In the scramble to contain and respond to the unprecedented global COVID-19 pandemic, technologists are rapidly brainstorming solutions. Unlike in the 1918 influenza pandemic, people today are more mobile and connected globally. This, in combination with COVID-19’s high infection rate, only exacerbates the speed and spread of the virus. As national and local governments all over the world grasp for solutions, contract tracing has emerged as one of the main strategies to understand and contain the virus before a vaccine is available. Subsequently, technologists from giants like Apple and Google to tech start-ups to university researchers have come forward with a deluge of rapidly-developed contact tracing apps for smartphones as a tech-focused solution in the fight against COVID-19. Countries like China, South Korea, and Taiwan have seen some early success from the mass utilization of contact tracing apps. However, it is unclear whether these apps actually work to contain the virus and these apps open the door to potential privacy and human rights violations from governments actively monitoring their residents through location data.
Historically, contact tracing is an established course of action when it comes to fighting the spread of infection, but manual contact tracing is time-consuming and virtually impossible to scale up to cover the entire population during a global pandemic. As a result, in order to accelerate the response to COVID-19, contact tracing apps collecting mobile phones’ location data in an effort to track the spread of the virus have become the strategy du jour in our current crisis. Yet, despite early anecdotal success, there is still no conclusive data as to whether contact tracing apps are the key to fighting COVID-19.
The success of contact tracing smartphone apps is dependent on widespread voluntary usage, the population’s technical capabilities, and the willingness to report symptoms or confirmed positive test results—a huge weakness in a pandemic response. The voluntary nature of the apps is very likely to produce skewed data and potentially a false sense of security. A recent study by Oxford University epidemiologists found that an estimated 60 percent of the population in a given area would need to use a contact tracing mobile app that notifies users of potential exposure, in addition to broad testing and quarantining vulnerable populations, in order for the app to successfully contain the virus. According to The New York Times, only 25,000 people in North Dakota (approximately three percent of the population) downloaded the state’s app, Care19, which originally was only suitable for iPhones; and in Singapore only 20 percent of the population downloaded the country’s contact tracing app in the past month. Voluntary usage would be further hindered by general reticence to share personal information, especially in the United States, from years of surveillance and privacy scandals by both companies and governments.
Moreover, the contact tracing app solution doesn’t even begin to address the marginalized, poor, and most vulnerable populations who do not have smartphones or access to reliable internet. Many groups designated as “high risk” for contracting the new coronavirus or having severe health consequences—the elderly, individuals with pre-existing conditions and disabilities, or those living in minority or low-income housing—either may not own a smartphone or have the ability to use the application, as few contact tracing apps were developed with accessibility in mind. This creates a data blindspot that could further put their health at risk if not taken into consideration in COVID-19 response measures. Other communities, such as refugees, migrant workers, or people experiencing homelessness, currently live in crowded conditions that would undercut the accuracy of contact tracing where social distancing is not possible. “Mobile tracking solutions create a two-tiered response to the pandemic that threatens to leave the poorest and most vulnerable people behind. Without meaningful input from minorities and other marginalized groups, tech-driven responses may reinforce systemic inequalities facing those hardest hit by the virus,” says Amos Toh, a senior researcher on artificial intelligence and human rights at Human Rights Watch.
Technology notwithstanding, the fact that COVID-19 is highly contagious and many people who have it are asymptomatic makes tracking the virus inherently difficult, especially without universal testing capabilities. According to a report by the American Civil Liberties Union (ACLU), the Bluetooth technology used for location data tracking on smartphones is not accurate enough at judging distance to determine whether individuals are maintaining six feet distance required by social distancing guidelines. As a result, using Bluetooth technology in contact tracing could inadvertently produce false reports of exposure to infected individuals because the physical proximity detected by Bluetooth does not indicate contact, and two people that might be separated by a window or a wall would be reported as exposed. Similarly, GPS signals on average are only accurate to a distance of five meters. The report further states that the data will be much less accurate in rural areas because cell towers are placed miles apart.
In Comparison to Other Countries
Initial curve flattening efforts seemed to be relatively more successful in East Asian countries—China, South Korea, Taiwan, Singapore, and Japan to an extent. (Although now, some of these countries have had to reinstate lockdowns after a second wave of infections due to loosening restrictions.) This is in part due to several cultural factors: an acceptance of wearing face masks prior to this global pandemic, and the more collectivist and civic-minded societies which make people more willing to allow government data collection. Those factors, in addition to an aggressive deployment of contact tracing technology and apps, reinforce the success of containing COVID-19.
In order for contact tracing via technology and smartphones apps to be effective at mitigating the spread of the virus, three factors have to have to work in conjunction that present privacy dilemmas in Western democracies that have more data privacy laws and regulations: the adoption of the needed technologies (strongly encouraged or mandatory); a digital infrastructure maintained by the government; and continuous data sharing between government and business that may afford few privacy protections. In Asian countries, using contact tracing apps has leaned towards the mandatory side rather than voluntary. In Hong Kong, where there has been convincing containment, authorities implemented a mandatory 14-day quarantine upon entry for all overseas arrivals. To enforce this measure, the government required each new arrival to download the StayHomeSafe app and provided them with a wristband that employs geofencing technology to catch violators, and warned quarantine violators that they could face up to six months in prison and a $3,200 fine. In India, Prime Minister Narendra Modi encouraged the country’s 1.3 billion people to download the app Aarogya Setu, resulting in the app to be the fastest to reach 50 million downloads within two weeks. However, if an Indian citizen does not download the app, they could face consequences like losing their job, going to jail, or paying a fine.
