Privacy and Digital Contact Tracing

                                                                                   By M. Bennett Wright, J.D. 

Privacy policy is a balancing act. Bigger threats warrant bigger privacy sacrifices. The greatest privacy losses spawn from threats with no clear end-dates. For example, when the events of 9/11 initiated the PATRIOT Act, Americans accepted some privacy invasions in order to counter terrorism. By nature, terrorism never fully dies, so the privacy decisions are here to stay. Similarly, privacy invasions made to counter the coronavirus could easily become permanent, because the threat of disease never truly ends. Currently, leaders are investigating digital contact-tracing: phone apps that warn users when their phones have been near infected individuals. While this may be key to countering COVID-19, leaders should carefully weigh such efforts against immediate and long-term privacy impacts. Here, I consider some issues that leaders should balance in evaluating contact-tracing methods, and briefly discuss current efforts by Apple and Google to establish contact-tracing software.

Privacy Values

Fully outlining the value of privacy is beyond my scope, but some in-depth commentary can be found here. Sometimes, governments and companies have misused surveillance information to discriminate and to curtail civil rights. Even without misuse, surveillance limits citizens’ ability to choose what portions of their lives are public. Moreover, any form of personal data collection risks security breaches and exposure to unintended parties. Leaders should weigh these concerns in considering new contact-tracing methods.

Efficacy

Efficacy is essential–if it won’t work, it isn’t worth a decrease in privacy. Low adoption rates, insufficient testing capabilities, high infection rates, or technological challenges could derail contact-tracing efforts. Unless we have confidence in those areas, we shouldn’t implement digital measures that significantly intrude on privacy.

Contact-tracing apps operate by warning users when their phones have been near the phones of infected individuals, so the system only functions if adoption rates are high. If the infected person doesn’t have the app, their contacts aren’t protected. Some estimates say that in order to be useful, around 80% of smartphone users would need to install the app. However, Pew Research indicates that Americans are split on the acceptability of the government tracking their cellphones to deal with COVID-19, so assuaging privacy concerns may be essential to high adoption and efficacy of the app.

To warn app users, we need to know that their contacts are infected, and that requires readily accessible testing. Though testing capabilities continue to improve, they have been inadequate thus far. Until those that need tests can easily receive them, digital measures will be ineffective. If people regularly come in contact with infected individuals, digital contact-tracing apps notify almost everyone to quarantine, and then the system is little better than a general stay-at-home order. For contact-tracing to enable the economy to remain open, infections must be sufficiently low.

Finally, the technology has to work. If these elements are not in place, then leaders should hesitate to implement digital contact-tracing, because it might violate privacy interests without any positive effect.

Consent

Voluntary systems are more ethical, useful, and likely to be downloaded. Because high adoption rates are a key to success, it may be tempting to require all smart-phone users to download a contact-tracing app. But verifying whether individuals have the app requires that information on the app be personally identifiable, which raises significant privacy concerns. Moreover, with citizens already questioning the ethics of contact-tracing, trust will be essential, so greater levels of voluntariness may actually increase adoption.

Limited Government Access

As the Supreme Court has noted, location tracking can reveal intensely personal information about an individual’s life, including “familial, political, professional, religious, and sexual associations.” If you know where someone has been, you can learn almost anything about them. As such, American law recognizes that government access to such information should be limited. Because it can reveal so much about a person’s beliefs and lifestyle, intrusive surveillance has historically enabled governments to curtail religious freedoms, civil rights, and lifestyle choices. Citizens’ justified hesitation to provide such information may reduce adoption rates. Even legitimate uses by law enforcement might dissuade many from downloading the app. Thus, limited (or even zero) direct government access to the data would enhance both privacy and efficacy. Likely the only way to prevent such access is to avoid storing the data in one place, and giving only individual users control over their data.

Minimal Data Collection

Because certain data may be more helpful than anticipated, app developers may want to collect many types of data over long swaths of time. However, developers should avoid this temptation. Not only does greater data collection further invade privacy, but it can be less effective. Minimized data collection simplifies apps, which both streamlines development and makes it easier to secure the data. Getting the app sooner would increase its impact, and data security would increase adoption.

Apple & Google Contact-Tracing UsingBluetooth

Apple and Google have entered into a rare partnership to enable contact-tracing apps to work on both Android and iOS (thereby covering essentially 100% of smartphones). A good summary is here. Decentralizing data collection, this effort reduces some of the major privacy concerns. Rather than amassing everyone’s location information in a government-accessible database, each individual phone maintains a record of which phones it has been near. Users then choose to notify those phones if they receive a positive diagnosis. Moreover, the data is not personally identified, and the identifiers for phones regularly change.Some technical issues remain (Bluetooth was not designed for precise distance measurements), but the Google & Apple partnership seems encouraging and privacy conscious overall.

Digital contact tracing could bean important part of our response to COVID-19. However, before implementing any privacy-invasive policy, leaders should ensure that elements necessary for efficacy are in place. As specific features develop, governments also should consider issues like voluntariness, data minimization and decentralization, and security. The Apple & Google partnership is promising, but leaders should carefully weigh each of these concerns, and more, throughout development. The privacy sacrifices we make in this crisis will likely establish our new normal for years to come.