Some items on our site have recently moved. Visit our News Hub for selected articles, special reports, podcasts and other resources.
Smartphone Covid-19 tracing provokes privacy concerns, questions about its utility
16 April 2020 10:05
Cellphones, and smartphones in particular, may permanently restructure pandemic response. Smartphones’ potential in disease tracking lies in two areas: tracing populace movements, and Bluetooth-enabled proximity tracking for monitoring personal interactions.
Many previously little-known location tracking companies have tapped into their databases to chart population movement trends, while Apple and Google are in a crash effort to enable the world’s two dominant mobile operating systems to use Bluetooth proximity signals to alert people when they've come too close, for too long, to someone carrying the novel coronavirus.
But nearly as quickly as ideas for smartphone-gleaned data for use in halting the virus's spread have sprung into possibility, so have privacy concerns and questions about their effectiveness. Even as Big Tech rushes to repurpose its data for the national good during a pandemic, technology can’t help but provoke uneasiness about how much it reveals about Americans’ daily lives.
That disquiet is visible in an April poll by the Pew Research Center that found slightly more than half of Americans say it's at least somewhat acceptable for the government to use people’s cellphones to track the spread of the novel coronavirus — while nearly just as many say cellphone tracking is very or somewhat unacceptable to do.
Regulators say they’re monitoring the situation closely. The private sector’s trove of personal data collected in the name of advertising “can be reprocessed in an instant” to more nefarious purposes, warned US Federal Trade Commission member Christine Wilson in a recent blog post.
“The stakes are high — both here and abroad, citizens are being asked to allow warrantless searches by the government on an astronomical scale, all in the name of public health,” she wrote.
Congress is watching, as well. “Privacy protection must be a strict precondition, stringently enforced, to any app that tracks people’s movements — by the feds, Google, or anyone else,” tweeted Senator Richard Blumenthal, a Connecticut Democrat.
— Use cases for location data —
Cellphones, and smartphones in particular, have a reputation that’s carried wide for being able to pinpoint the location of their owners through embedded Global Positioning System receivers.
“The GPS — that's a very severe idea. I've been hearing about it — GPS. So what happens? A siren goes off if you get too close to somebody?” mused President Donald Trump when asked about using satellite system signals to trace social contacts.
It is true that smartphone GPS-derived data can show with frightening precision whether and when someone is inside a supermarket — or in the middle of a street protest, close to a mosque or within a hospital.
But hidden beneath the appearance of exactitude in smartphone-location data is a significant margin of error with repercussions for public health use cases. Paradoxically, location data is highly revealing without being precise enough for detecting unsafe exposure to a coronavirus victim.
Even under optimal conditions — a motionless smartphone held outdoors —smartphone location data using WiFi signals to enhance location accuracy is unreliable within a 9-meter radius, found a 2019 University of Georgia study of iPhones.
As a result, the same smartphone-derived location data might show someone sitting directly next to a coughing coronavirus patient or standing the length of a city bus away. That uncertainty effectively makes smartphone location data useless for contact tracing, the process of retroactively identifying other people whom a patient may have exposed to disease.
Even the populace-movement maps may be less useful than they may appear at first, a side effect of how location data is gathered. Apps often contain code from third-party software development kits offered by companies including Cuebiq, SafeGraph and X-Mode that capture and store location from multiple apps such as games, music players, prospective date finders and cheap gas hunters.
How often the company receives geolocation data from app users varies. A huge variable is whether the user allows the app background access to geolocation data or permits it only while using the app.
Cuebiq CEO Anthony Tomarchio told MLex his company respects privacy. The company tracks user geolocation data according to a smartphone's advertising ID — which users can change — not according to other more revealing identifiers.
Privacy advocates disagree, characterizing the data collection as intrusive and mostly hidden to users. Consumers typically have little idea that giving an app location permission means being injected into a vast ecosystem of movement-tracking patronized by the advertising industry. “The rush to provide this data publicly demonstrates just how prolific this third-party tracking system is,” privacy researcher and former FTC Chief Technologist Ashkan Soltani told MLex. Even if pseudonymized, location data can easily reveal the identity behind the movements as smartphone owners carve unique paths through their surroundings.
