There has been talk and complaint about the personal privacy implications of ‘contact tracing’ as governments around the world respond to the pandemic outbreak of COVID-19.
So, what is contact tracing, and why would it violate your personal privacy?
At its most basic, contact tracing is the effort to identify anyone who may have been exposed to the virus by identifying everyone that may have had contact with someone contagious.
Sometimes the notion of contact tracing is discrete and obvious; i.e. everyone who was on a flight in an aircraft with a contagious person was potentially exposed. We could use the flight manifest to notify all of the passengers and crew, and those people should be tested to see if they have become infected, and to identify if they could be infecting other people.
In most cases, though, it is not so straightforward. There is no list of the people who shared an elevator with you, or rode on a bus, went to a restaurant or other such thing where there is potential for communicating the disease.
So how can we test and trace?
One method is to ask a person who has tested positive to remember every place they went and every person they had contact with. This is the part of the process where the newly formed armies of contact tracers come in. People who test positive should be interviewed so that we can figure out how and where they contracted the illness and identify whom they may have passed it onto.
Technology is playing a lead role in some of these efforts, but the way it is being used varies from country to country.
There are a couple of different ways that technology could assist in contact tracing. One way would be to build an app that sends location data back to a central server. In other words, a technology where the government could track the location of everyone, and keep a history of where they have been, and when they were there. That way, when someone tests positive, the government could go through its database and see where everybody was, and who was exposed, etc.
To a lot of people, that does not sound very appealing. Clearly a situation that would give fits anyone who values privacy, liberty and freedom.
Luckily, there are alternatives
How about a system that keeps all of your location data on your device? When infections are detected, some information could be sent out to everyone about where and when you could have been in contact, and your own devices figure out if you were there. This decentralized approach, obviously, provides much better privacy to the individual, and eliminates the possibility that a centralized database of every person’s whereabouts could be abused.
The issue of personal privacy because of centralized collection is real. Norway shut down their app, which was collecting near real-time location data about people and sending it to a central server. Germany had to halt development and start a new program when it was disclosed that the design would be to collect data centrally. Other countries are also facing backlash, and Amnesty International has published their findings, calling out countries with invasive apps.
But, there is another problem, besides privacy, that these tracing apps are going to face; adoption. So far there are only a few cases of governments requiring a tracing application to be installed.
Could you imagine? What kind of outrage would there be if your government told you that you HAD to install an application that allowed them to track all of your movement?
But without a requirement to run an app, it is a request to run an app. To give an example of how privacy concerns may be impacting the tracing effort, in France they have built an app that centralizes location data in a government. So far it has only achieved a 2% adoption rate. Far too low for it to make any difference in the fight to stop the spread of the virus.
So, centralized is bad for privacy, and unpopular with people who don’t want governments watching them around the clock. And, decentralized allows people to have control over their data, and is a model that does not lend itself to abuse.
It is a great example of how two models can differ so significantly. What is amazing, though, is that when it comes to governments watching, people are outraged, but people not only volunteer, but pay to allow private industry to spy on them. How else can you account for 100,000,000 Alexa devices that have an open microphone back to Amazon, along with millions of doorbells stream everything that is said and done on your front porch to companies with questionable histories on the question of privacy.
