“It is always easier to believe than to deny. Our minds are naturally affirmative.” – John Burroughs
While governments scramble to get ahead of the Coronavirus, their plea for solutions to automate the labored manual contact tracing practices has ignited a slew of technologies. When Google and Apple announced they would join forces to enable an exposure notification API so app designers could build contact tracing solutions across both mobile networks, the response from the tech community was swift.
Initially, as Wired reported earlier this month, Health officials were not so hasty:
“Instead, public health officials in hard-hit states are moving ahead to deploy armies of people, with limited assistance from technology. Massachusetts has budgeted $44 million to hire 1,000 contact tracers. New York State, with funding from Bloomberg Philanthropies, said last week it plans to hire as many as 17,000. California is soon expected to announce plans to hire as many as 20,000 contact tracers.”
Clearly, contact tracing on the ground has higher efficacy rates. This requires engagement between those infected and the medical community –an onerous process but it allows health authorities to identify affected individuals, diagnose them, and quickly determine community impacts. This process requires a velvet glove treatment and patient trust.
However, the demand for automated contract tracing solutions has not abated. When the UK government initially announced the launch of the NHS Coronavirus smartphone app in mid-April, in an attempt to keep pace with the rising cases, the move was met with some alarm. Users had to register their status in the app if they experienced symptoms. This, in turn, was sent to other users who were in contact with them within a period of time.
The risk of re-identification from “swaths of Bluetooth data” and stigmatizing users was apparent. Similarly, Singapore’s highly lauded TraceTogether application with a privacy-first mandate was used in combination with medical interviews. However, it failed to get ahead of the virus, with only 13% of national adoption. In addition, health authorities were able to access discreet location details about each user’s history and would crudely inform patients within the app to self-quarantine.
In India, according to Tripti Dahr, Partner at Reina Legal, COVID-19 has blind-sighted the government, and the application launched within a system where no data protection legislation had existed before. The government made the application mandatory; it tracked user location every 15 minutes; the government stated they were not liable for the impacts to user data; there was ambiguity when it came to purpose exclusion, data minimization, and data sharing.
While some of these have been reversed in recent weeks, the fallout has been a critical case for data protection legislation within the region.
In the US, a North Dakota contact tracing app, called Care19, had been sharing its data to Foursquare unbeknownst to its users. According to Pierre Valade, CEO of Jumbo Privacy, the team discovered the app was sharing location, anonymous ID along with the phone’s advertising identifier, which included the phone name, device name, and the device unique identifier (UDID).
In the TraceTogether and Care19 solutions, encryption methods were used (to some degree) to anonymize user identity and personally identifiable information. Yet, in both cases, data operators were able to re-identify individuals. India’s case has revealed it’s not ok for the government to have access to this discrete level of information and to constantly track its citizens.
As of this writing, the protest and unrest in the US in recent days has surfaced news that officials are using contact tracing to surveil protesters.
“Minnesota Public Safety Commissioner John Harrington says they’ve begun contact tracing arrestees… Who are they associated with? What platforms are they advocating for? … Is this organized crime? … We are in the process right now of building that information network.”
While the authorities inadvertently “coined” the same term to track the virus, what has been clear is the real intent of contact tracing beyond a pandemic, and the eventual harm this will inflict on individuals and groups as opportunities to effectively promulgate novel tracking methods for government agencies and law enforcement.
The Montreal AI Ethics Institute also highlighted the shortcomings within these early solutions:
- Any centralized solution leaves the data highly vulnerable to being compromised. The creators of the system are required to be the data trust, unless they have outsourced this to a third-party, and safeguard citizens’ data. Getting a solution quickly to market has not yet addressed these potential problems. Perhaps deeper investigations should be conducted from an adversarial ML and ML security perspective to ensure the safety of these systems if they are going to be using ML to supplement the functioning of the app.
- All solutions require strong adoption (+60% of the population) to be effective. This becomes a barrier especially if the system is not mandated, and people don’t trust the system and its creators. There might also be barriers to adoption if the solution isn’t designed to keep in mind seniors, people who are not very tech-savvy, or those who are socioeconomically disadvantaged, especially in cases where people might not own smartphones.
- Will users have enough trust in the system to feel comfortable entering their symptom data, especially where this might be necessary to power an ML model functionality in the app?
- In the end, incorrect predictions, incorrect risk scores, and any other problems that can misguide individuals and policymakers has the potential to cause more harm than do good.
A more global solution was on the horizon. Apple and Google announced a partnership that was privacy-safe and relied on minimal data collection, enabling less costly solutions to traditional contact tracing methods.
On May 20th, Apple released its iOS 13.5 update that included its exposure notification. Once downloaded this will enable contract tracing applications from health authorities. Apple has been extremely judicious in restricting its API to only “Entitlement Profiles”, one per country, endorsed by a government entity. It has also constrained developer requirements to ensure the application is solely used for COVID-19 response efforts, allows only minimal collection of data necessary for the response efforts, and prohibits the disclosure of data of infected users to other users.
Location-based APIs, other frameworks in collecting device information, user location, or any other data that access personally identifiable information are prohibited. On the surface, it gives the end-user the necessary privacy protections and control. However, the sandbox that allows these apps to play is not without privacy concerns. It opens the doors to more localized solutions designed to respect the disease at the expense of the individual.
The research on Bluetooth Low Energy (BLE) technology has emerged as the go-to-solution. Numerous research papers and articles have questioned its performance and long-term viability.
We spoke with Paul-Oliver Dehaye, founder of PersonalData.IO, and member at MyData, a non-profit organization aimed at “empowering individuals by improving their right to self-determination regarding their personal data”. Dehaye has done research on proximity detection, evaluating the viability of BLE technology.
The interest in BLE has been motivated by the need for scalable, more efficient contact tracing for the rapid deployment of lockdown measures. Received Signal Strength Indication (RSSI) is the measure that infers distance from signal strength between the transmitter and receiver of two mobile devices. RSSI should decrease as distance increases. However, according to Dehaye, this may not always be the case.
There are many factors that can affect a signal strength: “emission power, emitting device antenna path; flight path; receiving device antenna path; and receiver sensitivity.” The accuracy of the RSSI reading now questions the efficacy of BLE. These findings show that the following can provide inconsistent results:
- Signal strength is much higher when people are walking side by side compared to when they walk behind one another.
- iPhones emit stronger signal strength compared to Android; Dehaye notes: “This point might be concerning due to differential impacts that might result… as iPhone ownership correlates with many socio-economic indicators.”
- Obstacles lying between the path between smartphones like furniture or walls may reflect the radio signal and cause it to have a higher or lower strength, therefore indoor and outdoor locations may exhibit different results despite similar distances.
- The location of the phones on a table have higher signal strengths than those located in purses or pockets for phones within the same distance. Phone orientation also can also exhibit discernible differences.
Invariably, in one scenario, 5 people could be sitting in a room two meters apart, with the window open and the signal would also detect two other individuals in an adjacent room where plasterboard separates them, erroneously detecting more than the required individuals within the same space. In another scenario, where a neighbor stops to chat with another in the same street, approximately three meters apart, there is a lower risk of infection.
However, Bluetooth detection may strengthen the signal between the two devices and flag the neighbors as mutual contacts when they are not. The real possibility of false positive and false negative results will make it far more challenging to effectively detect contact events, and manage social distancing policies. Read Dehaye’s insight here for more detailed insights from RSSI.
As Dehaye notes, “the Google and Apple APIs amount to a redefinition of the notion of contact for epidemiological purposes. More precisely, Google and Apple enable app developers to build their own evolving definition, but they limit the inputs app developers might use. We have seen above that the current input of just Bluetooth data is likely to be too poor. It is therefore quite possible that the amount of data accessible to apps would be expanded progressively, but Apple and Google would control that.”
For the general public who may not readily be concerned and are willing to give up their data to allow health officials to get ahead of the virus, Dehaye says this:
“You have been brainwashed. There is no digital barrier to prevent the virus from jumping to the next person. It just logs more focused data that can help us get closer “behind” an infected person. Precisely how we act with this data is very consequential and intensely political, and indeed if you think there is a broad consensus you are wrong. There are ways we could act with this data that could be detrimental to the end outcome (net negative effect).”
“With Bluetooth-based proximity tracing leveraging the Google and Apple API, we lose that common cognitive basis of equating transmission risk with physical proximity. Apple and Google get to define the rules, and will progressively get to introduce new data as input… It also will lead to a substantive shift in what constitutes a false positive and a false negative.”
