COVID-19 exposure contact tracing became a priority for local health departments this past spring, and there were many hurdles to get clear tracing information to track the outbreak in communities. The CDC notes that it’s a vital part of controlling the pandemic but individual privacy is always a concern in any size community.
When data collection moved from in-person surveys and health department phone calls, smartphones were a natural fit to passively track potential exposures. But the race to market with tracing software was just one of the challenges that developers experienced. Because after apps were designed and launched, they still have to be adopted by each smartphone user to be of assistance.
Tracing Strangers, One Phone at a Time
Since an infected person who leaves their home for a grocery store cannot identify each stranger that passes by, contact exposure apps rely on proximity data and geolocation to make a guess on who might get sick next. It’s a simple plan with a complex execution.
First, develop an application that works across a broad range of phone types, from old to new, Android to Apple.
Second, release the app in such a way that it inspires trust and assurance that the developer is legitimate.
Third, get one smartphone user (and then millions more) to go to their app store, download the app, and then keep it on their phone during the pandemic.
It may sound simple, but it’s anything but easy. At any point in this journey, the intended app user could bail on the process. They could even go through all three steps above, download the app, and then change their mind and delete it.
The Privacy Debate Around Data and Location Tracing
How much and what kind of data is at the heart of this debate, as privacy experts disagree with application designers and those who’d like to get more information, rather than less. Most of the basic contact tracing app designs include geolocation data transmitted to a database for each user.
Privacy experts “say that collecting location data is unnecessary and should be avoided. Where two people were when they met doesn’t matter. All that counts is that they met,” writes Laura Hautala at CNET.
Another potential design flaw in terms of privacy is linking one unchanging identifier for each user. Better than tracking the user’s name, for sure, but still not necessary, writes Hautala.
“Other apps have found ways to avoid this, with some protocols changing the user’s identifier as often as once a minute. This approach makes it much harder for someone to abuse the data, using it to track one person’s movements while using the app,” she says.
An additional data considerate safety protocol is not transmitting all the phone’s tracking data all the time, but instead waiting until a person is noted as sick, and then transmitting data to promote tracing and support.
How You Can Choose a Safe Data Path As Well As Contact Tracing
Both Apple and Google now offer software on their phones that doesn’t require downloading anything from the app store. Instead, you may encounter an opt-in page on your phone when you boot up or update software. Both Apple and Google have made improvements in privacy protections for their tracing efforts, or so say experts in the field, like tech columnist Jason Aten at Inc. Magazine. These new programs sync with health department-made applications that create contact exposure data sets for local communities to use.
- New tracing keys that mark exposure proximity are randomly generated every 10-20 minutes and transmitted via Bluetooth beacon to protect individual privacy.
- Data transmission only occurs when a phone’s user tests positive does the data get uploaded to the health organization’s server.
- In addition, the phone programs are using AES encryption which prevents someone from capturing your information en route and using it for nefarious purposes.
“The companies are also building an interface into their mobile operating systems to give users simple control over when the beacon function is active. For example, if you wanted to have it on when you’re out shopping in the grocery store, you could turn it on. Then, once you’ve returned home, if you were concerned about your phone transmitting any information, you could simply turn it off,” writes Aten.
So at the end of the day, you can still choose to opt-out if you’re still unsure of who is in charge of your data. And that ability to exercise personal control over your data is ultimately the best protection of all.