Articles

The Lowdown on How Contact Tracing Affects Your Privacy

Written by Luisa Rollenhagen | June 8, 2020

What is Contact Tracing?

Ever since the coronavirus pandemic has gripped the world, contact tracing—a concept previously discussed mainly in the public health field—has been the term on everyone’s tongue. It’s been alternatively praised as the light at the end of the lockdown tunnel and critiqued as a potentially massive data privacy violation. But what exactly is it?

Contact tracing refers to a disease control measure that aims to trace chains of infections. So let’s say Eleanor starts developing COVID-19 symptoms. An effective contact tracing system would be able to gather who Eleanor had come into close contact with in the period in which she may have been infectious. Public health staff would then contact those potential patients and inform them that they may have been exposed to infection and should quarantine themselves. This way, chains of infections can be stopped in their tracks.

Contact tracing via a mobile app has been receiving the most hype. Since a vaccine is still months, if not years, away, using contact tracing to stay on top of infection rates and prevent “superspreader” situations has been lauded as an effective way to move out of complete lockdowns. With an app, users should theoretically be informed immediately if they were in close contact with an infected person, so that they can immediately go into quarantine themselves and stop any further potential infections. 

How Does it Work?

The basics of contact tracing via an app are pretty simple: Every smartphone that has the app installed on it will regularly emit an encrypted number via Bluetooth. If a device with the same app is within range, it will receive that encrypted number and save it for two weeks. So if Eleanor is using the app and has a confirmed COVID-19 infection, she can authorize the app to notify every other app user she came in contact with in the past two weeks. As you can probably tell, the success of this hinges largely on whether enough people actually use the app to be able to effectively trace contacts.

When it comes to the methodology behind this system, there are two prevailing schools of thought: The centralized model and the decentralized model. Both types use Bluetooth signals to register other users who come close. Under the centralized model, this gathered data—the encrypted device number plus any numbers the device came into contact with—is uploaded to a remote server. If someone reports a COVID-19 infection, the computer server goes into the database to match contacts and send alerts. 

A decentralized model also sends data to a remote server, but the only data being shared is one’s own personal encrypted device number. Under a decentralized model, Eleanor’s phone would then download the database of those who have reported positive COVID-19 results, and compare them to the encrypted numbers she’s been in contact with. If there’s a match, she’ll get a message. If Eleanor is the one who tests positive for COVID-19, she’d give the app her consent to upload her device’s unique ID to a remote server so that it can be downloaded by others. The matching occurs on users’ phones instead of on a remote server.

While governments in countries like the UK and France are pursuing a centralized model of contact tracing, the perhaps most famous decentralized project so far has been launched by Google and Apple in a joint venture. The two tech giants have developed an API that public health agencies can integrate into their own contact tracing apps. They’re also working to develop a contact-tracing system that works for both Android and iOS and allows users to opt-in directly through their devices, no app downloads necessary. The purpose of this would be to ensure a broader adoption of users.

Privacy Concerns

Even a brief overview of contact tracing already brings to light a major issue: Privacy concerns. Especially when it comes to a centralized system, people are wary of allowing themselves to be tracked via their devices and having that information uploaded onto a remote service. The ACLU published a white paper in April warning of the limitations of location tracking, noting that “the potential for invasions of privacy, abuse, and stigmatization is enormous.” The organization emphasized that “any uses of such data should be temporary, restricted to public health agencies and purposes, and should make the greatest possible use of available techniques that allow for privacy and anonymity to be protected, even as the data is used.” 

On the one hand, there is the potential to significantly improve public health and reduce the spread of the virus, helping to flatten the curve and release pressure from overburdened health systems. On the other hand, there is the potential that sensitive information surrounding health could be misused. Furthermore, a remote server in a centralized model would be holding people’s contacts and movements based off of their GPS or Bluetooth signal, which raises legitimate privacy concerns. 

Any discussions of using apps for contact tracing have emphasized the importance of encrypting people’s identifying numbers via an encryption key. A further step also includes changing the identifying number of each device every 15 minutes or so for another randomized number set. This is meant to prevent traceability to an individual device. In the decentralized model, an encryption key unique to each device would randomly generate number sets that can’t be traced back to the individual device without that original key. 

Decentralization also ensures that contact lists never leave the users’ devices; the only thing uploaded in case of infection is the encryption key, which users can then match with on their own devices. This is supposed to make it harder for contact lists to fall into wrong hands or be used to trace movements and networks. For privacy advocates, this model suggests more control over one’s own data. It’s also the selling point that Google and Apple have been leaning on while rolling out their joint project. 

Supporters of a centralized approach, on the other hand, argue that it allows governments to react quicker to outbreaks as well as incorporate new information better. For example, let’s say that researchers discover that the virus can spread over a distance greater than two meters. Then the algorithm could be quickly altered to take that into account when registering new contacts. However, the inherent invasive approach of tracking methods is enough to make anyone wary, and can partially explain why adoption has been so slow in many parts of the world. 

Lack of Unified Consensus and Low Usage

One of the problems with the centralized versus decentralized argument is that different governments are embracing different models, which makes it very difficult to track the virus once it moves across a border—after all, viruses don’t care about having the right passport. Countries who want to stick with a centralized system will encounter incompatibilities with apps that use a decentralized system. And since Google and Apple have refused to consider expanding their venture to include centralized models, only those embracing a decentralized process will be able to use the new technology.

Different countries simply have different approaches to data privacy. Germany, for example, has decided to embrace a decentralized approach, along with Switzerland and Ireland. France, China, and Israel, meanwhile, are holding steadfast to a centralized approach. In countries like South Korea, an even more extreme version of contact-tracing has yielded positive results, but also severe privacy violations that include releasing patients’ credit card history. In the U.S., where data privacy laws are a bit laxer, there’s been an ongoing debate about tightening data protection laws before coronavirus hit the scene. 

But even now, 57% of Americans say they’d be uncomfortable sharing their location data with the government. And despite Google and Apple’s attempts to assuage privacy concerns, a recent poll found that nearly 3 in 5 Americans aren’t interested in using their new system. In Australia, only 16% have downloaded the government’s contact-tracing app. And even in Iceland, where a record 38% of the population have downloaded the government’s app, the results have been lackluster. A senior law enforcement official in the country said that “the technology has proven useful in a few cases, but it wasn’t a game changer for us.” Instead, old-fashioned manual tracing techniques like phone calls saw better results.

People’s hesitation to embrace such inherently invasive technology is only exacerbated when coupled with the reported technological glitches that have plagued Bluetooth users. Bluetooth devices might connect even if they’re more than 2 meters apart, causing false matches that can deteriorate trust in the system. So while Google and Apple and other tech giants continue to work to develop effective and safe contact-tracing technology—sometimes with the help of governments, sometimes without—, it seems that many systems are reverting back to a tried and true method: Calling people on the phone.