Data privacy leaves room for gray areas. Public health is more black and white.
The question is, whether entities — governments, healthcare organizations, businesses — will exploit that gray area by using tech-enabled contact tracing.
"We all want public health to win at this point in time," said Mozilla Fellow Frederike Kaltheuner, during a live Twitter chat on April 28. Privacy is a "necessary ingredient" for trustworthy technologies, but alone, it's insufficient to make technology responsible.
Contact tracing walks the line between privacy and responsible tech — a line Apple and Google are exploring. Apple and Android devices give the companies unrivaled consumer location data.
To read more about enterprise-facing applications for planning a return to work, click here.
Last month the companies announced a joint effort in releasing APIs "that enable interoperability between Android and iOS devices using apps from public health authorities." Consumers who wish to participate in contact tracing will be able to download the apps from their devices' app stores.
The juxtaposition of Apple and Google — a hyper pro-privacy company, and an advertising and technology company hit with one of GDPR's first fines — highlights curiosities around privacy in the app's development.
The public has reservations about participation. Almost three in five Americans are either "unable or unwilling" to use the contact tracing app, according to a poll by The Washington Post and University of Maryland.
"There needs to be an open debate and legally defined and enforceable language on intent, usage and timeline," Marcus Fowler, a former CIA executive, and current director of Strategic Threat at Darktrace, told CIO Dive. It's "going to be an intrusive activity."
The practice of manual contact tracing is well-established in healthcare, but the addition of technology might lead to some confusion regarding privacy. Countries around the world are considering adoption of a contact tracing system and the best method for citizens: centralized or decentralized.
"I think rather than getting into the philosophical issues that are centralized or decentralized, the whole idea should be to figure out how to get the data and use it for the purpose that is intended," Ameesh Divatia, CEO and co-founder of data privacy firm Baffle, told CIO Dive.
If used ethically and securely, contact tracing could provide data that could assist with two efforts:
Flattening the infection curve of COVID-19
Reopening the country and reigniting the economy
How contact tracing works
Singapore's contact tracing system, BlueTrace, runs through a healthcare authority's central server. Each user is given TempIDs, effective for 15 minutes at a time, according to a breakdown by Mozilla. The cycle of IDs encrypts a user's identity. BlueTrace is the tech underlying of the app, TraceTogether.
Eventually, TempIDs are compiled as other devices — people — come into contact with one another.
If a person is infected with the virus, their collection of TempIDs pulled from interactions with other devices is sent to the healthcare authority. From there, the TempIDs are decrypted and individuals are contacted about potential virus exposure.
BlueTrace doesn't expose an individual's test result for the world to see, instead it grants access to a person's contacts, if necessary.
That is the overall premise of the BlueTrace protocol: The healthcare authority, or government, remains unaware of a person's contacts until they become infected. Singapore's health ministry has maintained that some specific user details are left out of the app.
A decentralized approach, proposed by Apple and Google's, doesn't allow for a third party to see a user's contacts. Instead, users control tracing, notifying the app, and other TempID-equivalents of possible contact.
But the self-diagnosis feature could run into issues. "Say a user self-declares they have come down with COVID-19 and notify the app to track and notify contacts. Is that based on Googled symptoms? Actual testing results? A doctor's note?" said Fowler.
Apple and Google's Exposure Notification API is open source, leaving room for developers to use their software to modify or extend other compatible applications. On Monday, the companies released additional sample resources — code and interfaces.
"People need to be confident that the software on their phones is behaving as advertised," Marshall Erwin, senior director of Trust & Security at Mozilla, told CIO Dive. The open source nature of Apple and Google's app will allow for independent reviews.
And while the companies addressed their privacy policies, a lot of organizations will have interest in this kind of consumer data.
To centralize or decentralize
Anonymization at every step is non-negotiable, as well as legal requirements or a "sunset clause to purge the data at a specific time," said Fowler. Among Apple and Google's shared privacy vows, the companies said they will shut down the system when the pandemic subsides.
A decentralized system indicates that a user's data remains on their device. However, a decentralized system has limitations because "who owns the data legally is less critical than where the data is retained," said Erwin. And nearly all contact tracing solutions share at least some amount of data with a centralized unit.
No matter how minuscule a data point might be, the data relayed to a central unit could be vulnerable to abuse or hacking. There's also a need for some sort of data aggregation.
"So you've alerted everybody else around you — somebody needs to know that," said Divatia. Healthcare and government organizations need to know where potential hotspots are, or if the virus thrives in specific climates. "It's great that the decentralized approach is going to collect data, but at some point that data will have to be processed."
Data aggregation is another place for technology to step up. Privacy-preserving analytics and solutions can temper the tradeoff between privacy and utility.
Analytics rooted in encryption allow for two sources of data collection to pool together in an encrypted database, "without ever looking at the data in the clear" and compromising privacy, according to Divatia.
Contact tracing is, at its core, a collaborative effort like any other technology, Alon Kaufman, co-founder and CEO of Duality Technologies, told CIO Dive. If someone has data and a vendor has a model they want to use, the two parties have to collaborate.
"You have to deploy your software on my cloud," he told CIO Dive. Contact tracing has to assume that the collaborating parties trust each other, "I'm going to see your model and you're going to see my data."
Contact tracing requires parties to combine their respective location and healthcare data. The exchange of data is where the red flags for data privacy fly, especially when it appears an entity could eventually benefit from seeing user data.
If a country is considering a centralized contact tracing system, like in France or the United Kingdom, encryption services could theoretically calm privacy concerns. Encryption tools allow the necessary data (location and healthcare) to interact "without the Googles of the world ever knowing who's sick," said Kaufman.
Where does the data go?
Up until the European Union's GDPR and the California Consumer Privacy Act, data aggregators set the tone for transparency. GDPR's lukewarm enforcement is still lacking "teeth" and the CCPA's enforcement doesn't go into effect until July 1.
"Everything is on hold at the moment," said Kaltheuner, referring to data privacy law, which is why recovery is more pertinent.
Historically, in times of catastrophe, some civil liberties are restricted until public life is readjusted. Contact tracing could have a place in society long past the virus subsiding.
With the economy flailing, those in favor a contact tracing system don't want to risk extended stay-at-home lockdowns.
"How do we get the economy back working with [coronavirus] around us?" because it's not just about contact tracing, said Kaufman. It's about opening a mall and then understanding, if someone was sick in the mall, what the protocols are to avoid another months-long shutdown.
Contact tracing only works with the assumption that everyone has access to a smartphone, users' consent wasn't coerced and regulatory guidelines are established. Because there is a chance of data abuse, there is a chance contact tracing could snowball into discriminatory practices.
"What if you couldn't go to a restaurant, board a plane, go to work, or enter the country unless you consented to using the app?" said Fowler.
Erwin fears contact tracing apps could expand into a "social graph" governments have access to. A social graph could chart an individual's link to others. "Neither governments nor the private sector have shown themselves up to the task of policing these new uses."