Part II: The Trouble With Contact Tracing

To win user buy-in, developers must tackle privacy concerns head-on. 

In Part I of this series, I explained how contact tracing could play a significant role in helping us beat the coronavirus — but that America will never achieve the adoption levels of South Korea unless tracing technologies are accompanied by robust privacy protections. 

What will it take to convince people to lay their personal data on the line in the name of public health? We outline the challenges that impede contact tracing efforts and what's necessary to surmount those challenges in the second video below. Read on for more.

The Three Big Challenges

As I previously mentioned, despite the runaway success of digital contact tracing in places such as Taiwan and South Korea, about 60% of Americans don’t believe digital tracing will help us beat COVID-19. But half of Americans also say they’d use a contact tracing app if one were available. 

When it comes to contact tracing, Americans are skeptical but persuadable; even many of those who think it will prove ineffective are willing to give it a shot. 

To overcome skepticism and win large-scale buy-in for digital tracing, we’ll need to address three big challenges:

1. Consumer Adoption
2. Citizen Control
3. The Oligarchy

1) Consumer adoption

The first challenge lies in gathering data in useful volumes. According to Covid-Watch, tracing technologies must be used by over 50% of a given population in order to be effective. Paradoxically, the current proliferation of tracing apps and technologies makes that goal harder to achieve ––unless apps share their data each new platform further fragments the total data-pool.

Clearly, gathering sufficient data will require careful coordination and data-aggregation between platforms. That’s especially important in a sprawling, geographically and demographically diverse country like the United States. The same network effects that lead kids to use TikTok and old-timers to use Facebook, or prompt Twitter users to coalesce into echo-chambers, could drive different groups to preferentially adopt different tracing apps. Without the ability for those apps to talk to one another, our ability to curb this pandemic is severely limited.

The bottom line is that the coronavirus doesn’t respect our app preferences, our social groupings, or our demographic and geographic divisions. As new genetic testing shows, the virus simply rolls across state lines and national borders, rippling inexorably from one hot spot to the next. To counter that, we’ll need tools that can share data effectively, both with each other and with researchers and health workers. 

2) Citizen control

We need to gather as much data as possible, but to achieve that goal we’ll have to give users the right to opt out of contact tracing, and to delete any data they’ve previously shared. That’s because unless we put users firmly in control of their data, we’ll never achieve a critical mass of registered app users. 

At a minimum, anyone who’s sharing personal data through a tracing app should be able to quickly and easily do the following:

• Invoke their Right to Be Forgotten; 
• Decide for themselves how their data will be used; and
• Explicitly block authoritarian states from accessing their data.

Many contact-tracing solutions ignore these requirements, claiming they’re unnecessary for tools based on Bluetooth-powered proximity detection rather than GPS location tracking. But while the Bluetooth solutions touted by MIT, Apple, and Google are promising, citizens seeking to manage their personal health risk need more than a scary message telling them they’ve been in the proximity of someone who tested positive.

In the wrong hands, information about the people you’ve met can be just as sensitive as data about the places you’ve visited, and users have every right to demand control over how that data is stored and shared.  Control works both ways, too: some app users might be happy to freely share both location and proximity data, at least in some circumstances. Rather than forcing users to wait for alarming messages to pop up on their cellphones, we should put them in control, and let them seek guidance on their own terms.  

3) The Data Oligarchy

A lot of this boils down to giving people control of their data, and using their information only in ways to which they’ve explicitly consented. That might sound like a no-brainer, but it rubs up against some of the defining challenges of our modern world.

From digital staples such as web search and email to innovations such as contact tracing, we’re utterly reliant on big tech firms such as Apple and Google to build and maintain our digital infrastructure. Necessarily, and discomfitingly, that means trusting those companies to build a neutral infrastructure that serves our collective needs rather than their own corporate goals. 

Don’t get me wrong: when it comes to COVID-19, we’re enormously lucky to have Apple and Google fighting in our corner. But there are real privacy concerns that come with the tech titans’ market dominance. The rise of privacy regulations such as the GDPR and the CCPA reflect legitimate concerns about the rise of a largely unregulated data oligarchy.

Tackling those concerns head-on, and building a system that handles privacy properly, should be a shared priority for regulators, users, health workers, and tech companies. We’ll need effective tools if we’re to solve this crisis and future ones. But we’ll also need apps that we can deploy on an enormous scale without sparking a privacy backlash. If we don’t get this right, we could be dealing with the consequences for years to come.

I’m optimistic about our ability to solve these problems and build a contact tracing network that respects users’ rights while delivering the data we need to defeat COVID-19. In my next post, I’ll explain how we can join together to create the new data and privacy standards needed to win the fight.