Public health experts have made it abundantly clear that to safely lift stay-at-home rules we must have four key things we don’t yet have. We need fast, accurate and widely available testing. We need a better plan for isolating and supporting people who have COVID-19. We need sufficient hospital capacity, including medical and protective equipment, to treat all patients safely. And we need more contact tracing.
What kind of contact tracing? It makes sense to dramatically scale up the numbers of traditional contact tracers, who act as “disease detectives” to track known cases and the movements and relationships of their contacts. But that’s not enough. COVID-19 moves swiftly and often through asymptomatic carriers. Another way to keep up with its movements is through automated warning and contact tracing, which can provide critical information quickly about who has potentially been exposed.
U.S. PIRG is in favor of automated warning and contact tracing, subject to conditions I’ll lay out below.
Don’t get me wrong, we worry about privacy. I worry about it all the time, for a living. But despite the fact that it’s an as-yet unproven technology, I’m for automated contact tracing using smartphones. I’ve become confident that a properly designed, decentralized, privacy-forward contact tracing program can minimize privacy and civil liberties risks while filling in the critical information gaps that have stymied our societal and governmental response to the pandemic.
Of course, technology is not a “magic bullet.” But failing to take advantage of the potential benefits of an automated contact tracing app -- one designed with proper privacy and civil liberties safeguards -- means sacrificing an important tool that could slow the spread of the pandemic and give us the information we need in order to make informed decisions about when and how to “re-open.”
So what will it take to make automated contact tracing work for all of us, with respect to both health and privacy?
Successful contact tracing via an app depends on a high take-up rate by smartphone users. To achieve that, the public will need to be willing to trust both government and its corporate partners.
Those partners will certainly include Google and Apple, which have developed the smartphone interfaces (APIs) for Apple and Android smartphones that tracing apps will work with.
In addition, public health agencies will likely contract with private entities to create the apps themselves. The Google and Apple platforms should be required to conduct some degree of oversight and enforcement over the apps that are allowed to take advantage of the interfaces.
But neither the government nor the corporate players in question have consistently earned our trust when it comes to privacy. So how might we structure this personal data collection to actually safeguard individuals and allow us to trust that this time will be different?
First, the smartphone app would have to do a better job of protecting our privacy than has been the case in the past. The key “privacy by design” element for any of these tools, including the interfaces developed by Google and Apple, is to base the tracking on decentralized systems that use Bluetooth (as opposed to locational tracking via satellite or cellphone tower) to collect only minimal information and, importantly, store it only on your own smartphone -- not in a government or corporate database.
Second, participation would need to be truly voluntary. You’d need to affirmatively agree to use the app.
Third, personal information must be guaranteed not to be used for any purpose other than fighting COVID-19 -- and not just by the app maker. In addition to technological limits, there must be oversight and transparency to make sure that the app doesn’t leak information, either purposely or through bad design.
Finally, personal data collection must be time-limited, with data destroyed at the end of the emergency period.
To assure that all these conditions are met, government agencies must impose rigorous privacy and security standards on Google and Apple and any app providers. And those standards must be backed by state-of-the-art transparency and oversight by disinterested stakeholders.
(U.S.PIRG is not new to demanding transparency; we’ve monitored the states’ budget transparency over the last decade, and we’re currently watchdogging the trillions of dollars that the Federal Reserve Board and Treasury Department are doling out to companies small and large.)
We’re not alone in either our concern or our conditional approval of contact tracing apps. The technology experts at EFF (the Electronic Fronter Foundation) and the civil liberties and privacy experts at the ACLU have each set similar detailed guidelines.
For any kind of contact tracing to work, Americans must submit to some temporary loss of privacy. For sufficient numbers of Americans to participate in automated contact tracing to make it effective, they need to be assured that their digital privacy risk is time- and device-limited, and that the risk itself is not that great. The way to create that assurance is to set clear guidelines for app providers, and then create an open and transparent oversight mechanism to confirm that all participants are operating in good faith.
The COVID-19 pandemic poses an unprecedented challenge for our country, threatening our health, wellbeing and democracy. We must work together to ensure that our government has a coordinated, strategic response to safeguard the public’s health, protect consumers from emerging dangers and ensure people can still participate fully in our democracy. We must also act in social solidarity, whether by doing essential work, staying home, or volunteering our digital data in ways we normally would not.
A properly designed automated contact tracing system which minimizes threats to privacy and civil liberties offers an important potential tool to fight the pandemic. We should add it to our toolbox.