Big Tech teams up

on contact-tracing technology

As we would expect in light of a global crisis of this magnitude, the novel coronavirus has researchers all over working on all kinds of new technologies and solutions to combat this and future pandemics. One theme that has caught our attention is a series of attempts to leverage personal devices like smartphones to enhance contact tracing. This refers to any attempt to find out whom a person infected with COVID-19 has been in physical contact with so that they may in turn be informed, tested, and possibly asked to self-isolate. Currently in the U.S., this can only be done in a “manual” fashion—by a team of tracers and analysts interviewing patients (New York City has recently engaged SalesForce to take this on). This is an unreliable and time-consuming process. What if we could use the technologies already available on our cell phones, like GPS location tracking, Bluetooth, etc…?

​

The technology is already there and being used for other purposes. We mostly hear about “location data” in connection with the advertising industry, where this is one of the key data points leveraged by marketers and data brokers. Apps on cell phones enable marketers to follow the digital trails of consumers in an anonymized and aggregated way. However, by connecting these bits of location information to the thousands of other personal data points collected as we spend time online, it really becomes a matter of effort and statistical expertise to unmask names, addresses, telephone numbers and much more, all out of supposedly anonymized consumer information.

​

The same has been true for public-health surveillance, but has been so limited and labor-intensive as to not arouse public concern. Not so, however, for the public health surveillance developments that have come to our attention from China, South Korea, Singapore, and even Israel, all of which have deployed digital technologies designed to track the contacts of people who tested positive for COVID-19. Surveillance and such draconian measures did dramatically lower rates of infection, but at the price of every citizen’s privacy.

Continued from the emailed newsletter

​

Nothing comparable has yet been proposed in any detail by the White House or any Federal agency. However, the White House has had discussions with Palantir, a potent data-analytics firm already employed by NSA and ICE to track undocumented immigrants, to design a contact tracing system. The fact that no details on these discussions have been revealed is not reassuring.

In Europe, concerns about privacy protection have led to the creation of a consortium of experts who published an open-source protocol called DP³T – “Decentralized Privacy-Preserving Proximity Tracing.” The intent of DP³T is to define a set of rules by which a Bluetooth-based contact tracing software or app could be developed that reliably protects user privacy—rules such as requiring participants to consciously opt in, not storing personal information, and enforcing a “graceful dismantling” of all collected data after the pandemic is over. A whitepaper is available online for anyone who may want to know more about the technical concepts defined (e.g., decentralized data storage, ephemeral IDs, etc…).

​

Intended specifically to counteract vulnerabilities of location-tracking techniques like those of the advertising sector, DP³T-compliant software will use low-level Bluetooth signals to note and store other Android or iPhone devices one’s own phone has come near. If a user is diagnosed with COVID-19, it is up to them to inform their app, which then retroactively notifies anyone whose phone has been near theirs. Participation must be voluntary, and no identifying data will be exchanged or stored.

​

DP³T has influenced Google and Apple to collaborate on developing a similar protocol for Android and iOS mobile platforms. They are releasing an application-programming interface (API), or a set of tools that would enable U.S. and the world’s healthcare institutions to build a contact tracing app for Android phones and iPhones if they decide to do so.

​

For various reasons, the value of such a system will be limited. Only users with compatible devices will be able to opt in, and it falls on each user to voluntarily report him/herself as infected. Since asymptomatic carriers are a significant portion of the COVID-19-infected population, any such contact tracing app will only work in conjunction with widespread, accessible, and free testing, or else risk missing a very large number of infected people.

​

Microsoft and the University of Washington are another example of tech leaders who have teamed up to develop a contact tracing app called CovidSafe, which promises to alert users if they’ve been in close proximity to someone infected by COVID-19. Here again, the intent is to strike a balance between the competing interests of personal privacy and public health.

Unquestionably, privacy and transparency will be paramount issues and priorities going forward as more apps are developed and considered for widespread use. Notably, the ACLU has echoed many of the same concerns raised by and about DP³T, who are still calling for feedback on vulnerabilities and improvements from experts in the field, and publishing edits to the protocol accordingly.

​

We at the St. James Faith Lab want our readers to be aware of these developments because the risks and tradeoffs are extremely complex. As with so many such new technological and sociopolitical developments, it is very tempting to focus on a single angle and dismiss all other considerations. We, as Christians and responsible citizens, cannot allow ourselves to dismiss such a tangible potential benefit: early warnings of infection would quite literally save lives, potentially thousands of them. Just so, we cannot disregard a very real threat to personal privacy: the possibility that even such a privacy-focused app as CovidSafe or another DP³T-compliant app could be hacked or decoded, and end up putting very personal data into the wrong hands. We must all keep a fluid yet watchful eye on this as the variables evolve, including infection and death rates, economic impact, further developments or exploits, and political context.

Share with us your ideas!
 

The Rev. Canon Cindy Evans Voorhees

Executive Director

St. James Faith Lab

​

​