Top-level summary: With a rising number of cases worldwide of COVID-19 and extensive measures being taken across the world to minimize the spread and mitigate economic harm and continuity to our way of life. Yet, some measures are creeping up on invading the privacy of people and creating real possible harms in how the collected data is used and managed. The paper by Raskar et al. presents some of the contact tracing solutions that are being used in places around the world and their associated risks. They also share information on an open-source solution called Private Kit : Safe Paths that is a privacy preserving way of doing contact tracing. While there are very clear benefits in containing the spread of the epidemic, the privacy and other social harms arising as a consequence of the use of such technology need to be weighed and judged in line with the culture and values of the society in which it is being used. It is also important to ensure the inclusivity of the solutions so developed because often those with minimal access to technology are the most vulnerable to the negative impacts of the epidemic. Ultimately, it is critical to weigh the tradeoffs in deploying contact tracing technology compared to the intended and unintended harms that can arise with its use.
In containing an epidemic the most important steps include quarantine and contact tracing for more effective testing. While before, this process of contact tracing was hard and fraught with errors and omissions, relying on memories of individuals, we now carry around smartphones which allow for ubiquitous tracking ability that is highly accurate. But such ubiquity comes with invasion of privacy and possible limits on freedoms of citizens. Such risks need to be balanced with public interest in mind while using enhanced privacy preserving techniques and any other measures that center citizen welfare in both a collective and individual sense.
For infections that can be asymptomatic in the early days, like the COVID-19, it is essential to have contact tracing, which identifies all people that came in close contact with an infected person and might spread the infection further. This becomes especially important when you have a pandemic at hand, burdening the healthcare system and testing every person is infeasible.An additional benefit of contact tracing is that it mitigates resurgence of the peaks of infection.
R0 determines how quickly a disease will spread and is dependent on three factors (period of infection, contact rate and mode of transmission) out of which the first and third are fixed so we’re only left with control over the contact rate.With an uptake of an application that facilitates contact tracing, the amount of reduction in contact rate is an increasing return because of the number of people that might come in contact with an infected person and thus, we get a greater reduction of R0 in terms of percentage compared to the percentage uptake of the application in the population. Ultimately, reducing R0 to below 1 leads to a slowdown in the spread of the infection thus helping the healthcare system cope up with the sudden stresses that are brought on by pandemic peaks.
One of the techniques that governments or agencies responsible for public health use is broadcasting in which the information of diagnosed carriers is made public via various channels but it carries severe issues like exposing private information of individuals and businesses where they might have been which can trigger stigma, ostracization and unwarranted punitive harm. It also suffers from the problem of people needing to access this source of information of their own volition and then self-identify (and remember correctly) if they’ve been in recent contact with a diagnosed carrier.
Selective broadcasting is a more restricted form of the above where information about diagnosed carriers is shared to a select group of individuals based on location proximity in which case the user’s location privacy would have to be compromised and in another vector of dissemination, messages are sent to all users but filtered on device for their specific location and is not reported back to the broadcaster. But, the other second-order negative effects remain the same as broadcasting. Both though require the download of an application which might decrease the uptake of it by people.
Unicasting is when messages are sent tailored specifically to each user and they require the download of an app which needs to be able to track timestamps and location and has severe consequences in terms of government surveillance and abuse.
Participatory sharing is a method where diagnosed carriers voluntarily share their information and thus have more data control but it still relies on individual action both on the sender and receiver and its efficacy is questionable at best. There is also a risk of abuse by malicious actors to spread misinformation and seed chaos in society via false alarms.
Private Kit: Safe Paths is an open-source solution developed by MIT that allows for contact tracing in a privacy preserving way. It utilizes the encrypted location trail of a diagnosed carrier who chooses to share that with public health agencies and then other users who are also using the solution can pull this data and via their own logged location trail get a result of they’ve been in close contact with a diagnosed carrier. In the later phases of development of this solution, the developers will enable a mix of participatory sharing and unicasting to further prevent possible data access by third parties including governments for surveillance purposes.
Risks of contact tracing include possible public identification of the diagnosed carrier and severe social stigma that arises as a part of that. Online witch hunts to try and identify the individual can often worsen the harassment and include spreading of rumors about their personal lives. The privacy risks for both individuals and businesses have potential for severe harm, especially during times of financial hardship, this might be very troublesome.
Privacy risks also extend to non-users because of proximal information that can be derived from location trails, such as employees that work at particular businesses that were visited by a diagnosed carrier. It can also bring upon the same stigma and ostracization to the family members of these people.
Without meaningful alternatives, especially in health and risk assessment during a pandemic, obtaining truly informed consent is a real challenge that doesn’t yet have any clear solutions.
Along with information, be it through any of the methods identified above, it is very important to provide appropriate context and background to the alerts to prevent misinformation and panic from spreading especially for those with low health, digital and media literacy. On the other hand, some might not take such alerts seriously and increase the risk for public health by not following required measures such as quarantine and social distancing.
Given the nature of such solutions, there is a significant risk of data theft from crackers as is the case for any application that collects sensitive information like health status and location data. The solutions can also be used for fraud and abuse, for example, by blackmailing business owners and demanding ransom, failing to pay which they would falsely post information that they’re diagnosed carriers and have visited their place of business.
Contact tracing technology requires the use of a smartphone with GPS and some vulnerable populations might not always have such devices available like the elderly, homeless and people living in low-income countries who are at high risk of infection and negative health outcomes. Ensuring that technology that works for all will be an important piece to mitigating the spread effectively.
There is an inherent tradeoff between utility from the data provided and the privacy of the data subjects. Compromises may be required for particularly severe outbreaks to manage the spread.
The diagnosed carriers are the most vulnerable stakeholders in the ecosystem of contact tracing technology and they require the most protection. Adopting open-source solutions that are examinable by the wider technology ecosystem can engender public trust. Additionally, having proper consent mechanisms in place and exclusion of the requirement of extensive third party access to the location data can also help allay concerns. Lastly, time limits on the storage and use of the location trails will also help address privacy concerns and increase uptake and use of the application in supporting public health measures.
For geolocation data that might affect businesses, especially in times of economic hardship, information release should be done such that they are informed prior to the release of the information but there is little else in current methods that can both protect privacy and at the same time provide sufficient data utility.
For those without access to smartphones with GPS, providing them with some information on contact tracing can still help their communities. But, one must present information in a manner that accounts for variation in health literacy levels so an appropriate response is elicited from the people. Alertness about potential misinformation and educational awareness are key during times of crises to encourage people to have measured responses following the best practices as advised by health agencies rather than those based on fear mongering by ill informed and/or malicious actors.
Encryption and other cybersecurity best practices for data security and privacy are crucial for the success of the solution. Time limits on holding data for COVID-19 is recommended at 14-37 days, the period of infection, but for an evolving pandemic one might need it for longer for more analysis. Tradeoffs need to be made between privacy concerns and public health utility. Different agencies and regions are taking different approaches with varying levels of efficacy and only time will tell how this change will be best managed. It does present an opportunity though for creating innovative solutions that both allow for public sharing of data and also reduce privacy intrusions.
Original white paper by Raskar et al.: https://arxiv.org/pdf/2003.08567.pdf