We Can Track COVID-19's Spread Without Violating Privacy

The coronavirus is no excuse to intrude on people's lives unnecessarily. Tech provides decentralized systems for contact tracing.


As the weeks of quarantine and social distancing drag on, many justifiably wonder when life can start getting back to normal. It's not just cabin fever: Shutdowns mean real economic pain for millions of Americans, to say nothing of the mental and sometimes physical tolls of isolation. Getting Americans back to work is a public health concern, too.

We simply can't expect people to stay cooped up for a year or longer, as some have suggested. And there are reasons for cautious optimism anyway: Although the data are hazy and ever-changing, decreasing rates of infection and death in parts of Asia, Europe, and the United States suggest that non-pharmaceutical interventions like better hygiene and social distancing have indeed made COVID-19 more manageable.

But we can't just blindly open the gates and infect vulnerable populations that overwhelm the health care supply, either. Not only could that scenario increase the threats to health care workers and first responders, it could compel people to stay home more often anyway for fear of the virus, which would create the same economic problem that the re-opening was trying to fix.

The challenge is how to intelligently get closer to normal without letting COVID-19 transmissions get out of control. The specific pathway to open the United States back up is still unclear, but we'll probably need at least three things to do so: near-universal mask-wearing, targeted mass testing, and a virus-tracing surveillance system.

The first two conditions should find few dissenters. We should make sure that our essential workers have enough personal protective equipment, but in the meantime, pandemic civilians can dramatically cut down on the viral spread by simply wearing a good homemade mask. Strategically testing to determine where the virus has spread is similarly a no-brainer, since it allows us to separate virus-free "green zones" that can be loosened up from beleaguered "red zones" that need to continue control measures.

But when you start talking about "surveillance," many may understandably chafe. In our age, the word is synonymous with rights-defying government snooping, and so it immediately smacks of a conspiracy to spy.

Yet surveillance has a more innocuous meaning in the context of public health. The official definition is the "ongoing, systematic collection, analysis, and interpretation of health-related data essential to planning, implementation, and evaluation of public health practice, closely integrated with the timely dissemination of these data to those responsible for prevention and control." Less spying on your Facebook messages to see whether you're up to no good, more looking at seasonal influenza trends to determine which vaccine to recommend this year.

For the COVID-19 pandemic, public health surveillance mostly means contact tracing. When an infectious disease is in a manageable state, outbreaks can be contained by identifying who is sick and "tracing" the other people with whom they have made "contact." Those sick patients can then be surgically quarantined to stop the spread while their contacts are monitored to see whether they too develop symptoms. Meanwhile, those who are healthy or who have immunities can continue on mostly unimpeded.

In the past, contact tracing took a lot of public health officials' shoe leather. To beat back the 2014-2016 Ebola outbreak in Africa, for instance, officials asked patients to physically write out a list of people they remembered seeing recently. Faulty memory and insufficient resources meant that some cases could go undiscovered, and public health surveillance was not as effective as it might have been.

Today, we have technology to help. We can devise applications and wearables to help us see how diseases are spreading by monitoring with whom we come into contact. If one of us falls sick, we can review whom we've been around to hopefully catch new outbreaks before they spiral out of control.

And this is where the typical definition of surveillance can rear its ugly head. Many worry that such technology-enabled contact tracing can indeed become a tool for state control. After all, what government wouldn't want to get its greedy paws on such a God View of society? (Setting aside the question of whether it already has one.)

The governments of South Korea and China have rolled out mandatory apps that capture and share people's full location and identification data. This may have helped to spread to tide of COVID-19, but at a great cost to privacy. In China's case, the data are already being shared with law enforcement. Perhaps it will continue being collected long after the pandemic passes.

But as Peter Van Valkenburgh of Coin Center points out, there is no need to sacrifice either public health or privacy.

