In efforts to contain the spread of COVID-19, governments are imposing stringent restrictions on movement, including social distancing and a national lockdown. They are also finding efficient ways of tracing and tracking contact once an infection has been verified.
The ability to track and trace infections for public health has emerged as one of the single most important interventions. The first such app, TraceTogether, has just gone live in Singapore and tracks users’ whereabouts using locational data.
But track and trace presents an unprecedented challenge to people’s privacy. Apps such as TraceTogether pose a nightmare from a privacy perspective.
It doesn’t have to be that way. Blockchain and modern cryptographic methods allow for the same functionality while protecting users’ privacy. Some innovations on this front also allow users to remain in control of access to their data.
Why track and trace?
Most of what we know about COVID-19 comes from recent research. Some of it is contentious and as new data becomes available perspectives change. Nevertheless, with this caveat, some lessons are emerging.
First, the crisis will be with us for the foreseeable future. It is paramount that, to slow the spread of the virus, we “flatten the curve” now, by practising good hygiene, engaging in social distancing, and strictly obeying the guidance from public health officials if and when a national lockdown is enacted.
Second, it will take months before a vaccine is available. And once it is, it will take more months before it is available at scale. Only with an effective vaccine available will we be able to ease on the stringent containment measures currently in place. Because, as researchers from Imperial College London write in their landmark study on the SARS-CoV-2 virus, which causes COVID-19:
We predict that transmission will quickly rebound if interventions are relaxed.
Third, the virus is likely to mutate and return in a new guise, rendering existing vaccines less effective. Every time a new variant of the virus emerges, we will have to find ways to stop it in its tracks. And yes, the best way to do this is through trace and track apps that allow targeted interventions.
Given these choices, it is quite clear which way governments will go. Even more, it is tempting for citizens to sacrifice their privacy during a national emergency. But there are serious drawbacks of doing so.
First, the data collected is incredibly sensitive. Imagine a world where the government can trace where you were and who you met. Or worse, imagine that Facebook or WhatsApp could do that and then allow the government to send a warning message to all your friends if you test positive for COVID-19.
How long do you think it will take your friends to piece together who got infected? This is known as a re-identification attack in cryptography, a problem without an easy solution. The potential for stigma, in particular in vulnerable communities, is enormous.
Second, and as a consequence, there will be serious challenges to adoption. If such an application were to be built on WhatsApp, for example, people might simply switch from WhatsApp to Threema, or worse, try to fake the data. It would be only days or weeks before any such system was hacked.
We have learned from the Equifax hack, where four members of the Chinese military have now been indicted over hacking the credit bureau Equifax, resulting in the breach of 150 million credit records, that no centralised database is perfectly secure. Collecting the incredibly valuable geolocation information will create a focal point for hackers to attack, a risk that further limits adoption.
Third, privacy is a human right. It is not simply a privilege to enjoy when times are good. It is a fundamental right and any government that violates this right opens itself up to potential court challenges, further delaying roll-out and adoption.
The combination of these reasons means that any system which does not respect privacy defies its purpose. The data collected will be biased, making it more difficult for epidemiologists to model and understand emerging outbreaks.
In addition, the system could lead to false positives where a policy action is taken based on faulty data. Or the system could miss the outbreak of a new strain of the virus because of limits in adoption. In social networks, even weak ties are important for transmission, as the sociologist Mark S. Granovetter pointed out in his 1976 paper The Strength of Weak Ties.
But it doesn’t have to be this way. Two years ago, blockchain was the hot topic on everybody’s mind, from large venture capitalists to the inevitable discussion about Bitcoin at a party. In part because of this hype, we have made tremendous strides towards privacy-preserving distributed systems.
One particularly promising approach in the current crisis is what is called self-sovereign identity. The idea is that every user stores their private data and is in full control of when and under what circumstances it’s shared with third parties. Proponents of this system include banks, activists around the globe and the “father of the internet”, Tim Berners-Lee, who launched a self-sovereign identity startup.
The main difference in a self-sovereign identity system is that users are in control of access to their data. An app that would maintain privacy, while allowing the same functionality as any centralised app, for example based on WhatsApp, would overcome problems prompted by a system open to data abuse. It would therefore be much easier to get adoption, increase the quality of the data, and ensure that one human right isn’t traded off for another.
Countries around the world face the choice of building infrastructure that has serious security issues or infrastructure that ensures the privacy of citizens and solves the challenge at hand more efficiently.
It is clear that tackling the COVID-19 crisis has to involve efficient track and trace. But it is equally clear that this should be done using the best available information and research.