The key to containing the COVID-19 epidemic and its economic consequences
If you had to choose between safety and privacy, what would you choose? If you had to choose between your source of income and your individual rights, which would win out? These are no longer hypotheticals, across the world governments and individuals are being forced to make these decisions.
The media briefing streamed by the World Health Organization (WHO) on March 18, 2020 [1] made it clear that it takes three pillars to contain the COVID-19 epidemic successfully:
1. Isolation, i.e. minimizing the risk of infection by measures of social distancing
2. Testing, i.e. providing and conducing sufficient numbers of tests for COVID-19 infections
3. Contact tracing, i.e. tracing potential contacts of diagnosed COVID-19 infected patients as a base for targeted interventions such as quarantine or testing
Graphic: Deepti Pahwa
National authorities are currently rolling out highly intrusive social distancing measures to address the first pillar on a global scale. The measures have been taken swiftly, and often with little resistance in the face of the overwhelming threat of Covid-19. Government regulations now restrict movement of more than a billion people to prevent the spread of COVID-19.
While these lock-down measures are applied with the right intention to slow down the spread of the disease, their undifferentiated application risks economic collapse. With production sites closed and distribution challenged by movement restrictions, supply chains are squeaking to a halt. Subsequent economic woes will hit a still fragile financial system. Government aid and rescue packages will alleviate some pain, but will not be able to deal with a widespread economic breakdown.
While the situation around testing is slowly improving, much of the world is still deciding how to implement WHO’s third pillar: Contact Tracing. Contact Tracing is powerful, in that it allows for far more differentiated social distancing measures. Those who are really subject to infection risk because their path crossed a confirmed infected patient can be targeted with measures such as quarantine and testing. Those who did not experience exposure to the virus are free to move, and thus, keep the economy running. Another advantage of such a solution is that it clusters information on new or poorly understood diseases, thus shedding light on how a disease is spread.
Unfortunately, the contact-tracing is still underrepresented in both the debate and national COVID-19 packages. The understandable reason for that is privacy concerns. However, those concerns should not lead to avoidance of such an important tool. An understanding of the different technological options helps to conduct a more differentiated debate and selection of a solution that fits a respective society best. Countries with robust manual contact tracing make the first moves to a digital version: Singapore and Iceland being prime examples. They know the value of the approach and are looking more to optimize their current process.
The immediate effectiveness of the solution is something that governments and health authorities tend to be biased towards, given the urgency and need for solutions. Countries are faced with a huge number of different options where to invest their time and energy: Buying new masks? Ramping up production of breathing machines? Building hospital sites? We need to have a compelling case that contact tracing delivers outsized value for their time and money.
Contact tracing, unlike isolation, is not a measure for the peak of infections- if everyone is quarantined already, there’s no need for it. It is, however, crucial before the peak of a pandemic , and as cases start to decline. As the “curve” drops, countries around the world will have to make difficult decisions about who gets to leave isolation, and when. Too loose with their decisions, and they will risk devastating second or third waves of infections. Too strict, and they will prolong already agonizing economic decline – something that in itself can cause death.
The initial contact-tracing method of many governments–painstaking interviews and manual tracking– is both flawed and does not scale. Intervention with digital tools, on the other hand, can have an outsized impact on containment effectiveness. Technology based contact tracing has become a clear way to let governments and individuals know who should quarantine, and who can return to life as normal. There is only one issue: allowing a government to know your every location and interaction is an unprecedented intrusion into privacy, even in the most authoritarian states.
Graphic: Bill Fallon – adapted from PEPP-PT.org
While those fearing the loss of privacy are rightly alarmed, we should also be careful in labelling contact tracing as a monolith. In essence, contact tracing exists in two broad forms:
A. Fully centralized digital contact tracing
In this version of contact tracing, GPS location data are collected by mobile phones and consolidated centrally – potentially augmented by other data sources such as mobile telecommunication service provider cell level tracking or payment data. A central authority determines potential contacts of individuals and confirms infected patients and requests specific actions.
China and Israel follow such a central approach: Chinese Alipay based „Health Code“ system was launched on February 15 and has been rolled out to 100 cities now. The system classifies the population into “green”, “yellow” and “red”, depending on infection exposure. Only „green“ classified individuals are allowed to move freely. „Yellow“ and „Red“ classified individuals are required to go for testing and quarantine. Classification is provided in bar code format on mobile phones to be checked by security forces. While acting for the greater good, these programmes have made explicit the degree to which citizens’ behaviour can be controlled through their smartphones. We can expect increased levels of consumer interrogation into the data that is being held on them and how it is being used.
China’s Health Code system cannot be attributed to being the root cause of the recently experienced reductions of new infections. But it seems to be a pivotal tool to maintain recently achieved low infection rates.
B. Decentralized contact tracing
In a decentral, privacy sensitive approach, only diagnosed patients‘ data need to be shared within the population. Matching with individuals‘ historic locations and generation of warnings is done by the app locally on the phone. That approach was chosen by South Korean apps such as Corona 100m which has been downloaded by more than a million users. However those apps have been banned by Apple and Google stores because of a lack of health authority support. A few national governments are in the process of developing their own decentralized tracing app – Singapore being a prime example. However, the novel coronavirus is a global problem, which requires a global solution.
WHO backed COVID-19 open source development initiative had the objective to provide WHO information to the global population in an untampered direct way. Proposals to extend app functionality to a decentral version of contact tracing have been already formulated. Implementation is, however, not yet scheduled. Nevertheless that approach will be interesting to watch as it aims at the high aspiration of a globally standardized, health authority backed solution to the contact tracing task.
COVID Safe Paths comprises a very vivid global community of developers and various support functions such as communication and legal. They have two applications— COVID Safe Paths: Storing GPS traces of app users on their phone and displaying alerts, and Safe Places: Web application for health professionals to enter confirmed cases. The project aims at creating a global standard with a special emphasis on privacy protection. Usage of both GPS tracking and direct contact registration are planned. The current safepaths solution would give immediate relief to contact tracers by providing a tool to more efficiently conduct interviews and gather information from patients, and enables working with infected patients to quickly remove information that the patient asserts is personal, private, and or confidential. At the same time, it would enable public health authorities to post aggregated, anonymized information about where infected patients have been. Further, to the benefit of undiagnosed people, they can download the aggregated, anonymized data on their phone through COVID Safe Paths to determine if they may have had contact with infected patients directly or via infected surfaces. Infected individuals can blur or redact locations that might be sensitive or give away their identity. And for users who are not infected, all the calculations regarding their location trail happen on the smartphone. It never goes to the server. So the only person who knows that they might have crossed paths with an infected person is the user himself or herself.
Even decentralized contact tracing applications will still face heavy pushback from privacy advocates. Those concerns need to be addressed by diligent communication and application design right from the beginning. It should be possible to leverage such a technology given the high risks at stake. Solutions with direct, proximity based contact registration have the advantage in terms of privacy. However proximity detection is still facing technical challenges: Bluetooth alone has a too large a reach, detecting contacts up to 80m away. A proposed solution is using ultrasound and microphones after Bluetooth contact has been made to verify proximity, but has reduced effectiveness if the phone is in a pocket, and would raise the concerns of privacy with apps requiring access to microphones. Such is the case with the Austrian Red Cross app just at the moment. If Wifi is chosen as an option, both Bluetooth and Wifi may evaluate signal strengths as a very rough guide to proximity.
Reliably detecting proximity of devices as a proxy for “contacts” is an open challenge. Phones have multiple sensors and communication technologies that can be used to detect “contact” with another device: GPS, Bluetooth, Wifi, NFC and ultrasonic communications via microphone & speaker. Currently the combination of Bluetooth to detect nearby devices and ultrasonic communications via the microphone & speaker to confirm close proximity is a promising technical solution.