Here's an example from Singapore: The country's Government Technology Agency developed an app called TraceTogether that takes note of each user's SARS-CoV-2 (the virus that causes COVID-19) status and which other app users each person comes into contact with using Bluetooth signals. If a person tests positive, they update their status on the app, which triggers a notification to others that someone they recently saw tested positive. This not only helps individuals know when they should be limiting social interactions and monitoring their symptoms, it also gives epidemiologists an easy way to trace contacts and determine how the virus is spreading.

Singapore's system is better and less intrusive because it is voluntary (each user can choose whether to download the app or share with health officials or both), anonymizes the data before sharing, and does not track GPS data (because it relies on Bluetooth, it merely senses other nearby phones). You will know that you came into contact with someone with COVID-19, but you won't necessarily know who or where.

But we can do even better than that. As Van Valkenburgh notes, some TraceTogether data are still stored in a central location and tied to a person's phone number, which is less than ideal. By borrowing some tools from cryptography, we can design a system that not only uses Bluetooth to track possible infections, but we can do in a way that conceals our phone numbers and does not require storage on a central server managed by a government or corporation. The ZCash Foundation has already put forth a proposal to build such a system, and similar projects are in development across the world.

The race to develop privacy-preserving contact tracing technologies stepped up in a big way last week when Apple and Google announced a joint partnership to develop APIs and tracing systems that can assist the applications that government bodies eventually roll out. The companies report that their tracing tech will use anonymized encrypted Bluetooth sensing like Singapore. But we'll want to scrutinize their offerings and any other private- or government-developed applications to ensure that they are as privacy-preserving as possible.

Emergencies are precisely the times when powerful groups seek to expand their control. The promises and perils of new public health surveillance technologies are no exception to that trend.

In the American context, scrutiny is particularly prudent. At the same time that encryption technologies are proving more critical than ever, an effort to kneecap safe computing techniques is snaking its way through the halls of Congress in the form of the EARN IT Act.

Officials may say that their apps and offerings protect privacy. Yet at the same time, many of them defend privacy-killing measures like the EARN IT Act. We cannot just take their word. To ensure that any contact tracing applications are truly privacy-preserving, we must be able to take a look under the hood and verify that they are designed in a way like Van Valkenburgh describes. Anything else is just too risky.

NEXT: Mayor Pete's 'National Service' Plan Was a Nationalist Fantasy

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. “But we can’t just blindly open the gates and infect vulnerable populations that overwhelm the healthcare supply, either.”

    If it saves just one life huh?

    Life is risky. It is why people die. Blindly opening fatwa is called life. Viruses will always mutate, it is why our bodies can form new antibodies. This is the Red Queen theory of evolution. Life isnt fragile. Authoritarians will always push the idea it is in order to get people to trade safety for freedom. Stop pushing this fragility nonsense.

    1. Allowed to use their God given freedoms, supposedly protected by the US Constitution, to choose when and where and with whom to interact, enough of the population would make wise choices.
      “The vulnerable population” will choose to remain distanced. No one will be busting down the doors of the old or medically compromised and infecting them.
      Under the freedoms of our lives, this virus will be like all the other viruses that we took in stride without massive fascist dictates.
      Some people will still get sick, some of those people will die.
      Just like every other disease on the planet.

      1. So much agreement. If fear is your motivator, self isolate. The rest of us will move on. Here immunity will only be achieved by letting life continue on its course.

      2. A side benefit: “protecting the elderly” through isolation will be a good excuse for skipping the weekly visit with grandma in the nursing home.

    2. To expound a bit further. The same agency pushing the IMHE model is the agency overseeing allergy research. In the 80s and 90s they pushed sterile homes and keeping babies away from peanuts and strawberries, amont other things. The only thing this caused was for children to develop a lack of antibodies to these items which in turn made their bodies reactions stronger to peanuts and such later in life leading to their deaths. Prevention made the results worse. We relied on “intelligent design” over evolution. Study after study showed kids in non sterile environments, ie with pets, to have stronger immune systems. Their bodies were allowed to develop defenses. They just started rescinding peanut guidelines in children 5 years ago. 2 decades of making humans more fragile.

