Negative technological impact by using “beyond the limits” personal data for contact tracing
Contact tracing Vs Privacy
There is an invariable effort to find the most efficient and effective solution for fighting the global health emergency of Covid-19 (Coronavirus). In a Ted Connect talk, Danielle Allen (Harvard professor) stresses the need to carry-out massive, widescale testing. She categorizes this as a “smart testing” process. The process involves contact tracing or contact warning through smartphone tracking.
In our recent article 4 Impactful Categories Spurring Technological Innovations, we discuss how the pandemic is accelerating technological innovations.
However, aren’t some of these technological innovations coming at a cost of personal invasion?
Figure 1: Total Covid-19 tests as on 18th April 2020
Contact tracing is an old-school “Sherlock” process. It is used to contain a highly communicable disease by identifying every sick person and who all they have met. These contacts are potentially at the risk of being exposed to the disease. This is a continuous process until each person who may have been exposed becomes asymptomatic to stop the virus transmission. Therefore, the process involves healthcare experts to manually gain information from the infected people and then build the chain.
The advancements in technology help to end-to-end automate the contact tracing process. Importantly, It allows access to Bluetooth and location services of any individual’s smartphone rather than relying on human memory.
In today’s world, almost every individual holds a smartphone, with 3 billion Android and iOS users (Podcast: The Journal).
“Our analysis suggests that almost half of Coronavirus transmissions occur in the very early phase of infection, before symptoms appear, so we need a fast and effective mobile app for alerting people who have been exposed. Our mathematical modeling suggests that traditional public health contact tracing methods are too slow to keep up with this virus.” – Professor Christophe Fraser from Oxford University Big Data Institute
According to Matt Hancock’s (Secretary of State for Health and Social Care) letter to the NHS, “when using data to fight Covid you do not need to comply with your duty of confidentiality anymore; Covid trumps your duty of confidentiality.”
However, disclosing one’s whereabouts and people connections debunks the underlying concept of privacy, civil rights, liberties, and freedom.
The danger is that measures brought in to protect citizens in exceptional circumstances, when most people accept they are needed, could outlast the current crisis, said Joseph Cannataci, the U.N. special rapporteur on the right to privacy.
Above all, this is the need of the hour. Governments have a profound obligation to prove its citizens that the right measures in place to curb the spread. While the global government officials are asking their citizens to #stayhome #staysafe #selfquarantine, this alone is not enough.
Therefore, the answer to the problem is through contact tracing applications.
To work effectively, as discussed earlier, contact tracing applications use Bluetooth on a smartphone which traces the signal to another smartphone. Hence, it creates a link that maps the number of people an individual has encountered.
In addition to that, the applications track the person’s location, creating a geo-trail of the places an individual has visited. Putting the two aspects together, “who am I meeting and where am I going?” is publicly available information (Figure 2).
Figure 2: An example of location tracking smartphones
In an article by Genevieve Bell in MIT Technology Review states, “contact tracing has this kind of history too. It was deployed at scale during World War II to manage the spread of venereal disease by American soldiers in the United Kingdom—the overlays of nationalism, power dynamics in gender relationships are all highly visible. In the 1980s in Australia, it was used to identify at-risk communities at the start of the AIDs epidemic, and gay men bore the brunt of conservative politics, religious backlash, and stigma. The question is, can we imagine contact tracing, and other forms of data revelation, that don’t feel like a judas hole?”
Another layer to contact tracing is when an individual declares to be tested Covid-19 positive, diagnosis is uploaded with a “selfie” for facial recognition as verified by health authorities.
Thus, “how do I look?” is also publicly available information. In some countries, these selfies are geotagged, which implies that “from where I am clicking the selfie?” is also tracked to ensure the person is in strict quarantine and not in contact with others.
Big tech involvement
Moreover, on 10th April’20, Apple and Google have come together to create a Covid-19 contact tracing solution. Both the technology giants together dominate the operating systems of 99.3% smartphone users globally (Podcast: The Journal). The intention is to create an interoperable application that works on both operating systems. It removes the inconsistencies that exist in the current country-specific applications. The tool will use the Bluetooth technology and geo-location trails to trace people within 30 feet of the radius. It will anonymously exchange codes to sustain the connections. Now, imagine the scale and magnitude of data collected, processed, and managed by the two technology giants.
The inference we can draw is that even though the data collected today to fight the pandemic is of utmost importance, the use cases it can lead to in the future will be an outcome of the data we consented to share previously. Despite the pretext that the data collected is either anonymized and/or aggregated, it still gives insights on an individual’s reactions, affiliations, religious practices, and relationships. In conclusion, whether these use cases have a positive or a negative impact, it invades the fundamental right to privacy.
