We know time is of the essence in how we are fighting this virus. Technology has been widely applied around the world to bring immediate solutions and attempt to flatten the COVID-19 curve. Australia has just released it’s version of the contact tracing app, after a fast-tracking review process of an app called TraceTogether, the Singaporean COVID-19 Contact Tracing Mobile app.
The Australian Government has said that although the app is derived from TraceTogether, its codebase is unique. Some of the most crucial questions are yet being explored by different bodies in Australia such as how data will be stored and other legal issues surrounding privacy. Scott Morrison, Prime Minister of Australia announced:
Digital methods can be also used to assist in identifying contacts and to be able to shut those (tracing) issues down as was practiced in Singapore. And so these delivery methods are also being looked at by the Commonwealth, and we’re making a lot of progress there.
We know it is necessary for at least 40% of the population to download the app for it to be effective. The question we are all faced with, is should we?
To facilitate this decision, we have attempted a pragmatic view of assessing the pros and cons of the technology.
How it works
The app essentially relies on Bluetooth in order to facilitate the exchange of information between users. By installing the app, you will be releasing your phone number to the server, the authorities in this case. It then generates a specific ID. These IDs will be exchanged and flagging proximity of users, usually if they are closer than 2 meters for longer than fifteen minutes. When someone is diagnosed with COVID-19, authorities will be able to know everyone that has been in contact with the infected person. Usually, the infected person will be asked to consent to provide access to the data prior to this analysis.
It is understood that TraceTogether does not collect data on the users’ GPS location, wifi or mobile network.
It is said that the technology still needs improvement. Most contact tracing apps rely on Bluetooth due to its low power signal, however, as most would argue Bluetooth is still a risky tool, it’s signals can be complicated, leaving room for error.
The Main Concerns
Privacy experts have raised as one of its main concerns the fact that these IDs can easily be linked back to its users through their mobile numbers by the centralised authority.
When considering the TraceTogether app, another concerning characteristic is that although the data on the phones is deleted after 21 days, there is no clarity that the data logs decrypted at the authority server would also be deleted.
Additionally, and more seriously, the question that remains is how this technology and the data generated by it will be used later, when the pandemic is over. Yuval Noah Harari has recently considered this question:
In recent years both governments and corporations have been using ever more sophisticated technologies to track, monitor and manipulate people. Yet if we are not careful, the epidemic might nevertheless mark an important watershed in the history of surveillance. Not only because it might normalise the deployment of mass surveillance tools in countries that have so far rejected them, but even more so because it signifies a dramatic transition from “over the skin” to “under the skin” surveillance.
Some Recommendations
We know that good contact-tracing methods are crucial in the fight against this virus. The countries that have successfully been able to manage the pandemic so far have one thing in common, they all have been putting strong measures in place to identify and alert people who have come into contact with an infected person at early stages in the pandemic.
We can benefit from the support technology has given us in the fight against this pandemic, something that could not be said when the world faced a similar situation in 1918.
Technology is here to make our lives better and safer. So how can we ensure that we can safely deploy these tools while also mitigating potential risks? Firstly, we need to understand that this is not a matter of choice between health and privacy. When we look towards Europe, for example, their strict privacy laws have given technologists no option but to work around it with solutions that respect these standards. A good example of this is the Pan-European Privacy Preserving Proximity Tracing (PEPP-PT) initiative, which is attempting to create a system to work across national borders while preserving as much privacy and security as possible. In this case, data, gathered by Bluetooth, would be stored in an anonymous, encrypted form.
When it comes to COVIDSafe in Australia, scientists and researchers across the globe recently released a joint statement with the following recommendations:
● Contact tracing Apps must only be used to support public health measures for the containment of COVID-19. The system must not be capable of collecting, processing, or transmitting any more data than what is necessary to achieve this purpose.
● Any considered solution must be fully transparent. The protocols and their implementations, including any sub-components provided by companies, must be available for public analysis. The processed data and if, how, where, and for how long they are stored must be documented unambiguously. Such data collected should be minimal for the given purpose.
● When multiple possible options to implement a certain component or functionality of the app exist, then the most privacy-preserving option must be chosen. Deviations from this principle are only permissible if this is necessary to achieve the purpose of the app more effectively, and must be clearly justified with sunset provisions.
● The use of contact tracing Apps and the systems that support them must be voluntary, used with the explicit consent of the user and the systems must be designed to be able to be switched off, and all data deleted, when the current crisis is over.
More succinctly, Nathan Kinch, CEO of Greater Than X has provided us with his insights on COVIDSafe:
Although these are unusual times and technology needs to be deployed to implement quick and effective change, we also need to ensure that sensible parameters are put in place. This is crucial due to the massive scale at which the technology needs to be deployed to be most effective.
To ensure that we are heading in precisely the right direction, the above ideals are helpful and their application should be no different to other deployed technologies, such as face recognition and temperature tracking, which will raise similar privacy concerns.
If the above recommendations are met, when you download this app, you will likely be helping to save someone’s life. It is now a time of expectation to see if these ideals will come into place in countries where these technologies are still being considered. Our job in this scenario is to stay well informed ahead of our choices. And by the way, the choice here is not between health and privacy. It is possible to have both.