Governments and tech corporations are racing to implement contact tracing — but privacy may be compromised
Could the rise of Covid-19 make humans waive their online privacy concerns? You know, for the greater good? Maybe.
And that’s exactly what Google, Apple — and the SA government — are counting on.
In an unprecedented move, Google and Apple have announced a partnership to provide contact-tracing solutions for Android and iOS operating systems. The feature will be designed to help track people who are confirmed to have been infected with Covid-19.
But the SA government has its own contact-tracing plan.
Communications minister Stella Ndabeni-Abrahams said in March that the government wanted to use aggregated location data to map trends in the spread of the virus. She said mobile operators MTN, Vodacom and Telkom had agreed to make this data available to track the number of people affected in specific areas.
Information gathered by the government for its contact-tracing database includes ". .. the first name and surname, identity or passport numbers, residential address and other address where such person could be located, and cellular phone numbers of all persons who have been tested for Covid-19," according to regulations. This sounds like a very extensive list of personal information, even though the database will discard this information at a later stage.
But Bowman Gilfillan’s Livia Dyer says SA’s approach takes a middle road. She cites the example of South Korea, where "aggressive" tracing is under way.
"Using security-camera footage, credit-card records, GPS data from cellphones and car navigation systems, they are able to pinpoint exactly where a person has been," Dyer writes in a note.
South Koreans are notified when someone in their district contracts Covid-19 and they are given detailed information about that person’s whereabouts — including the exact bus they may have taken and whether or not they wore a mask. Names, however, are not made public.
The least intrusive method of contact tracing is through the use of aggregated and anonymised location data. This will allow networks to model the population density and what effect the spread of the virus can have on groups of people.
This is the method used in Belgium to track people’s movements. But it won’t necessarily provide information on individuals and whether they can be infected. This method is used mainly by decision-makers to gauge the success of their lockdown and tighten or loosen restrictions.
SA falls somewhere in between. But this doesn’t mean its methods have evaded the attention of privacy experts.
According to the lockdown regulations, "the director-general: health may, in writing and without prior notice to the person concerned, direct an electronic communications service provider ... to provide him or her, for inclusion in the Covid-19 tracing database, with such information as that electronic communications service provider has available to it …"
This means the SA government can request specific data about those infected (or not) from network service providers. The scope of this is surprisingly large.
If the government decides it needs detail about a person’s location for its database, it can request this from one of the networks. It could even collect information about a person’s movements from as far back as March 5.
And this will all be done under the guise of seeing who the person has been in contact with, so that those people can be notified and placed in isolation.
The reality is that location data will speed up the tedious task of contact-tracing.
But there are risks. Deputy director of the International Telecommunication Union’s Telecommunication Standardisation Bureau, Reinhard Scholl, says many countries have felt the need to relax pro-privacy laws during the crisis to use data to prevent the spread of Covid-19.
"The fear is that the short-term emergency measures that have been taken right now will stay long after the madness has passed," Scholl told a recent webinar on the subject. "Is it possible to have both privacy and health?" he asked.
The outbreak of Covid-19 isn’t the first instance of the world’s use of contact tracing. During Sierra Leone’s 2014-2016 Ebola outbreak, contact tracing was a core part of the surveillance activity created to mitigate the spread of the disease. But much of it was paper-based, rather than electronic.
Now, apps form the basis of this form of surveillance. There is a scramble to develop contact-tracing apps in Europe and the US.
And what about the Google-Apple plan? The goal of the contact-tracing system is also to alert potentially infected people to self-isolate or seek medical help before it becomes a bigger problem.
Using low-latency Bluetooth connections, the feature proposed by the tech corporations will notify those who have come into contact with someone who has Covid-19.
The tech firms say the information will be confidential. People can choose to participate, and the system will need to have a large number of users before it can work.
Google and Apple devices are used across the globe. But this contact-tracing system — and most of the apps now in development — will still exclude about 2-billion people who use phones or other devices with different operating systems.
That’s not even counting the 1.1-billion who don’t own a phone or even have access to electricity.
In fact, implementation of this contact tracing will further extend the "digital divide" in the world. Those not privileged enough to own a Google-or Apple-labelled smartphone won’t contribute to the data collected on Covid-19’s spread, and they won’t benefit from its features.
The true impact of tech solutions is still to be determined ... no one quite knows whether contact-tracing apps and tools are all they are cracked up to be.
But location data is now looked at as a tool to save lives. And it has the potential to become an alternative to an economically damaging lockdown. It could allow the healthy to continue to work outside their homes, with some social distancing rules in place. But the privacy concerns are valid and important. The work of privacy watchdogs is only just beginning.
Comments