We Can Track COVID-19's Spread Without Violating Privacy

As the weeks of quarantine and social distancing drag on, many justifiably wonder when life can start getting back to normal. It's not just cabin fever: Shutdowns mean real economic pain for millions of Americans, to say nothing of the mental and sometimes physical tolls of isolation. Getting Americans back to work is a public health concern, too.

We simply can't expect people to stay cooped up for a year or longer, as some have suggested. And there are reasons for cautious optimism anyway: Although the data are hazy and ever-changing, decreasing rates of infection and death in parts of Asia, Europe, and the United States suggest that non-pharmaceutical interventions like better hygiene and social distancing have indeed made COVID-19 more manageable.

But we can't just blindly open the gates and infect vulnerable populations that overwhelm the health care supply, either. Not only could that scenario increase the threats to health care workers and first responders, it could compel people to stay home more often anyway for fear of the virus, which would create the same economic problem that the re-opening was trying to fix.

The challenge is how to intelligently get closer to normal without letting COVID-19 transmissions get out of control. The specific pathway to open the United States back up is still unclear, but we'll probably need at least three things to do so: near-universal mask-wearing, targeted mass testing, and a virus-tracing surveillance system.

The first two conditions should find few dissenters. We should make sure that our essential workers have enough personal protective equipment, but in the meantime, pandemic civilians can dramatically cut down on the viral spread by simply wearing a good homemade mask. Strategically testing to determine where the virus has spread is similarly a no-brainer, since it allows us to separate virus-free "green zones" that can be loosened up from beleaguered "red zones" that need to continue control measures.

But when you start talking about "surveillance," many may understandably chafe. In our age, the word is synonymous with rights-defying government snooping, and so it immediately smacks of a conspiracy to spy.

Yet surveillance has a more innocuous meaning in the context of public health. The official definition is the "ongoing, systematic collection, analysis, and interpretation of health-related data essential to planning, implementation, and evaluation of public health practice, closely integrated with the timely dissemination of these data to those responsible for prevention and control." Less spying on your Facebook messages to see whether you're up to no good, more looking at seasonal influenza trends to determine which vaccine to recommend this year.

For the COVID-19 pandemic, public health surveillance mostly means contact tracing. When an infectious disease is in a manageable state, outbreaks can be contained by identifying who is sick and "tracing" the other people with whom they have made "contact." Those sick patients can then be surgically quarantined to stop the spread while their contacts are monitored to see whether they too develop symptoms. Meanwhile, those who are healthy or who have immunities can continue on mostly unimpeded.

In the past, contact tracing took a lot of public health officials' shoe leather. To beat back the 2014-2016 Ebola outbreak in Africa, for instance, officials asked patients to physically write out a list of people they remembered seeing recently. Faulty memory and insufficient resources meant that some cases could go undiscovered, and public health surveillance was not as effective as it might have been.

Today, we have technology to help. We can devise applications and wearables to help us see how diseases are spreading by monitoring with whom we come into contact. If one of us falls sick, we can review whom we've been around to hopefully catch new outbreaks before they spiral out of control.

And this is where the typical definition of surveillance can rear its ugly head. Many worry that such technology-enabled contact tracing can indeed become a tool for state control. After all, what government wouldn't want to get its greedy paws on such a God View of society? (Setting aside the question of whether it already has one.)

The governments of South Korea and China have rolled out mandatory apps that capture and share people's full location and identification data. This may have helped to spread to tide of COVID-19, but at a great cost to privacy. In China's case, the data are already being shared with law enforcement. Perhaps it will continue being collected long after the pandemic passes.

But as Peter Van Valkenburgh of Coin Center points out, there is no need to sacrifice either public health or privacy.

Here's an example from Singapore: The country's Government Technology Agency developed an app called TraceTogether that takes note of each user's SARS-CoV-2 (the virus that causes COVID-19) status and which other app users each person comes into contact with using Bluetooth signals. If a person tests positive, they update their status on the app, which triggers a notification to others that someone they recently saw tested positive. This not only helps individuals know when they should be limiting social interactions and monitoring their symptoms, it also gives epidemiologists an easy way to trace contacts and determine how the virus is spreading.

Singapore's system is better and less intrusive because it is voluntary (each user can choose whether to download the app or share with health officials or both), anonymizes the data before sharing, and does not track GPS data (because it relies on Bluetooth, it merely senses other nearby phones). You will know that you came into contact with someone with COVID-19, but you won't necessarily know who or where.

But we can do even better than that. As Van Valkenburgh notes, some TraceTogether data are still stored in a central location and tied to a person's phone number, which is less than ideal. By borrowing some tools from cryptography, we can design a system that not only uses Bluetooth to track possible infections, but we can do in a way that conceals our phone numbers and does not require storage on a central server managed by a government or corporation. The ZCash Foundation has already put forth a proposal to build such a system, and similar projects are in development across the world.

The race to develop privacy-preserving contact tracing technologies stepped up in a big way last week when Apple and Google announced a joint partnership to develop APIs and tracing systems that can assist the applications that government bodies eventually roll out. The companies report that their tracing tech will use anonymized encrypted Bluetooth sensing like Singapore. But we'll want to scrutinize their offerings and any other private- or government-developed applications to ensure that they are as privacy-preserving as possible.

Emergencies are precisely the times when powerful groups seek to expand their control. The promises and perils of new public health surveillance technologies are no exception to that trend.

In the American context, scrutiny is particularly prudent. At the same time that encryption technologies are proving more critical than ever, an effort to kneecap safe computing techniques is snaking its way through the halls of Congress in the form of the EARN IT Act.

Officials may say that their apps and offerings protect privacy. Yet at the same time, many of them defend privacy-killing measures like the EARN IT Act. We cannot just take their word. To ensure that any contact tracing applications are truly privacy-preserving, we must be able to take a look under the hood and verify that they are designed in a way like Van Valkenburgh describes. Anything else is just too risky.