How Coronavirus Could Test California's Commitment To Privacy

By Ben Christopher, From CalMatters:

With contact tracing apps in the works, how much personal data are you willing to trade away for a return to life as it was before the pandemic?

You’re racking your brain. It’s a few months from now and though the state has eased up on its shelter-in-place order, social distancing is still the norm. And you’ve been so careful. No parties, no travel, constant hand-washing.

And yet, your phone pings with the following notification:

“You have been possibly exposed to someone who you have recently been in contact with, and who has subsequently self-reported as having the virus.”

Where did the offending pathogen come from? Was it that ill-advised hug of a friend? Did that grocery store cashier cough into his hand before handing you your receipt? It’s impossible to know, but the app seems so confident.

In this way and in so many others, your phone knows more about you than you do.

The example is fictional for now, but hardly far-fetched. