Part 3: Privacy-Preserving Contact Tracing at Scale

As I previously discussed in Part 1 and Part 2, to defeat COVID-19 we’ll need effective contact tracing — but in order to win widespread buy-in for digital tracing, we must also commit to zealously defending users’ privacy rights.

In Part 3, I’ll map out the path to privacy-preserving and effective contact tracing at scale. Watch the third video explainer, then see below for more.

The good news is that this is a solvable problem, and there’s a way to bring Americans on board as we deploy new contact-tracing apps. The bad news is that when it comes to winning the trust of the public, the teams building tracing apps have a lot of room for improvement.

According to a recent survey, 56% of Americans say they don’t trust tech companies to manage and protect tracing data. That’s 13 percentage points less than those who say they’d trust government health agencies or universities with their data.

Winning hearts and minds is going to be an uphill struggle. That’s why Switchbit is calling for a new initiative to develop industry-wide privacy standards — a joint collaboration between tech firms, privacy advocates, health workers, and universities. This would be a foundational step toward genuinely trustworthy contact tracing.

In practice, what does that mean? In addition to developing contact-tracing apps, we must also build digital infrastructure capable of fusing tracing and health data and delivering the actionable insights we need to curb and preempt outbreaks. Crucially, we need to do so in a way that is unimpeachably secure, and that transparently safeguards users’ privacy and data rights.

To achieve this, we need three big things:

#1 Threat Exposure Notification Protocol (TENP)

#2 A commitment to citizen control

#3 A robust privacy standard

#1 Threat Exposure Notification Protocol (TENP)

The Internet couldn’t exist without the HyperText Transfer Protocol (HTTP), which sets the standard for formatting and transmitting messages online. To collect the data needed to derail coronavirus transmission, we need a similar standard for contact tracing: a Threat Exposure Notification Protocol (TENP) that articulates how data can be gathered, stored, communicated, and shared between authorized stakeholders. Google and Apple’s new software kits empower individual applications, but we need a unified TENP to prevent the fragmentation of data across multiple tracing apps, and to allow analysts and health workers to leverage a unified data-stream as they work to thwart future pandemics.

#2 A commitment to citizen control

In developing a TENP, we need to put end-users in the driver’s seat. Only by empowering citizens can we secure the buy-in that’s needed to trace contacts at scale. That means giving users the power to seek out information on their own terms, and to decide precisely how much of their data to hand over along the way. To be effective, any contact-sharing standard will need to have the user’s Right to Be Forgotten baked into its fundamental structure. We’ll also need to ensure that users can give, withhold, or withdraw consent for the use of their data at a granular level, and also veto the use of their data by authoritarian states such as Russia and China. These are foundational issues that need to be addressed as such, and not reinvented from scratch each time a developer sits down to code a tracing app.

#3 A robust privacy standard

Finally, we need to codify a privacy standard that is flexible enough to allow researchers and public health actors to fuse potentially chaotic health, location, and proximity data at scale, but also robust enough to give users reliable control over their data. The more we can ensure privacy, the more willing users will be to share their information, enabling not just basic contact tracing but perhaps also the use of more advanced health data, such as biometric data or medical results, to spur the development of new treatments for COVID-19. The potential is enormous, but only if we can give users an ironclad guarantee that nobody’s taking liberties with their data.

At Switchbit, we’ve taken the first step towards these interconnected goals by launching the Threat Exposure Notification Protocol (TENP), a new standard for sharing data across contact tracing applications, data providers, public health institutions, and policymakers. Essentially, TENP is a framework that lets tech companies incorporate meaningful and verifiable privacy and data security into their tracing systems, and also gives users, regulators, and health professionals reassurance that tracing is being carried out in an effective and secure way.

Of course, TENP is only the first step. By establishing a clear standard for data sharing, we’re enabling the kind of collaboration and innovation that’s needed — but others, from policymakers to tech companies, will now need to step up and make use of these tools. What’s needed is a groundswell of support for these ideas, driven both by users and by tech companies themselves.

These are early days, and we don’t claim to have definitively solved the privacy challenges inherent in contact tracing. But with TENP, we’ve created a connective framework that the tech industry, the healthcare sector, and policymakers can build on to develop more robust tracing tools. Now, we need collaboration and creative thinking to move the ball forward — and to reassure users, in the United States and all over the world, that it’s safe to share their personal data.

