An individual’s right to privacy and the greater common good are on a collision course as societies race to contain and mitigate the coronavirus pandemic. New technological solutions may help us achieve both aims, but they come with risks.
There is universal agreement that a return to any semblance of normalcy during the ongoing pandemic is going to require at least two things. First, we need to scale up testing to find those infected with the virus, even if they are not showing symptoms, and make sure they are isolated. Next, we have to find people who may have been in close proximity to infected individuals long enough to have put themselves at risk — a process called contact tracing — and ask them to self-quarantine.
Public health officials are good at manual contact tracing — which involves calling infected people and interviewing them to find those who might have been exposed. But manual methods, employed, for example, to deal with outbreaks of Ebola, cannot scale up to handle the coronavirus pandemic. Here’s where technology steps in.
“With regard to this pandemic, we don’t see [automated contact tracing] as being too late to intervene, we see it as the only way through,” said Louis Gutierrez, executive director of the Massachusetts Health Connector, on April 16, at ImPACT 2020, a conference on Private Automated Contact Tracing, organized by MIT.
Some countries have already demonstrated the efficacy of technology-enabled contact tracing in reducing the number of infections and thus the burden on a nation’s health system, particularly South Korea and Singapore. But their methods — effective as they have been — have raised serious concerns about the loss of privacy. For example, South Korea’s system, using widespread surveillance technologies, identified and divulged information about an infected person, including the age, gender, and details about their movements, sometimes minute-by-minute and at times salacious.
These methods are not going to work — and they should not be used — in liberal democracies. We have to ensure that contact-tracing methods that compromise our privacy don’t become the norm in the quest for short-term relief from the pandemic.
This sentiment is fueling researchers in the United States, Europe, and elsewhere, as countries race to develop privacy-preserving smartphone-based solutions designed to aid public health officials in the fight against the virus. These include researchers at MIT and the University of Washington in Seattle, among others.
One class of solutions will use a smartphone’s Bluetooth transceiver. The basic idea is simple. Each phone periodically broadcasts a Bluetooth “token”— randomized and anonymized so that the transmitting phone cannot be identified. Nearby phones receive these tokens and hold on to them for, say, two weeks.
Now, suppose Bob tests positive for the virus. Bob uses the app to upload the tokens generated by his phone over the past two weeks to a central server. The apps on other phones periodically query the server and get a list of “infected” tokens and match them against the tokens stored on individual phones. Say Alice’s phone finds a match, because her phone has exchanged tokens with Bob’s. The app alerts Alice that she is at risk, because she probably came close to someone who was infected, without revealing Bob’s identity. Alice takes some appropriate action, such as self-quarantining or contacting a public health professional.
Google and Apple recently announced that they would provide the basic infrastructure, baked into the Android and iOS operating systems, to build such applications. But as speaker after speaker at the ImPACT 2020 conference made clear, the challenge will be in getting the details right —including using advanced cryptography techniques to ensure that the tokens cannot be traced back to their originating phones, carrying out security analyses of the apps to safeguard against hackers and spammers, and making the code open source so that it can be examined by independent experts.
“Liberty can be preserved if we use the technology right,” said Ran Canetti of Boston University and a PACT team member, speaking at ImPACT 2020.
Ramesh Raskar, associate professor at MIT’s Media Lab, applauds these Bluetooth-based efforts, but argues that such methods alone cannot reveal approximately when and where you may have crossed paths with someone who tested positive, to better assess your risk of infection (maybe you were wearing a mask then, for example, lowering the risk, or maybe it was a really crowded place and you weren’t wearing a mask, raising the risk).
Raskar’s team is working on an ecosystem of apps that rely on your phone’s GPS. Individuals will be able to download an app called Safe Paths, which will store a time-stamped trace of your movements over the course of, say, two weeks. This information stays on the phone. If an individual tests positive, they can contact a public health official and voluntarily offer their GPS trails. The official would then use another Web-based app, called Safe Places, to first redact any identifying information from the GPS trails (such as home or work locations) and release it to a central server. The Safe Paths app on other phones would then download the redacted trails of infected people and compare it against the private trails stored on the phone — and alert the user of situations that could have led to exposure.
Eventually, even the GPS trails of infected persons would be encrypted to ensure complete privacy. Raskar thinks that GPS-based solutions offer more privacy and security than Bluetooth-based solutions. For example, the latter require phones to be constantly transmitting tokens — an invitation for third-party app developers to tap into this stream of information. “It’ll definitely get used for commercial reasons,” said Raskar. “This will become commonplace. And then we won’t be able to turn the clock back. That’s a challenge.”
He also worries about Google and Apple having control over the servers that store the Bluetooth tokens. “It is possible that Google and Apple will start playing God, and they can decide which apps have access to this and which apps don’t,” said Raskar. “That can become a monopolistic issue.”
Independent auditors and experts will have to ensure privacy is indeed being safeguarded by these apps. As citizens, we need to be aware of what we will be signing on to when we use these services. Voluntarily offering up redacted information scrubbed of all identifying details when we find ourselves testing positive will be the high-tech equivalent of wearing a mask. We’ll be doing it to protect others. We are more likely to do it if we can be certain that our own privacy is not at stake.
Anil Ananthaswamy is a Knight Science Journalism research fellow at MIT and a journalist and author.