Cellphone tracking could help stem the spread of coronavirus. Is privacy the price?
“IT IS POSSIBLE TO STOP THE EPIDEMIC.” That’s the message splashed atop a website built by a University of Oxford team this week to share new research on the spread of the novel coronavirus. Below that hopeful statement comes a big caveat: To stop the virus’ spread, health officials need to find and isolate the contacts of infected people—lots of them—and fast. Such contact tracing is a mainstay of infectious disease control. But the Oxford team is one of several now advocating for a new approach: tapping into cellphone location data to track the spread of infection and warn people who may have been exposed.
Several governments in Asia have tried that approach in ways that would run afoul of privacy laws in many other countries. China, for example, has reportedly relied on mass surveillance of phones to classify individuals by their health status and restrict their movements. Now, research teams in Europe and the United States are considering less invasive ways to collect and share data about infections, and some are already developing and testing coronavirus-specific phone apps. Governments, meanwhile, are scrambling to figure out how these potential pandemic-fighting tools could work within data privacy laws and without losing the support of an already wary public.
“We don’t live in a culture of public trust when it comes to data,” says David Leslie, an ethicist at the Alan Turing Institute who studies the governance of data-driven technologies. “We live in this age that has been called the age of surveillance capitalism, where … our data is abused and exploited.” But, he adds, authorities and the public will have to weigh the value of privacy against the possibility that data collection could save millions of lives. “These are not normal times.”
Behind in the chase
Tracing the people an infected person recently came near requires widespread testing to diagnose infections in the first place. That testing has been painfully slow to ramp up in the United States and parts of Europe—to say nothing of countries elsewhere with fewer resources. Even as more tests become available, state and local health departments may not be able to interview every patient and follow up with every contact. And even the most painstaking interview can’t reveal contacts or places that a person just doesn’t remember.
The virus that is causing the pandemic, severe acute respiratory syndrome coronavirus 2, poses a particular challenge, says Oxford infectious disease epidemiologist Christophe Fraser. So far, it appears that nearly half of transmissions happen before an infected person has symptoms. That means the virus can spread for days before health authorities even learn of a spreader. “No matter how many resources you put into [contact tracing], it’s never going to keep ahead of the virus,” he says. “It’s always going to be one or two generations ahead.”
Fraser and his colleagues have watched U.K. coronavirus cases climb in recent weeks while new cases in China plummeted. Two postdoctoral researchers in his lab described their families in China using a phone app that told them when and where it was safe to go out. “We thought, ‘Well, what would we do, if we [built] an app?’”
Fraser, with Oxford clinician David Bonsall and colleagues, designed a mathematical simulation of how “instantaneous digital contact tracing” would influence the spread of the virus. To stop the epidemic, health officials must reduce the virus’ reproductive number—the average number of people each infected person transmits the virus to—to less than one. When the team modeled a scenario in which contacts were notified the instant a person tested positive, it was possible to push the reproductive rate of the virus below that threshold, the team reported in a preprint this week.
“It became obvious to us that this was solving a major problem,” says Fraser, who adds that his team is advising several European governments, including the United Kingdom’s, on digital tracking. The U.K. National Health Service announced on 19 March that it was developing a coronavirus contact tracing app.
Digital tracking of many flavors
At its simplest, digital contact tracing might work like this: Phones log their own locations; when the owner of a phone tests positive for COVID-19, a record of their recent movements is shared with health officials; owners of any other phones that recently came close to that phone get notified of their risk of infection and are advised to self-isolate. But designers of a tracking system will have to work out key details: how to determine the proximity among phones and the health status of users, where that information gets stored, who sees it, and in what format.
Digital contact tracing systems are already running in several countries, but details are scarce and privacy concerns abound. Protests greeted Israeli Prime Minister Benjamin Netanyahu’s rollout this week of a surveillance program that uses the country’s domestic security agency to track the locations of people potentially infected with the virus. South Korea has released detailed information on infected individuals—including their recent movements—viewable through multiple private apps that send alerts to users in their vicinity. “They’re essentially texting people, saying, ‘Hey, there’s been a 60-year-old woman who’s positive for COVID. Click this for more information about her path,’” says Anne Liu, a global health expert at Columbia University. She warns that the South Korean approach risks unmasking and stigmatizing infected people and the businesses they frequent.
But digital tracking is probably “identifying more contacts than you would with traditional methods,” Liu says. A contact-tracing app might not have much impact in a city where a high volume of coronavirus cases and extensive community transmission has already shuttered businesses and forced citizens inside, she adds. But it could be powerful in areas, such as in sub-Saharan Africa, that are at an earlier stage of the outbreak, and where isolating potential cases could avert the need to shut down all schools and businesses. “If you can package this type of information in a way that protects individual privacy as best you can, it can be something positive,” she says.