There’s still plenty of work left to do, so if you’re interested in helping us figure out how to realize this vision, please get in touch. Defending privacy while building contact tracing systems at scale is a challenge that’s bigger than any one company or organization — but together, it’s a challenge we can overcome. Our ability to defeat COVID-19, and to prevent similar crises in the future, depends on it.

Part 2: What’s Holding Back Contact Tracing Success?

In Part 1,  I explained that for contact tracing to achieve the requisite adoption levels in America, tracing technologies must be accompanied by robust privacy protections.

So what does it take for Americans to lay their personal data on the line in the name of public health? Watch the second video in our series below. Read on for more.

Contact Tracing’s 3 Big Challenges

Despite the runaway success of digital contact tracing in places such as Taiwan and South Korea, about 60% of Americans don’t believe digital tracing will help us beat COVID-19. Yet 50% of Americans also say they’duse a contact tracing app if one were available.

Clearly, Americans are skeptical but persuadable. To overcome skepticism and win large-scale buy-in for digital tracing, we’ll need to address three big challenges:

  1. Consumer Adoption
  2. Citizen Control
  3. The Oligarchy
1. Consumer Adoption

The first challenge lies in gathering data in useful volumes. According to Covid-Watch, tracing technologies must be used by over 50% of a given population in order to be effective. Paradoxically, the current proliferation of tracing apps and technologies makes that goal harder to achieve ––unless apps share their data each new platform further fragments the total data-pool.

Clearly, gathering sufficient data will require careful coordination and data-aggregation between platforms. That’s especially important in a sprawling, geographically and demographically diverse country like the United States. The same network effects that lead kids to use TikTok and old-timers to use Facebook, or prompt Twitter users to coalesce into echo-chambers, could drive different groups to preferentially adopt different tracing apps. Without the ability for those apps to talk to one another, our ability to curb this pandemic is severely limited.

The bottom line is that the coronavirus doesn’t respect our app preferences, our social groupings, or our demographic and geographic divisions. As new genetic testing shows, the virus simply rolls across state lines and national borders, rippling inexorably from one hot spot to the next. To counter that, we’ll need tools that can share data effectively, both with each other and with researchers and health workers.

2. Citizen Control

We need to gather as much data as possible, but to achieve that goal we’ll have to give users the right to opt out of contact tracing, and to delete any data they’ve previously shared. That’s because unless we put users firmly in control of their data, we’ll never achieve a critical mass of registered app users.

At a minimum, anyone who’s sharing personal data through a tracing app should be able to quickly and easily do the following:

  • Invoke their Right to Be Forgotten;
  • Decide for themselves how their data will be used; and
  • Explicitly block authoritarian states from accessing their data.

Many contact-tracing solutions ignore these requirements, claiming they’re unnecessary for tools based on Bluetooth-powered proximity detection rather than GPS location tracking. But while the Bluetooth solutions touted by MIT, Apple, and Google are promising, citizens seeking to manage their personal health risk need more than a scary message telling them they’ve been in the proximity of someone who tested positive.

In the wrong hands, information about the people you’ve met can be just as sensitive as data about the places you’ve visited, and users have every right to demand control over how that data is stored and shared. Control works both ways, too: some app users might be happy to freely share both location and proximity data, at least in some circumstances. Rather than forcing users to wait for alarming messages to pop up on their cellphones, we should put them in control, and let them seek guidance on their own terms.

3) The Data Oligarchy

A lot of this boils down to giving people control of their data, and using their information only in ways to which they’ve explicitly consented. That might sound like a no-brainer, but it rubs up against some of the defining challenges of our modern world.

From digital staples such as web search and email to innovations such as contact tracing, we’re utterly reliant on big tech firms such as Apple and Google to build and maintain our digital infrastructure. Necessarily, and discomfitingly, that means trusting those companies to build a neutral infrastructure that serves our collective needs rather than their own corporate goals.

Don’t get me wrong: when it comes to COVID-19, we’re enormously lucky to have Apple and Google fighting in our corner. But there are real privacy concerns that come with the tech titans’ market dominance. The rise of privacy regulations such as the GDPR and the CCPA reflect legitimate concerns about the rise of a largely unregulated data oligarchy.

We Can Get This Right

Tackling these concerns head-on, and building a system that handles privacy properly, should be a shared priority for regulators, users, health workers, and tech companies. We’ll need effective tools if we’re to solve this crisis and future ones. But we’ll also need apps that we can deploy on an enormous scale without sparking a privacy backlash. If we don’t get this right, we could be dealing with the consequences for years to come.