Dr. Kashif Pirzada, an emergency physician in Toronto advising on some contact tracing app developer’s efforts, provided this viewpoint:
“Some elements of electronic contact tracing can be very useful but should augment and not replace traditional contact tracing by public health authorities. Bluetooth low energy signal technology is one promising but untested method, but unfortunately severely constrained by the manner in which Apple and Google have applied the technology. Public health authorities will not be able to find out about spread ‘hotspots’ without GPS data, which the Apple/Google framework prohibits. A number of privacy-preserving apps were in production, including MIT’s SafePaths and PEPP-PT in Europe which are not viable thanks to their heavy-handed intervention. There are obvious privacy risks, but robust data security and privacy legislation can be enacted for this crisis. Regardless, there are indications that we are missing perhaps 90-95% of infections, so current contact tracing may not be useful if overall case numbers are high, and traditional population-level controls will have to be used (lockdowns, closures, mask-wearing).”
Automated Contact Tracing will reshape the future of society and technology giants will greatly influence its path
For all the challenges this technology faces in addressing the current crisis, the decisions that are made resulting from erroneous results have deep societal implications. As per Pirzada, are we as a society willing to deploy solutions to get some early indications of infections, without proper safeguards in place?
Epidemiologists are still in the process of understanding the seasonality of this virus and how it mutates over time. By all accounts, contact tracing technology will create dynamic scores as it moves through the population and learns how it behaves among infected and re-infected populations. Over time, it will be an immunity score that the government will use to shape individual behavior until more is known or until a vaccine is discovered.
The risk of social stigmatization and continued marginalization of those most vulnerable will widen the socioeconomic gap unless we are able to mitigate the biases inherent in these early stages.
What we’ve also learned is that emerging unicorns – automated contact tracing which will drive towards predicting a virus’ path and bring our economies back to normal – will enliven opportunism. Health data is liquid in nature, however, this precious commodity will become a permanent record on a government’s server. Coupled with technology, this will eventually mean the advancement of Bluetooth sniffers.
We are beginning to see these looming measures to exact the level of anonymity presented by the Apple Google API but they will broaden the demand to contextualize the data between Bluetooth signals. This is an inevitability.
The move towards more decentralized solutions is now at the influence of Big Tech. However, will anonymity, which was once equated with the fringe web begin to be synonymous with privacy? If so, will Contact Tracing create a veil that can potentially conceal criminal activity amongst our valued sensitive information?
The EU Health Network developed a Toolbox for member States in response to the Contact Tracing Application solution against COVID-19, one of the most comprehensive requirements we’ve seen. Their toolbox offers thorough, and evolving requirements that seek to harmonize the approach as the economies open and travel among countries normalizes. It calls for:
- Proactive public education: regular, clear and comprehensive communication
- Fostering public debates and interaction among stakeholders
- Developing interoperability frameworks among data controllers, technology providers
- Enabling ongoing evaluation and scrutiny of solutions to ensure data minimization, storage limitations, impact assessments, and source code accessibility and accountability
One of the most circulated questions these days in the privacy community is whether privacy will survive the pandemic, or will we see it bleeding and gradually die?
Nobody knows how the world will look like five years from now. However, the hasty actions by governments, the lack of proper funding and support for privacy tech, and the rise of digital data-driven business models with complete disregard for privacy and encryption — all these are painting much more grim scenarios.
And within privacy laws, what happens when the government itself is the one not following the rules? The most recent discovery that NSH will hold Coronavirus data for 20 years belies these current legislations. Both Apple and Google have demonstrated they can’t be trusted. What’s worrying is they collectively have a monopoly on the mobile market, and right now they are the judge and jury on these platforms.
When we let the genie out of the bottle, for all the good intentions, will we come to have regrets about what’s transpired? Technology is a means to accelerate our intentions, however, unleashed without control, without education, without broad discussions, without scrutiny, technology will be what defines us as a society.
Co-author, Roxana Nasoi
Roxana Nasoi is a privacy advocate and technology Strategist, with 7 years of experience in behavioral research. Roxana is currently CSO at Tagion/i25s ApS, a board member at Aimedis, a board member at Impulse4women, a board member at Hong-Kong Israel Trade Association, and an advisor at Ideagist incubator.