Navigating privacy laws
In countries with strict data privacy laws, one option for collecting data is to ask telecommunications and other tech companies to share anonymous, aggregated information they’ve already gathered. Laws in the United States and the European Union are very specific about how app and device users must consent to the use of their data—and how much information companies must disclose about how those data will be used, stored, and shared. Working within those constraints, mobile carriers in Germany and Italy have started to share cellphone location data with health officials in an aggregated, anonymized format. Even though individual users aren’t identified, the data could reveal general trends about where and when people are congregating and risk spreading infection.
Google and Facebook are both in discussions with the U.S. government about sharing anonymized location data, The Washington Post reported this week. U.S. companies have to deal with a patchwork of state and federal privacy regulations, says Melissa Krasnow, a privacy and data security partner at VLP Law Group. App and devicemakers could face user lawsuits for sharing data in a way that wasn’t originally specified in their terms of service—unless federal or local officials pass legislation that would free them from liability. “Now you’ve got a global pandemic, so you would think that [you] would be able to use this information for the global good, but you can’t,” Krasnow says. “There’s expectations about privacy.”
Another option is to start fresh with a coronavirus-specific app that asks users to voluntarily share their location and health data. For example, a basic symptom-checking app could do more than just keeping people who don’t need urgent care out of overstretched emergency rooms, says Samuel Scarpino, an epidemiologist at Northeastern University. Health researchers could use also use location data from the app to estimate the size of an outbreak. “That could be done, I think, without risking being evil,” he says.
For Scarpino, the calculus changes if governments want to track the movements of a specific person who has coronavirus relative to the paths of other people, as China and South Korea have apparently done. That kind of tracking “could easily swing towards a privacy violation that isn’t justified by the potential public health benefit,” he says.
In Germany, which has some of Europe’s strictest data privacy protections, the government can compel a technology company to share location data on an individual in the interest of national security, says Sebastian Golla, a legal scholar at the Johannes Gutenberg University of Mainz who studies data protection law. But indiscriminate mass tracking of individuals lacks a legal basis, he says. To track people who have or might have coronavirus, Germany and other European countries would need to pass laws specifying how data collection would be restricted to a certain population, for a certain time, and for a certain purpose.
Such laws could be on the way. On 21 March, Frankfurter Allgemeine Zeitung reported that the German health ministry had drafted changes to a law called the Infection Protection Act to allow, among other things, the tracking of people who were in contact with those infected with the coronavirus.
The next generation of coronavirus trackers
Several emerging projects aim to set up voluntary, privacy-conscious phone tracking systems. This week, a team led by computer scientist Ramesh Raskar at the Massachusetts Institute of Technology released a prototype of an app called Private Kit: Safe Paths. The app stores up to 28 days of a user’s GPS location data, logged every 5 minutes. If the user tests positive for coronavirus, they can choose to share their recent data with health officials to identify and publicize the places where others may have been at risk of infection.
A future iteration of the app, soon to be released, would compare a user’s recent locations against the path of an infected person and alert them of potential contact. Users wouldn’t learn anything else about the infected person—not their age, their sex, or their geographic path. The team, which includes collaborators from Harvard University and the Mayo Clinic, is in discussions with “a dozen cities and nations in all parts of the world,” about running pilot trials of the app, Raskar says.
Another app in development in Germany relies partly on location data that Google already stores for its account holders. A person who tests positive could use the app—called GeoHealth—to “donate” their location history. That data would then be anonymized and stored on a central server, says Gernot Beutel, a stem cell transplant physician at Hannover Medical School who is co-developing the technology. A data analytics platform designed by the software company Ubilabs would compare users’ movement history to that of infected people, and the app would show them color-coded alerts based on how recently they may have encountered the virus. Though a combination of GPS tracking, wireless network data, and connections between phones via Bluetooth, Beutel says the app should be able to detect when a phone comes within 1 meter of another phone.
Making data submissions voluntary and anonymizing data are “good options to maintain civil rights. It’s a clean way of legally doing it,” Golla says. But such apps will reduce the spread of disease only if a lot of people use them. Liu cautions that because a tracking app can’t capture every possible source of infection, it risks creating a false sense of security for users. “Just because you don’t see a dot on a map where a contact might have been doesn’t mean that areas that don’t have dots don’t have infected people.”
Raskar’s team is working to figure out how many people would need to use the Private Kit app for it to be effective at controlling disease spread. He can’t say how many people have downloaded the prototype; the researchers don’t collect that information for privacy reasons, he says. Beutel is hopeful that the urgency of the pandemic will inspire much of the population to lay bare their movements and health status. “People give their stem cells for patients that need a stem cell transplantation. They give their blood,” he says. “We hope that people think about the crisis, and are willing to give their data.”
With reporting by Catherine Matacic.