      Likewise with this disease the new estimated IFR is between 0.1 to 0.6. And that too is probably overly pessimistic. Recent protests of patient blood samples showed only a 10% covid infection rate but a near 50% antibody rate. Humans antibody systems had already quickly adapted. But we are still refusing to allow the virus to go through normal life, increasing chances for reinfection surges which is calling for year long lockdowns by some.

      Even if 1 million were to die in the US it is a statistical blip on every day American life. Everyone knows the 80/20 rule where 20% of the people do 80% of the work. Everyone who works knows of a few employees who wouldnt be missed if they left. The over reaction of the government has done far more harm than even a loss of 1% of life. And no projections even claimed we would lose 1% of the population.

      It is time to stop thinking life is fragile. It isnt. Do not base policy on the belief of fragility. No, not even if it saves just one life. The search for the Fountain of youth is a fool’s errand. More costly than beneficial.

      1. increasing chances for reinfection surges which is calling for year long lockdowns by some.

        Funny that you mention this. From what I’ve read about the 1918 flu pandemic, those who got the flu in the first wave were more or less immune to the much deadlier second wave. So, if there’s going to be a second wave that’s more deadly (though I see no reason to believe that) as the doomers predict, doesn’t keeping people away from it make things worse?

        1. It is amazing that evolution has prepared us for pandemics far better than centralized government has.

        2. This virus is more closely related to cold viruses, which you can get over and over again, than to flu virus. That also does not bode well for developing a vaccine. Just a couple of things to take into account when strategizing a reopening.

      2. Further perspective. The global death count right now is 120k humans. There are currently 7.8 billion people on the planet. The death rate is 0.0015% of the population.

        We are changing society over this?

        1. If you use realistic numbers for China, it’s a lot more than 120K, and still growing.

      3. I agree about the fallacy of fragility. (Side note: Lukianoff and Haidt expound on this in the Coddling of the American Mind.)

        But the fragility fetish and hyper-caution satisfy two fundamental progressive urges: focusing on the bottom 1% and equality of outcome. Yes, a few people do suffer from unusual and extreme allergies. Apply woke logic and it makes perfect sense to constrain everyone else and try to remake the world to accommodate that unusual sensitivity. If that makes us all poorer and weaker, that’s acceptable–and may even be a bonus.

  2. The specific pathway to open the United States back up is still unclear,

    idk, getting rid of the coercive restrictions and asking people to voluntarily observe smart practices (which they were doing) seems pretty clear to me.

    1. Should companies be allowed to fire a 65 year old employee who objects to working in close contact with other employees or working under some other unsafe condition, then? I guess by libertarian logic they should be.

  3. ” coronavirus is no excuse to intrude on people’s lives unnecessarily.”

    “Tech provides decentralized systems for contact tracing”

    1. Shhhhh. They are still doing their online database classes.

  4. We Can Track COVID-19’s Spread Without Violating Privacy

    But where’s the fun in that?

  5. To ensure that any contact tracing applications are truly privacy-preserving, we must be able to take a look under the hood and verify that they are designed in a way like Van Valkenburgh describes. Anything else is just too risky.

    The sort of scrambled transparency that can be done via blockchain is just the first step. He who grabs you by the money also grabs you by the short hairs. Gotta replace the dollar itself as a unit of account and medium of exchange. The blockchain-based currency that also ensures that apps privacy/transparency is what ensures that app can remain viable. Unfortunately, those who understand blockchain are enamored of their personal centralized control currency models of bitcoin or the ICO-based ones like ethereum

  6. No thanks.

  7. >>Tech provides decentralized systems for contact tracing.

    bridges for sale! get yer bridges right here!

    1. If you are that tech skeptical, don’t ever buy bitcoin.

Please to post comments

Comments are closed.