Why the search for a vaccine can’t go any faster – and shouldn’t. Opportunities and limits in researchers’ race against time and the virus.
Tracing apps: What your mobile really needs to “share”.
Coronavirus tracing apps don’t have to kill privacy to be effective, a tech journalist of our publishing partner Wired explains
Privacy and public health are colliding – again. But decentralised tracing apps that use Bluetooth can stop people’s personal information being abused. Here’s how.
“Tracing apps” track who we encounter in public spaces. This helps officials to reconstruct who may have come into contact with an infected person. Thanks to decentralized data models, this works without hackers being able to capture our movement profile. © GettyImages
Contact-tracing apps are being suggested as one way to reduce the spread of Covid-19, in particular once lockdown rules soften, by letting people know if they’ve recently been near a person who has shown signs of infection.
In the UK, National Health Service (NHSX) is developing its own version of such an app using an algorithm developed by researchers at the University of Oxford. Other countries around the world are also creating their own apps. Now the race is on the make sure they protect user privacy, while still being useful to officials. Naturally, tracking the locations of people and reporting their health status has raised privacy concerns, though some have suggested privacy should give way to public health.
“We’ve seen a lot of people say we should give up on privacy as it’s not really important right now,” says Imperial College’s Yves-Alexandre de Montjoye, who with colleagues published a list of questions developers should consider with such apps. “But from a technical perspective, we have no reason to believe that you need to pause anything. We are convinced that there are tools and techniques to build a contact-tracing app that would be privacy preserving.”
What data is collected?
The EU has laid out a set of recommendations to help protect privacy and encourage transparency with such apps, including minimising data collection, a preference for the least intrusive methods of location tracking, and deleting data once the pandemic has abated.
That raises questions about whether location tracking using GPS or Bluetooth is used, if phone numbers are collected, if data is encrypted, and if identifiers are truly anonymous, but it also includes how information is shared, even to other users. “How do you protect who potentially infected me?” de Montjoye asks. “How do you make sure that you let me know I’m at risk without telling me or me being able to find out who infected me.”
Codes instead of phone numbers
One project trying to answer such questions is Decentralised Privacy-Preserving Proximity Tracing (DP3T), which proposes a decentralised system that uses temporary identification tags. Users are tracked via Bluetooth, broadcasting a temporary random identifying code. If they’re found to be infected with the coronavirus, the locations they visited over the past few days will be reconstructed with those codes, with warnings send to anyone else who was nearby, letting them know to isolate in case of infection.
The system limits the data that’s collected, with no names or other demographic data collected.
It only uploads location details of people who have been infected, preventing tracking of those who aren’t. “As the different entities in the system receive the minimum amount of information tailored to their requirements, none of them can abuse the data for other purposes, nor can they be coerced or subpoenaed to make other data available,” the researchers note in a white paper.
One key aspect is to use temporary identification markers, rather than a phone number, name or even specific Bluetooth data, which sticks to your device. “Any project that does not use random, temporary identifiers is junk,” says Phil Booth, coordinator at MedConfidential.
By building in a decentralised structure, instead of all the data being collected by one party, it’s held in a distributed manner so no single organisation has complete control. Not only does that avoid future abuses of the data, but it forces privacy to the centre of design, as the use of a truly anonymous ID is necessary as anyone can see the data. “It’s a design constraint that actually forces you to be better,” Booth says, adding that well-meaning developers often start with privacy in mind, but it gives way in the face of practical challenges.
Other groups of researchers are also coming up with privacy-protecting designs, notably the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT), which is working on a Europe-wide, opt-in app. The group isn’t wedded to the idea of a decentralised design, but like DP3T argues in favour of an anonymous identifier paired with Bluetooth for proximity tracing. In a rare move, both Apple and Google have announced they will work together to create APIs that work across both Android and iOS.
It only works if there are many people involved
While the technical details and engineering decisions are important, so too is policy. A well-engineered contact-tracing app could still prove problematic if the data isn’t secure, if the design and use of the data isn’t transparent. We’re in a pandemic, so people are confused and scared – they’re not going to want to install and use an app that’s confusing and scary. “There are 5G conspiracy theories flying around and all sorts of things in this environment,” says Booth. “You have to be able to say, and it has to actually be true, that you’re not gathering anyone’s information.” And take-up is key: estimates suggest such apps require as much as 60 per cent of the population to use them before they can make a difference.
About the author:
Nicole Kobie is editor of Wired UK. Her research appears here as part of our publishing partnership with Wired UK, one of the leading tech magazines.
Current topic: Our series on “Life after Corona”
What moves the world, impacts the markets. Discover interesting perspectives that personalities from a wide range of disciplines share with us concerning our post-Corona life. Our investment experts round out the picture with market assessments and macroeconomic analyses.