Contact tracing: can “Big tech” come to the rescue, and if so, at what cost?

0
COVID-19 has resulted in a unique fusion failure of economy, health and society. Without an effective vaccine, the precise mechanism for resuming “normal” activity remains unknown. The public health consensus appears to align on the need to test, trace and isolate those infected with a gradual repeal of lockdown measures. The contact tracing infrastructure, however, is woefully underdeveloped around the world. In the United States, an estimated 180,000 contact tracers would be needed and only 0.5% of that number currently exists. []. Additionally, the programs in place are designed to track slow-onset infections and are not suited to this pandemic. Theoretically, Big Tech (big technology companies) can provide innovative solutions to address some of the unaddressed challenges of contact tracing. These solutions may seem intuitive; however, they pose a significant risk to digital security and patient privacy. Below are some of the proposed methods for digital contact tracing and the threats they pose.
Overall, four categories of applications (apps) are offered for digital contact tracing (Fig. 1). Technical specifications aside, they vary from one another in the degree of privacy invasion. The most likely competitors are based on using location data from smartphones and Bluetooth interactions to enable contact tracing. A critical decision for developers of contact tracing apps is whether to release the source code (“open-source”) or keep it private (“closed-source”). Closed-source software is considered a higher risk because it cannot be reviewed by third parties for security vulnerabilities. They have unknown privacy implications since the inner workings of apps will only be known to developers. Algorithms can run in the background collecting unauthorized data. Open source applications have the theoretical disadvantage of delayed deployment because the codes are subject to external review.

Fig. 1A framework for the ethical and transparent development and implementation of contact tracing apps in the COVID-19 pandemic. The table is a summary of the proposed contact tracing app development approaches and data platforms currently widely used in COVID-19.

A critical decision for healthcare systems using such apps is whether collected data should be stored in centralized repositories or locally at the device level. Centralized data collection on “trusted” platforms comes with privacy concerns, as governments would potentially have access to citizens’ location data, the “social graph” of all physical contacts and any other data. which the app can access from the phone. The data loss toll of centralized government agencies is also a significant concern. Worryingly, many countries, including China, Russia, the UK, Norway, and Vietnam, are taking a closed-source approach to developing their apps and using centralized frameworks. The Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) is another closed-source initiative supported by at least seven European countries, including France and Italy.

The trade-off between surveillance and intrusion has always been a balancing act, especially in the post-9/11 era, as governments seek broader access to prevent terrorism, while civil liberties groups protest against undue invasion of privacy. Maslow’s hierarchy dictates that health comes first. Still, privacy advocates are understandably concerned about how data is tracked and stored, who has access to it, and what happens to them once the pandemic is over. South Korea’s contact tracing laws, for example, allow the government to check the immigration status of infected people. If such laws exist in the United States, their implications may be twofold. First, undocumented communities may not seek health care. Second, it is not inconceivable that over time the same technologies and laws could be used to track undocumented migrants. Once a precedent is set, governments rarely back down from the powers granted to them in times of crisis. Highlighting these concerns, 200 UK scientists who wrote an open letter to the UK government on April 29 stating “it is vital that when we come out of the current crisis we have not created a tool to collect data on the population, or on targeted sectors of society, for surveillance” [].
Lack of trust in apps has significant implications for their effectiveness. First, it can diminish public enthusiasm for using them. It is intuitive that the use of the app should exceed the prevalence of SARS-CoV-2 infection. It is estimated that around 80% of smartphone users will need to use an app for it to be effective. []. Second, the lack of unanimous consensus on its usefulness can lead to unfounded spread of conspiracy theories and uncertainty. Governments therefore need to be more transparent and provide clear safeguards before individuals voluntarily use these apps. To that end, citing privacy and adoption concerns, Germany was originally part of the PEPP-PT, but recently switched to an open-source approach called DP-3T (Decentralized Privacy-Preserving Proximity Tracing), based on Apple-Google decentralized application programming. interfaces (APIs).
Apple-Google offers a decentralized model where data will be stored at the device level rather than centralized platforms []Given that Google Android and Apple iOS jointly own almost 99% of the world’s smartphone operating systems, it seems likely that their approach will be key to how the majority of contact tracing apps work. Since this API is the main global standard, it should be studied in more detail. Each phone will broadcast an identifier via Bluetooth at regular intervals and all nearby phones will register other identifiers they may choose. Individual phones will regularly change identifiers, making it difficult to track them. Most data is stored on individual phones. Once infected, however, all IDs generated by the individual over the previous two weeks are posted to an app running on that platform. Currently, Apple-Google has no plans to build the app itself. Since no data is stored centrally until an individual is infected, the API offers greater privacy than centralized platforms. Moving away from their usual data privacy indolence, Big Tech companies are pushing for a more privacy-friendly model in this case. Paradoxically, the French government is currently in a row with Apple and Google urging them to weaken the privacy protections in place to help the PEPP-PT. Resolving this dispute will have wide implications as it is likely to set a precedent for other countries. One limitation of the Apple-Google API is the fear that these already ubiquitous tech giants will further consolidate their monopoly on humanity’s digital footprints.
The implementation of these invasive digital technologies in healthcare will likely lead to significant changes in the laws that govern civil rights. Age-old principles of justice and autonomy in patient care must not be abandoned, however, even in this pandemic. To that end, we advocate that at the very least, apps offered by authorities be transparent using open source code with decentralized platforms, as this provides a more acceptable balance between access and privacy. Additionally, like all healthcare interventions, contact tracing apps need to be tested for effectiveness and safety before being widely released. The roadmap for scaling and implementing (Fig. 1) digital contact tracing is complex and will require broad socio-political buy-in. Technology is only one part of this complex puzzle, however, when thoughtfully applied, it can be essential to restoring livelihoods in this pandemic.

Declaration of Competing Interests

Dr. Sinha has nothing to disclose. Mr. Paterson is the CEO and co-founder of Digital Shadows Inc, a company specializing in digital risk protection.

References

  1. 1.

    Simmons-Duffin S. We asked all 50 states about their contact tracing capacity. Here’s what we learned. NPRApr 28, 2020. https://www.npr.org/sections/health-shots/2020/04/28/846736937/we-asked-all-50-states-about-their-contact-tracing-capacity-heres -what-we-learn

  2. 2.

    Albrecht M, Aparicio-Navarro F, Arief B, et al. Joint statement from a UK scientist working in privacy and security. April 29, 2020. (https://drive.google.com/file/d/1uB4LcQHMVP-oLzIIHA9SjKj1uMd3erGu/view)

  3. 3.

    Hinch R, Probert W, Nurtay A, et al. Effective Digital Contact Tracing App Setup: A Report to NHSX. April 16, 2020https://045.medsci.ox.ac.uk/files/files/report-effective-app-configurations.pdf.

  4. 4.

    Contact tracing preserving confidentiality. April 2020. (https://www.apple.com/covid19/contacttracing)

Notify me of new issues and articles
Share.

Comments are closed.