As countries prepare to phase out efforts to prevent the spread of Covid-19, there is hope that technology will come to our rescue where a medical solution has not seen us so far.
Contact tracking apps are designed to automate the process of tracking those who have likely been in contact with the virus. The basic principle is that they allow us to be tagged (or tag ourselves) if we develop Covid-19 symptoms and test positive. The app then uses some form of position data (not necessarily location data), along with what it knows about who we’ve been around with, to warn those at risk of getting infected to isolate and test themselves .
Sounds great, right? Perhaps. The fact is, however, most of us don’t really understand the exact details of what data is being collected, what it will be used for, and who has access to it.
This means that there is a danger that people will distrust and refuse to use these apps. If an insufficient number of people decide to participate, the overall effectiveness of the app will be greatly reduced.
A number of different contact tracking systems are in use or being trialled around the world. In the UK, the organization responsible for the app, the NHS, has defended its decision to use a centralized data collection and analysis model rather than a decentralized model preferred in other areas. Centralized models are fundamentally less private – since someone has ultimate control over everyone’s data. Their logic is that the need for health care in these circumstances is more important than the need to maintain privacy. As Dr. Ian Levy, Technical Director of the UK’s National Cyber Security Center says in this very informative blog post, “An app that offers fantastic demonstrable privacy but doesn’t stop the disease is not a useful tool.”
This is certainly true – the problem is that it is equally true that if the app is not trusted and adopted enough, it will not be a useful resource. There is no escaping the need to balance the two primary requirements of public safety and information security.
This, of course, is the same argument that has been raging for decades. Is it correct or necessary that we give up privacy expectations in exchange for data security? However, the difference today is that since participation in contact tracking apps is completely voluntary, this is now a decision we all have to make for ourselves – and our own decisions can easily affect the lives of others.
Centralized versus decentralized?
Centralized data aggregation and analysis, as used in the NHS app, gives health services the benefit of a better overview of the data, meaning connections and insights that may not be apparent from a decentralized system. At the same time, there is a risk, however small, that data could be leaked or stolen and eventually used for reasons we did not intend when we agreed to share it.
In the case of the NHS app – where it is functionally necessary for data to be shared with healthcare providers and other users of the app – it is possible, although highly unlikely, that someone with access to all systems (including NHS patient records) can “dot the i’s” and use encrypted data to identify individuals. The system is designed in such a way that no one has access to all these contact points. However, as Dr. Levy suggests in his blog, it is not possible to say with 100% certainty that a malicious actor would never be able to take control of it at some point. In addition, users’ IP addresses are logged by “commercial front-end” components of the software stack. While access to those logs is strictly controlled, again it is not possible to say that this security will never be breached.
One aspect of this app that makes me optimistic is that it is completely open-source. The code is available in its entirety to be parsed and analyzed so that people with more programming knowledge than me can at least verify that it does what it says it does, nothing more, nothing less.
This means, for example, that we can be sure that, as was initially widely believed, the app is not using location data to keep track of where we go and who we see. Instead, it uses Bluetooth signals to detect your proximity to other people. In other words, any position data that is collected and sent is relational to other app users around you, rather than your geographic location, which seems like a pretty smart solution.
There are other really clever things going on. The models that determine risk – whether or not an interaction between two people should warn of a likelihood of infection – are algorithmic and use machine learning. By tracking the types of interactions experienced by people who later report a positive diagnosis, it learns which interactions are most likely to be dangerous. It is more likely that other people will be warned to isolate themselves or get tested if they display similar patterns of ‘risky’ interaction.
Another function acts as a safeguard against people ignoring warnings for testing. If it advises someone to get tested, and they don’t register a result (indicating that the person has not been tested or may have stopped using the app), it analyzes that person’s recent contacts to see if there are any is a cluster of symptom reports. If it determines that this is the case, it notifies all “risky” contacts of the non-reporting user as if they had reported a positive result.
The UK is far from the first country to introduce an app to automate the contact tracking process – Singapore had one implemented by March 20, and Australia, India, China, Colombia, Czech Republic, Hungary, Iceland, Israel, New Zealand, Norway and Switzerland are on the list of countries where they are now active.
Many of these countries have opted for a decentralized system. This means there are fewer gaps that can compromise privacy. However, from a healthcare standpoint, the pros and cons of centralized versus decentralized are far from certain. There is simply not enough data to be sure.
An important choice
If we live in those countries where automated contact tracking is available, we all have to make an important decision now. Do we trust the government with the data they ask us to provide? Or – trust or not – is the situation just so critical that our concerns about data sharing and privacy must be brushed aside?
To learn more about technology trends such as analytics, AI etc., see Bernard Marr’s new book Technical trends in practice: the 25 technologies behind the 4Th Industrial Revolution