Smartphone makers Apple and Google don’t depend on tracking firms to gather geolocation data, of course — they can get it directly from the phones themselves. But even manufacturer data has its limits. For all their apparent universality, urban and rural disparities in smartphone ownership still persist. Smartphone-derived data can also leave behind already underrepresented groups including immigrants, which data shows have a substantially lower rate of smartphone adoption.
The geolocation data ecosystem is “fragmented and essentially biased,” said Jay Stanley, a senior policy analyst with the ACLU, during a recent press call.
— Legal protections for location data—
American law restricts how much information about its residents the federal government can compel companies into giving, at least without first going to a court.
That’s especially been the case since the 2018 Supreme Court decision in Carpenter v. US has required the federal government to seek a warrant when seeking more than six days of cell tower-derived location information from telecom providers. Cell tower location information is typically less precise than GPS, but even that lesser level of precision led Chief Justice John Roberts to warn about how smartphone geolocation tracking offers “an intimate window into a person’s life."
But there’s nothing in current statute preventing the government from simply buying location data — which it can do and does. The Stored Communications Act of 1986 allows online service providers to sell “non-content” information including location data to other businesses. A data broker not covered by the Stored Communications Act is free, in turn, to disclose such data to the public sector.
“The legal regime is wholly inadequate to protect that information,” said Greg Nojeim, a senior counsel at the Center for Democracy and Technology.
— Bluetooth proximity warnings —
An alternative to location information, which requires an absent smartphone capacity for geolocation precision and accuracy, is to instead monitor for whenever a smartphone comes within a proximate area of a known coronavirus patient.
The idea, which Apple and Google have seized on, is for smartphones to voluntarily exchange interoperable anonymous, randomized Bluetooth signals containing an identifier that changes roughly every quarter-hour.
As a privacy-protecting measure, Apple and Google don’t propose creation of a centralized database to warehouse the signals. Identifiers will be kept on the smartphones themselves. The two tech giants say they will grant public health authorities app-based access to the on-device Bluetooth-derived identifier database. Once an individual comes down with a verified case of novel coronavirus, he or she could activate the local public health authority’s app to upload the identifiers stored on the phone, notifying other smartphone owners holding corresponding identifiers that they were in relatively close proximity to a patient.
Bluetooth identifiers won’t contain identifying information, Apple and Google say. They also say they’re working with public health authorities on ways to prevent malicious reports of coronavirus infection from triggering proximity warnings. One possibility would be accompanying testing results with a QR code the victim must scan before the app could release proximity warnings to others.
Such heavy emphasis on privacy by companies not always known for scrupulously honoring it has earned tentative support from privacy advocates, who nonetheless caution that public health authorities building apps to interface with the Bluetooth signals could layer in their own set of privacy-destroying location trackers.
Even more fundamentally, privacy advocates warn that Bluetooth tracking carries the potential for under- or over-reporting exposure to coronavirus, since proximity is an imperfect proxy for exposure.
“There will be people that you encounter which will not be detected by the Bluetooth, either because the signal was too weak, or because you were not in their proximity long enough,” said Robbert van Eijk, managing director of the Future of Privacy Forum European operations.
Conversely, two people may come into contact but their risk is minimal since they both wore protective gear or were separated by a barrier.
Too frequent episodes of either outcome risk undermining public trust in smartphone-assisted pandemic apps. Over time, people tend to discount risk alerts, particularly if the threat doesn’t materialize. Should the system also not capture enough risky situations, its effectiveness will come into doubt – putting into jeopardy the 80 percent adoption by smartphone owners that Oxford scientists estimate would be necessary for stopping the pandemic through automated contact-tracing apps.
“If you ask me whether any Bluetooth contact tracing system deployed or under development, anywhere in the world, is ready to replace manual contact tracing, I will say without qualification that the answer is, No,” warned Jason Bay, senior director of Singapore's Government Digital Services, in an official blog post.
Singapore has built a much-lauded, voluntary contact tracing Bluetooth-based app. But its value, warned Bay and the government in a white paper, comes from bringing humans into the risk decision process.
“We caution against an over-reliance on technology,” the white paper said.