In an opinion-based article by The New York Times, it mentions a warning by Kelli Vanderlee, manager of intelligence analysis at the cybersecurity company FireEye stating, “Location tracking data of individuals can be used to facilitate reconnaissance, recruitment, social engineering, extortion and in worst-case scenarios, things like kidnapping and assassination.”
Given today’s scenario, the creation of such applications is crucial to identify the carriers and potential carriers of the virus, but the lack of clarity, de-limitation of data usage, and data handling are paramount concerns for the future.
Individuals, today, are ready to share their data with the fear of whether they can be exposed to the virus.
For example, the Hong Kong government rolled out electronic wristband synced to StayHomeStaySafe application, which alerts the authorities if a person is escaping from their compulsory home quarantines. If the same wristband and its associated technology (along with geo-tracking) are monitoring the heart rate and body temperature continuously, then it determines whether the affected needs to be shifted to a medical facility for intensive care.
But this also creates a fear that the private data shared can create a multitude of ways in which it is manipulated for different purposes.
Yuval Noah Harari states in his article the word after Coronavirus (© The Financial Times), “if you can monitor what happens to my body temperature, blood pressure, and heart-rate as I watch the video clip, you can learn what makes me laugh, what makes me cry, and what makes me really, really angry. The same technology that identifies coughs could also identify laughs”.
How do we determine to what extent our personal information is public and what implications it hold?
Future powerful entities
- Governments or regulatory bodies or ministries: Skewing elections, managing population, pre-empting public concerns, firewall digital information, restrict opposition/ criticism, and in some cases instill fascism.
- Technology companies:
- Capitalize the data by selling it to companies for the creation of customized applications, products, services, etc.
- Use the data to predict social sentiments, relationships to create targeted social media applications
- Predict epidemics, pandemics, war, natural disasters, geopolitical strategies, etc.
- Individual developers and hackers:
- Create and sell applications through an application programming interface (APIs)
- Hack personal accounts (emails, social media, bank apps)
Examples of country-specific contact tracing applications
Singapore’s TraceTogether (Figure 3), it uses an individual phone’s Bluetooth and traces other phones with the installed application. This tracking helps to identify the proximity of people, who has been in contact with an infected person by allowing the Ministry of Health to access the data on the application. The application also captures the timestamps to assess the duration of an encounter.
Figure 3: An excerpt of TraceTogether application
Germany’s Healthy Together, is a centralized platform targeted to be downloaded by 50 million Germans and in compliance with the “German-led Pan European Preserving Proximity Tracing” guidelines (Reuters).
Israel’s HaMagen (The Shield), it uses an individual’s Bluetooth and location services to determine whether he/she has come in contact with an infected person (Figure 4). According to Israel’s Ministry of Health, the app retains information about your locations solely on your device and cross-references this information with the Ministry of Health’s updated epidemiological data.
Figure 4: A mobile phone image of HaMagen application
India’s Aarogya Setu, it uses GPS trails along with Bluetooth functionality, which matches devices that have installed the application with its locations to trace individuals and their contacts.
South Korea launched a massive contact tracing and testing regime with the highest people per capita testing than the rest of the world― 300,000 people. South Koreans are combating this pandemic more effectively than other countries through this regime, tracing individuals through geo-location tracking and Bluetooth.
Other economies are evaluating the need for contact tracing to stem the virus, for example, National Health Service (NHS) England and UK’s government is working with the Oxford University for creating such an application. Whereas, the Slovakian government has passed a law to collect geo-location data of their citizens without even asking them.
Well, it is scary. Despite various governments assuring and reassuring its citizens that the data collected is protected and will not be used otherwise, ambiguity and helplessness is a major concern.
The power of data is phenomenal, and it is fair to say that technological advancements are creating impactful solutions the world had never seen. With that, the lives of individuals are exposed whether in the light of fighting the Covid-19 pandemic or in the wake of the 9/11 terror attacks. Hence, we have done it in the past and we are doing it now because the fear is profound.
But tomorrow when lives go back to a new normal (post Coronavirus) then we will fight another war of privacy.
Will it be okay to consent for sharing personal information if a crisis is witnessed in the future?
While privacy experts from across the globe have raised concerns with the aftereffects of data usage, as ethical practitioners of any business, profession, company, and the industry it is paramount to institute the right measures of data privacy and security. Moreover, imbibe the responsibility of awareness among employees, partners, and consumers of measures taken for privacy.