How to Track COVID-19 Without Mass Surveillance

Apple and Google's Bluetooth-based app would reportedly be voluntary and anonymous. Privacy advocates say we should accept nothing less.


HD Download

With lockdowns still in effect across the country, Americans are growing angry and restless. They want to resume their lives.

There's a system that could make that possible without increasing the spread of COVID-19. It's called "contact tracing," and it involves tracking down every in-person interaction that infected individuals have had in the preceding days, and then testing, isolating, and repeating the process. Several countries have phone applications that use Bluetooth or GPS to generate a record of whom individuals have come into contact with. In Singapore, downloading contract-tracing apps is voluntary; China and Israel use GPS to enforce mandatory quarantines and isolation.

In the U.S., Apple and Google have partnered to create a contact-tracking app for iPhones and Android devices.

But these technologies are raising serious privacy concerns.

"It's important that these systems are lawful and voluntary," says Alan Butler, a lawyer with the Electronic Privacy Information Center (EPIC), which has been urging Congress to build privacy protections into any contact tracing system deployed in the United States. "It's important that these systems minimize to the greatest extent possible the collection of personal information." 

As in other countries, Butler says, these apps would be used in conjunction with manual data collection done via interviews with public health officials. And he cautions against systems deploying any apps that use GPS to track phones, like those being used in China and Israel. This, he says, "really changes the fundamental dynamic of…the relationship between the government and the citizen."

Butler says that a better approach is to use a phone's Bluetooth signal to enable virtual "handshakes" that exchange only randomized numerical identifiers, as opposed to more revealing personal information.

Attorney Peter van Valkenburgh is the director of research at Coin Center, a nonprofit advocacy group for cryptocurrency and decentralized computing technologies.

He praises aspects of Singapore's Bluetooth-based TraceTogether app, which alerts users when they've been in proximity to someone who recently tested positive for COVID-19 without revealing that person's identity.

But he objects to Singapore's decision to store phone numbers in a central database.

"We're not talking about a system that's truly privacy-preserving, because there's still this very valuable list of phone numbers that have been near other phone numbers," says Valkenburgh. "You could mine that data, and if you were sort of malicious and dedicated, you could come up with just about as accurate a portrait of a person's movement throughout their day" as you would with GPS.

Van Valkenburgh says that cryptocurrency developers, with their expertise in building privacy-preserving systems, could solve that problem. He cites a recent paper from the ZCash Foundation, where van Valkenburgh is a board member, that describes an anonymous and decentralized system for tracking COVID-19 test results. A record of Bluetooth handshakes would never leave a user's phone until that user reported a positive result.

"The data is not shared at all unless and in the event that you are sick," says van Valkenburgh. "And so that's how we keep it private and local."

He says another application of this technology could be in issuing "proof of immunity" certificates for individuals who have developed antibodies that protect them from COVID-19.

In this scenario, health officials would grant digital "tokens" of immunity to qualified individuals, who would then be allowed to engage in otherwise restricted activities such as going to restaurants, driving taxis, and walking around without a mask.

"The normal way of doing digital identity is to just have a big list of information about people," says van Valkenburgh, who uses Facebook's feed as an example. "The decentralized ledger would not include any personal identifiable information. It would just be these pseudonyms."

But truly private and decentralized systems are harder to build, and it's not clear that what van Valkenburgh envisions could be ready in the near term. Perhaps the system being developed by Apple and Google will have to be good enough.

The companies didn't respond to our interview requests. But according to the initial proposal, the system relies on Bluetooth handshakes, not GPS, to preserve location privacy. The phone identifiers recycle daily and never leave the device, unless the user reports a positive case. And the whole system is completely voluntary, with "users decid[ing] whether to contribute to contact tracing."

Apple and Google's software would maintain a central record with identifying information from the phones of those who test positive, but it would stop there, keeping those who were merely exposed anonymous.

Yet even allowing devices to identify each other through Bluetooth is a step toward weaker security that the companies wouldn't consider in the past.

"When we give up a little bit of privacy in favor of security or to address a crisis, we rarely gain that privacy back," says van Valkenburgh. "Maybe if it turns out that we can't build a solution that minimizes those privacy risks, we just shouldn't have this. We should just say, look, there are other ways to fight a pandemic."

The Apple-Google project is set for release in mid-May.

Produced by Zach Weissmueller. Graphics by Isaac Reese. Opening and closing graphic by Lex Villena. 

Music by Kai Engel licensed under a Creative Commons NonCommercial License

Photo credits: "Closed Barbershop," Marcelo Wheelock/EFE/Newscom; "Google and Apple Collaborate," Andre. M. Chang/ZUMA Press/Newscom; "Immunity Passport QR Code," Wan Quanchao/Xinua News Agency/Newscom

NEXT: Justin Amash: People Want a President 'Who Is Normal, Honest, Practical, Capable.'

HD Download

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Bullshit.
    This has no place in a free Republic.

    1. Behold Reason serving their corporate masters.

      “Trust Apple”

      “Trust Google”

      Yeah, sure.

