Digital Contact-Tracing: Privacy vs. Security
By Anonymous | May 28, 2021
Since the outbreak of COVID-19 in early 2020, dozens of countries around the world have employed contact-tracing apps in an attempt to identify people exposed to COVID-19 and stop onward transmission. In the United States, Google and Apple forged an unlikely partnership to develop an exposure notification system for both Android and iOS devices. While some countries like China have adopted a data-first approach in which large amounts of data of its citizen are collected at the cost of significant privacy intrusion, some countries such as the United States have taken a privacy-first approach, which protects citizens’ data but at the cost of extremely limited access for health officials and researchers. Thus, a lack of trust of technology companies has undermined the efficacy of digital contact-tracing efforts in the United States.
A Wide Spectrum of Digital Contact-Tracing Methods
There are various forms of digital contact-tracing with different levels of privacy. For example, the Chinese government surveys its citizens’ movements and locations through mandatory, color-coded QR codes based on whether they have COVID-19 symptoms either through self-reporting or contact tracing; a green QR code indicates free movement as long as they scan their smartphone app before accessing public spaces such as public transportation, retail and shopping centers, restaurants, and places of employment.
Other less privacy intrusive methods do not involve the monitoring of user location and movement. Specifically in the United States, Apple and Google launched a Bluetooth-based tracing platform that allows users to opt-in to share their data via Bluetooth Low Energy (BLE) transmissions and approved apps from health organizations. In this approach, app users’ smartphones exchange and record random Bluetooth keys transmitted by beacons when the users are near one another. An infected user may voluntarily input a positive diagnosis into the app, which will then use the list of Bluetooth keys that were associated with the infected user to identify and notify others with whom the user’s smartphone had been in close contact (see images below). Unlike GPS, BLE wouldn’t be able to track people’s physical location and their movement. Furthermore, because the app broadcasts an anonymous key that cycles every 15 minutes, the explicit identification of the phone’s user is never revealed. Even if a person shares that they’ve been infected, the app will only share the keys from the specific period in which they were contagious.
First and foremost, a centralized data collection approach means that all Bluetooth, geolocation and diagnosis information is compiled in a central system, usually instituted by public health authorities that may also share the data with 3rd party systems. With Google and Apple’s system, there is no centrally accessible master list of phones that have matched, contagious or otherwise, since the central servers only maintain the database of shared keys rather than the interactions between those keys. Furthermore, while Bluetooth-based apps collect only a random identifier/key from users, it may still be possible for a government agency or tech company to link metadata associated with the user’s Bluetooth identifier such as the smartphone IP address to the user’s identity and location.
While digital contract tracing apps have had mixed success worldwide, low participation rates and privacy concerns have plagued the success of such endeavors in the United States. A central question surrounding this topic is whether people should sacrifice their privacy in exchange for security during crises such as the COVID-19 pandemic? In the United States, the response was an overwhelming no. A key reason is that people don’t trust tech companies or the government to collect, use, and store their personal data, especially their health and location information. Although user privacy and security were central to Apple and Google’s design, Americans were not convinced. For example, a survey conducted by Washington Post and the University of Maryland in April 2020 found that 50% of smartphone users wouldn’t use a contact-tracing app even if it promised to rely on anonymous tracking and reporting. Specifically, 56% cited that they did not trust the big tech companies to keep the data anonymous, while 43% wouldn’t trust public health agencies and universities. By June 2020, the level of mistrust had increased in which a new survey showed that 71% of respondents wouldn’t use contact tracing apps with privacy cited as the leading reason. Contrary to the privacy paradox argument, Americans refused to use these apps in large part due to privacy concerns.
So what takeaways can we learn to prepare for the next crisis or emergency? First and foremost, robust data protections are needed to maintain consumer trust and confidence in the marketplace. This means that clear standards and laws should enable the responsible use of data rather than a handcuff against big tech and government agencies. Additionally, state entities, lawmakers, and Americans routinely face confusion in navigating the complex and sometimes inconsistent privacy landscape. In aggregate, my conclusion is that the United States needs a set of baseline federal privacy laws that are enforceable and protect our personal information in good times and in times of crisis.