Can Tech Track the Virus Without Shredding Privacy?

(Bloomberg) -- When Apple Inc. and Google announced they were jointly building tools to help limit the spread of the coronavirus, a debate about the benefits of such technologies and their drawbacks suddenly became much more concrete for users in the U.S. and Europe. Countries in Asia had been turning to technology since the early days of the outbreak, including with some applications that went further in drawing on personal data.

1. What are Google and Apple doing?

Apple and Google, a division of Alphabet Inc., are building a tool for the 3 billion users of their phones, one that would use Bluetooth wireless technology to allow public health agencies to track what phones come near each other. When users report via a public health agency’s app to having become infected with the coronavirus, the app would notify anyone whose phone had been in close contact during the previous several days. In theory, that could allow much faster tracking of those who may have been exposed and steer them to get tested or enter quarantine.

2. How would privacy be protected?

People would have to choose to register with such apps, no geolocation data would be used and the owner of the app would not have access to any personal data. The technology also won’t notify users of the identity of any potential contact, or where that exposure happened. Here’s how they would work: Phones that connect via Bluetooth and remain in contact for at least a few minutes exchange anonymous identifiers. These digital keys change every 15 minutes or so and remain on these people’s devices to preserve privacy. When an infection is reported, the app sends a notice to all phones that shared an identifying code with the infected person’s phone during the crucial timeframe.

3. Has this been tried elsewhere?

Yes. Singapore introduced a voluntary Bluetooth-based tracking system in March; 1 million people, or about one-sixth of the population, signed up within 10 days. South Korea went further: it has used location data from three mobile carriers and transactions from 22 credit-card issuers to decrease the tracking time of potentially infected individuals to 10 minutes. The system also allows the public to see all the locations a newly infected person visited before being diagnosed.

4. How else has tech been used in the pandemic?

In Hong Kong, anyone arriving via the international airport must now wear an electronic wristband that signals when the wearer steps outside of predetermined boundaries during a 14-day quarantine. Taiwan implemented a similar so-called electronic fence. The Israeli government has authorized Shin Bet, the internal security service, and the police to break into the phones of anyone who is suspected of carrying the virus. But in terms of what’s been put into practice, no country has gone so far as China.

5. What has China done?

Chinese authorities have employed facial-recognition software and location-tracking programs to identify people who are found to have fevers, who are directed to testing. Officials monitor quarantine violators by placing QR codes on people’s phones that light up a certain color on mobile phone screens, based on a person’s health status and contacts with people who have tested positive for the virus. Only those with a green code can move around freely; reds are restricted.

6. What else is in the works?

Some of the biggest U.S. companies are taking a very different approach. Facebook Inc. is sharing aggregated user location data, stripped of identities, with researchers and non-profits studying the pandemic, and Google is publishing “Community Mobility Reports” that show trends in traffic to grocery stores, parks, transit stations and offices in 131 different countries and regions. It’s based on the “location history” feature on Google Maps and other services. Palantir Technologies Inc. has offered governments free use of its software for aggregating test results, predicting infection clusters and managing the medical supply chain. More than a dozen have taken the offer, including Austria, Spain, Greece, Canada, the U.K. and the U.S. Developers in the U.K., Germany and elsewhere are working on mobile phone apps to help track progression of the virus. In March, the EU’s Industry Commissioner Thierry Breton reached an agreement to have telecom operators provide aggregated and anonymized mobile phone location data to analyze mobility patterns, allowing researchers to assess confinement measures.

7. What kind of resistance have these efforts met?

In South Korea, the avalanche of information the government initially published laid bare people’s daily lives, prompting the closing of restaurants where victims reportedly ate before they were hospitalized. Two people taunted on social media for having an affair because the data showed they were at the same hotel at the same time turned out to have been there for a church gathering. After a rebuke from South Korea’s human rights commission, the government changed the way it releases information and issued new guidelines to protect privacy rights. In China, the government promised to increase privacy measures after criticism about the release of the identities of coronavirus patients. Singapore promised that data from its tracker would be erased after six months.

8. What about Europe’s tough privacy laws?

Data protection in the EU’s 27 nations is regulated by one of the world’s strictest privacy laws, the General Data Protection Regulation (GDPR). Overstepping some of its main provisions, such as the obligation to seek a user’s consent before processing their personal data, can lead to fines of as much as 4% of a company’s global annual sales. But EU data protection authorities have made it a priority to come out as quickly as possibly with guidance to make sure technology is used in a responsible way in the battle against the coronavirus pandemic. GDPR includes a number of exceptions, such as the need to process info on people “for monitoring epidemics and their spread.” This can also justify the use of more “invasive measures,” as long as they are proportionate, EU data protection regulators said.

9. How about in the U.S.?

Reaction has been muted, reflecting both the severity of the country’s outbreak -- the U.S. now has more deaths from Covid-19 than anywhere else -- and the pledges by Google, Apple and others to keep data anonymous. But along with privacy and trust concerns, the American Civil Liberties Union has pointed to challenges including the availability of widespread and free testing to complement the public health agencies’ apps, as well as access to mobile phones and other wireless devices. Others worry about what might come next as more tech firms get involved. Another concern: that pressure to act decisively against the pandemic right now could erode privacy measures in the long term.

©2020 Bloomberg L.P.