Two Asian countries that were hit particularly hard from previous viruses—South Korea with the MERS outbreak in 2015, and Taiwan with the 2003 SARS outbreak—have taken seemingly aggressive and successful contact tracing efforts. Unsatisfied with the South Korean government’s contact tracing efforts, private developers created apps to complement the government. Corona100m, which has now been downloaded over one million times, aggregates contact tracing data from the government that alerts users of any diagnosed individual within a 100-meter radius in addition to the infected individual’s diagnosis date, nationality, gender, age, and information on their prior locations. In the aftermath of the SARS outbreak, Taiwan developed a disaster-management system that allowed it to react rapidly to COVID-19—within a day, public health authorities combined COVID-19 patients’ previous 14-day travel history with their identification information to facilitate continuous mobile tracking. Taiwan additionally utilizes mobile phone tracking to enforce quarantines by calling individuals twice a day to establish they do not bypass tracking by leaving their phones at home.
In China, tech giants Alibaba and Tencent are long recognized as having more knowledge of the Chinese population than the government from their ability to accumulate massive amounts of user data in real time—opening the door for the government-private sector surveillance data sharing necessary for data-driven technical solutions to succeed in response to COVID-19, where it might not succeed in other countries.
At scale, digital surveillance technology can instantly aggregate information from security cameras, biometric scans, license-plate readers, GPS devices, drones, cell-phone towers, commercial transactions, and Internet searches. During a public health crisis, these technologies can be utilized by governments and businesses—not to mention, bad actors—to expedite spying on citizens movements and actions. For example, South Korea tracked infected citizens through their car GPS systems, their phones, credit-card transactions, and public surveillance cameras in coordination with a strong testing program to achieve effectively lower rates of infection and mortality. Israel employed its secret police, Shin Bet, and repurposed their terrorist-tracking procedures to focus on COVID-19 containment. And China monitored infected individuals’ movements by programming government-installed cameras to point at their doorways. However, all of these privacy-invading measures will have a harder time being implemented in Western democracies where there are more privacy-protecting regulations and general mistrust of governments’ use of personal data.
In light of this, experts have grown concerned that if this increased government tracking is accepted during the global pandemic, it could potentially crack the door open to become a more permanent facet of American life. There is a precedent for increased government surveillance from one event extending beyond its original purpose and becoming the “new normal.” In the aftermath of 9/11, the U.S. government vastly expanded its surveillance powers laws, some of which still exist twenty years later. Furthermore, this technology has the potential to target marginalized groups by identifying poorer areas whose residents show increased movements because they have to go to essential jobs; and therefore, might lead to discrimination against individuals who live in certain neighborhoods. Such pervasive surveillance of citizen mobility could potentially be abused as a new way to regulate people’s movements or further stigmatize and isolate people after the global health crisis has ended.
Sensitive public health data, which now includes location data during this pandemic, is collected through a variety of digital devices and smartphones apps including surveillance cameras, cell phone towers, Bluetooth connections, and smart thermometers. With this in mind, many public health experts in the United States are grappling with questions on how to protect individual privacy within that data. Those considerations include: how much access to individual location date should be allowed, how can it be secured, how data can be aggregated in a way that respects individual privacy, what computational, organizational, and legal safeguards are needed to manage risks of sharing data, and how to minimize the risk that the data will be misused. Across the world, data protection and privacy laws vary greatly depending on the country, the type of data, use cases, and the parties involved in the process.
In Europe, the law has the strongest legal protections that also apply to processing personal data utilized in the response to COVID-19. The European Data Protection Board recently delineated how app developers can utilize surveillance tracking tools like geolocation in a way that also protects privacy. With mobile phone data, the rules require that such data is anonymized or shared only with the consent of the individual user, unless member state countries create emergency legislation. Those emergency regulations are required to have competent safeguards and accountability processes. However, in the U.S., privacy and data protection laws are much weaker and less uniform, resulting in privacy gaps and loopholes from miscellaneous laws. Service providers in the U.S. largely manage the privacy policies, and therefore, the use of consumer data in the country. Experts contend that when coming up with an expanded COVID-19 surveillance system for the country, independent oversight as well as limits on data collection and use is necessary.
Dos and Don’ts of Contact Tracing Apps and Data Collection
Experts from both the UN OCHA Humanitarian Data Exchange and Access Now, a global digital rights organization, have published guidelines (to read more, click links) for the ethical and responsible use of location data and developing contact tracing apps to track the spread of COVID-19. Some of their main points include: utilizing anonymization in data when appropriate; complying with informed consent agreements where consent is needed; assurance on how data is used, stored, protected, and shared; having an explicit ethical framework to determine data collection and use; implementing a sunset clause policy and voluntary use for apps; and developing an informative user experience to ensure accessibility, data protection, and security by design. As states across the country are developing ways to operationalize contact tracing, they should carefully think about the pitfalls of tech-based solutions outlined in this article and work to create an accessible and inclusive system of contact tracing in the fight against COVID-19.