit, which is open-source and uses encryption and Bluetooth to preserve and limit the amount of data being collected.
According to the digital privacy campaigning organization Open Rights Group, trust and transparency is the key to getting digital contact tracing right. Its executive director Jim Killock, said:
“The government has a right and duty to use data in unanticipated ways to defeat the public health emergency. The point of transparency, as everyday privacy expectations are changed, is to ensure that people trust the actions of the government."
For voluntary apps to work properly, they need mass adoption: researchers from the University of Oxford say that 60% of the population need to use apps like TraceTogether for them to be effective. At the moment, only one in five people have downloaded the Singaporean app, and Israel's 'HaMagen' privacy-protected contact tracing app has only been downloaded by 17% of people.
South Korea's Center for Disease Control is using location data from 28 organizations, including mobile phone companies and credit card providers, to trace the movements of people who've previously tested positive for COVID-19 and who they come into contact with.
It is also pushing anonymized data to people's phones that shows confirmed patients' travel routes, the public transport they took and where they're being treated.
Once the epidemic is over, the organization says all data will be deleted.
How do contact-tracing apps work?
In Bahrain, people who test positive have to wear a GPS smart bracelet and use an app that's able to monitor their movements. Additionally, they may be asked to send a picture to prove they are self-isolating and are still wearing the bracelet. If they stray out of quarantine or move more than 15 meters away from their phone, a local government monitoring station is alerted. Penalties include fines that start at $272 and potential prison terms of no less than three months.
A similar containment measure in Hong Kong requires those in quarantine to download its StayHomeSafe app and wear a smart wristband to monitor their movements. Violators risk fines of up to $3,200.
China, meanwhile, has been using facial recognition technology with thermal imaging to detect people with fevers and reports a 99% success rate. Taiwan has curtailed its coronavirus cases (the country has had only seven deaths to date) by ordering those who test positive to undergo mandatory quarantine and monitoring them through their phone's location data. They are sent alerts if they stray out of their quarantine zone – and authorities randomly call people to make sure they're still with their phones.
Taiwanese government spokeswoman Kolas Yotaka told the Guardian: “We are not using any advanced surveillance technology. It's simply tracking based on their phone's sim cards and their nearby base stations. To prevent more infections and fatalities, it's a measure we have to take."
In an open letter to governments, 300 hundred academics from more than 25 countries warn that contact tracing shouldn't stray into mass surveillance. The letter said: “Some of the Bluetooth-based proposals respect the individual's right to privacy, whilst others would enable (via mission creep) a form of government or private sector surveillance that would catastrophically hamper trust in and acceptance of such an application by society at large.
"It is crucial that citizens trust the applications in order to produce sufficient uptake to make a difference in tackling the crisis. It is vital that, in coming out of the current crisis, we do not create a tool that enables large scale data collection on the population, either now or at a later time."
In the COVID-19 world, location data is being used like never before, heightening concerns over data privacy.
Have your say
Sign up for our newsletter
Why sign up:
- Latest offers and discounts
- Tailored content delivered weekly
- Exclusive events
- One click to unsubscribe