      1. They would never do anything wrong like remove random 1993 videos or take down interviews of doctors.

        1. Sarah Jackson, Start earning today from $600 to $754 easily by working online from home. Last month i have generate and received $19663 from this job by giving this only maximum 2 hours a day of my life. Easiest job in the world and earning from this job are just awesome. Everybody can now get this job and start earning cash online right now by just follow instructions click on this link and vist tabs( Home, Media, Tech ) for more details thanks….. See More Details

          1. JOIN PART TIME JOBS
            Google pays for every Person every hour online working from home job. I have received $23K in this month easily and I earns every weeks $5K to 8$K on the internet. Ans Every Person join this working easily by just just open this website and follow instructions
            COPY This Website OPEN HERE….. Visit Here

      2. Change Your Life Right Now! Work From Comfort Of Your Home And Receive Your First Paycheck Within A Week. No Experience Needed, No Boss Over Your Shoulder… Say Goodbye To Your Old Job! Limited Number Of Spots Open…
        Find out how HERE……More detail here

  2. Pointless. Don’t let this camels nose in the tent.

    1. 5 years from now we’ll see stories saying “although originally used to trace coronavirus infections, ‘contact tracing’ is increasingly being used by law enforcement officials for the children.”

      1. If it saves just one life…

        1. You hate children and veterans if you don’t use the app.

          1. A month back. I was like a Beggar asking everyone for money and shelter, But a really nice man introduced me to the best on-line work . This work needs no special skills . Everyone starts without investment. Now I am able to earn $996/day and $12k/month easy and non-stoppable money . It helps lots financially .Everybody must try this Visit for Details.

            ════════════► Home Profit System

  3. No thank you, I’ll pass.

    Big Tech and Big Brothers have been caught with their hands in the cookie jar too many times to trust. Sorry, but that is what happens when you lie to your consumers/citizens.

    1. Amen! There is no point in tracing contacts if you can’t inform people who were in contact with an infected person. If it were truly anonymous, it would be useless. Ergo it isn’t anonymous.

      1. If it were truly anonymous, it would be useless. Ergo it isn’t anonymous.

        Yeah, I can’t think of a way to do this, even using Bluetooth handshakes, that wouldn’t require someone, somewhere to have a list associating individual phones with specific Bluetooth IDs. I’m kind of curious if maybe there’s some way to enhance privacy using blockchain technology? Although I still don’t see any way around the problem of someone, somewhere being able to associate a specific phone with a specific identifier.

        Although admittedly my knowledge base in this area is pretty sparse. I’m more familiar with things that fly in the air and go into space and things that go boom (on purpose… and occasionally not on purpose).


      2. I can easily see an anonymous way of doing this.

        Your phone and my phone shake hands. My phone gives you the time, signed by my phone’s private key, along with its public key. These two IDs together create an “Interaction Event ID”. They don’t identify anyone. They don’t say anything other than the two phones saw each other within blutooth range. Your individual phone knows when and where this happened.

        Now I come down with WuFlu and click a button on my app. My phone goes to its local data storage and then publishes to some central server a list of all “Encounter Events” in the past N days. Your phone checks into the server at some point, and recognizes the Event ID. It confirms that the ID is signed correctly, and then notifies you that you were possibly exposed, so you can go get tested.

        At no point here did the phones have to trade identifying info, or store GPS info (though they could). In fact, if local businesses just run a similar application, then they would know if someone testing positive came to their location.

    2. It’s important to remember we aren’t Google’s consumers.

      We are their product.

  4. *IF*?
    Ha, and ha. Notice how the ‘strongly suggested’ use of masks has now become ‘you can’t buy anything without a mask’.
    The phone stays off and in one place until I have use for it.

    1. Be proud to wear your government mandated muzzle in public citizen.

    2. Now here’s a funny thing. Today I went out to a store, and of course our dipshit mayor and county insist on mask wearing. I have a bandana, not that it makes a difference but I like playing the western bandit. Anyway I go in and the guy at the counter has no mask. So we had a good laugh about it. It’s a joke, and another way for officials to be the douchebags they were meant to be.

      Fortunately it’s not really like the cops here care much, at least not like NYC where they beat the shit out of people for being 5.9 feet apart.

  5. At least if it’s voluntary but I won’t be using it.

    1. Voluntary and mandatory!

    2. Social distancing was voluntary just 2 months ago.

      1. All the way through the peak, it looks like.

    3. Aren’t income taxes “voluntary”?

  6. If Google says it’s anonymous…it’s not.

    1. ^This^

      Same goes for Apple.

  7. The system Apple and Google claim to be working on is almost exactly what he is describing as his better alternative.

    It will use Bluetooth, every phone generates a random ID number every hour or so. It keeps a list of every ID it has had on the device. It also keeps a list of every other ID from every other phone it has been in Bluetooth proximity with (30 ft) and a timestamp of when it was near that device. If someone tests positive, they push a button on the app, that will upload every random ID their phone has had in the last couple weeks, as well as those that it has been in proximity of.

    All other phones will check in periodically to see if one of their IDs has been flagged as having been exposed.

    No central database of who is interacting with whom, nor even where.

    Of course, the part where I see it failing is that I am guessing by the time this app releases, 3-5% of the population will be infected, so pretty much everyone is going to get flagged for having been near someone exposed, even if it was just that they were in a neighboring car at a stoplight. There will be so many positives that there won’t be testing capacity, so they would either need to quarantine everyone again, or just ignore the data.

  8. ”Privacy advocates say we should accept nothing less.”

    How about we accept nothing.

    1. That’s what a real privacy advocate would say.

  9. Bring out your dead!

  10. Sarah Y. James paycheck was for 1500 dollars… All i did was simple online work from comfort at home for 3-4 hours/day that I got from this agency I discovered over the internet and they paid me for it 95 bucks every hour… Read More

  11. Excellent, high-quality and professional developers from Ukraine are presented in the company I think it’s one of the best companies to order a project on Python, because the demand market for Python is much higher than the supply market, so you always have to be in time to order. They find professional performers from Ukraine, which is known for its school of programmers.

Please to post comments