However, an app requesting permissions to use the phone’s microphone continuously leads to obvious privacy fears from end users, which can deter mass adoption. Currently the Austrian “STOPP CORONA” app uses those technologies, but the related code is not open source, so users have no way to verify that the microphone is only being used to detect ultrasonic handshakes from other nearby phones.
An often overlooked criteria is secure implementation of the solution. Projects based on secure app development systems are an important differentiating factor, but the user must be able to verify that the system was used correctly. For example, Google firebase as used by Israel or the Austrian Red Cross apps could be a major security risk, if data access is not implemented properly. If there is a flaw in the implementation, there is a threat that third parties can view the records gathered (in millions) from the app developed on those platforms. Having an open source code-base allows for external security audits and verification.
In order for a digital contact tracing app to be effective, certain pre-conditions need to be in place:
- Medical effectiveness: Proposed tracing solutions need to fit into the care pathway for them to be medically effective. We need to understand how a close tracing solution fits the required intensity (duration/distance) of interaction to transmit the infection. And if only confirmed (symptomatic) cases need to be taken into account, or also asymptomatic as features on the chosen tracing solution. The uncertainty on how many people transmit the virus while being asymptomatic is still a challenging task to accomplish in this regard.
- Testing & Tracing capacity: These digital interventions are an aid not a solution; an ecosystem of policies and personnel to maintain a central repository of contact traces is required. Widespread testing is required for Contact Tracing apps to be effective, as we have to remember that a fundamental input for the digital contact-tracing solution is a log of confirmed cases and associated travel history.
- High Adoption rate: A large majority of citizens need to use a single solution (or a set of compatible solutions) for contact tracing apps to be successful. Adoption of a single national/global standard must be a primary goal. Additionally, people who test positive must be verified and their movement/contact information distributed to all app users, a task made easier with a common standard/backend.
- Data privacy/citizen rights: Having a solution compliant with legal regulations such as GDPR and approved by local and EU privacy bodies for collecting and processing personal data such as location, device-identifiers, and health records can hugely influence adoption. The solution needs a central control of the backend to ensure security of data and privacy is upheld. It also needs the credibility and the ability to respond quickly to change the app regarding concerns.
The Decisions We Make Today
With the dizzying array of solutions being developed, it might be worth reminding ourselves what’s at stake. History has shown us that governments are loath to give up powers they have acquired during a crisis. The decisions we make today will have implications on our life long after a functioning vaccine is developed. It is imperative we think about privacy. We need to prioritise a new framework for data that is purpose-built for the 21st century and ensures an inclusive approach to give people more rights and capabilities. Data rarely represents a single person – it usually describes many people. A trusted, impartial, honest broker that can solve problems, and allows us to achieve both utility and privacy is the way forward. Decisions we make today could allow for technology that can be humanised for social impact.
On the other hand, action is urgently required. It has become clear that the coronavirus is not going away anytime soon. We need to see the virus before we can fight it, and right now we can’t see anything until it’s too late. In this case information isn’t just power, it’s survival. Contact tracing is one of the few ways we can prevent the disease on a massive scale. While we are rightly nervous about sharing our information, we should also ask what we have not already done: locked ourselves in our homes, isolated ourselves from loved ones, allowed unprecedented economic damage. Contact tracing could allow us to return to some sense of normalcy in the coming months. As is becoming clear, that is an extremely valuable proposition.
Protecting ourselves from both the virus and authoritarianism are not mutually exclusive. Reconciling these imperatives will however, require thoughtful decisions about the types of technology we use, and who will control them. Focus on making transparency and consent the default settings is a necessary first step to getting it right. We have an unprecedented opportunity to implement a new and coherent data system that empowers individuals, health officials, and governments alike without creating surveillance state measures.
We need to make decisions around these issues fast. Our time to respond to both the virus and creeping surveillance is running out.