I’m hopeful about our ability to solve these problems and build a contact tracing network that respects people’s rights while delivering the data we need to defeat the coronavirus. In the next post, I’ll outline how we can unite to create the new data and privacy standards needed to win the fight.

Part 1: Will Contact Tracing Work?

It’s the question of the day: will contact tracing work? The short answer is yes, if we do it right. And since doing it right involves data privacy, data security, and data management –– right up our alley at Switchbit –– we created a three-part series on contact tracing challenges and solutions . To kick off Part I, here’s an overview video on how contact tracing works and what’s at stake. Read on for more.

A Tale of Two Countries

In mid-March, the United States and South Korea had each seen around 90 coronavirus deaths. By the end of April, however, the two countries were a study in contrast. South Korea lost just 85 more people to the pandemic — while the United States lost over 62,000 souls, at an average of 85 COVID-19 deaths per hour for the entire month.

The key difference between the two nations isn’t their size. It’s that from the earliest days of the COVID-19 crisis, South Korea implemented “virtuous surveillance,” or the use of digital contact-tracing technologies to track the movements of coronavirus carriers, identify people they may have infected, and help public health officials to break the chain of transmission.

Here in the U.S., we’re only now rolling out contact tracing at the start of May. Health experts are calling for a $3.6 billion push to support the effort, following successful examples in South Korea, Taiwan, and Singapore. Some of America’s best and brightest, including engineers at Apple, Google, and MIT, are now developing the contact-tracing technologies to safely reopen our economy and avoid future pandemic crises.

But contact tracing isn’t just a technological challenge: it’s also a cultural one. To deliver results, we’ll need the American people to set aside partisanship and anti-scientific posturing, and actually use the contact tracing technologies that we develop.

The early signs are that winning the battle for hearts and minds could be a bigger challenge than developing effective tracing technologies. In fact, surveys show that 60% of Americans currently feel that location-based tracking would make next to no difference to our fight against COVID-19.

Those numbers are disheartening. But I believe they reflect skepticism less about the efficacy of tracing technology than about the likelihood of Americans collectively embracing a technology that’s explicitly designed to collect their personal data.

Paradoxically, Americans are willing to click away their data rights if it means they can share cat photos more easily, but they’re deeply skeptical about giving people in positions of authority permission to digitally track them. They’re also skeptical about sharing potentially sensitive health information with their neighbors. That’s understandable: people quite rightly consider their health, movement, and social interactions to be private, and right now the stakes are higher than ever.

We’ve already seen ugly cases of Asian-Americans being victimized for supposedly spreading the coronavirus, and fights breaking out after people cough in public places. Now imagine the chaos that would ensue if everyone in a grocery store learned someone present had been exposed to the coronavirus — or if everyone in an apartment building discovered one of their neighbors had tested positive.

There Has to be a Better Way

For contact tracing to work at scale, we can’t dodge these critical questions of privacy, consent, and control. This isn’t an either-or situation: the idea that we can have privacy or public health, but not both, is a false choice. There has to be a better way.

Here at Switchbit, we believe that tech companies need to step up and help address this thorny issue, just as they are doing in developing the core technologies that make large-scale contact tracing possible.

MIT’s Private Kit has led the way by promoting the use of Bluetooth, not GPS data, to drive contact tracing. That approach — now implemented by Apple and Google in APIs for Android and iOS devices — allows apps to focus on tracking users’ proximity to one another, rather than their specific location. Using Bluetooth, apps can identify the people you’ve had contact with, without recording more sensitive information such as whether you met them at church or at the liquor store.

Bluetooth doesn’t solve every problem: it’s easy to imagine marketers using stationary Bluetooth beacons to piggyback on contact-tracing infrastructure to track shoppers passing through their stores, for instance. But such strategies are a step in the right direction, and a sign of the kind of innovation we’ll need to build a trustworthy tracing system that respects users’ right to privacy.

To ensure contact tracing success in the U.S., we’ll need robust, verifiable, and scalable privacy protections to win the buy-in that will allow us to scale this vital technology.

Fortunately, this is a challenge the tech industry knows how to solve. In my next blog post, I’ll dig deeper, and show how we can start to build a contact tracing infrastructure that combines both effective tracking and utterly trustworthy privacy protections.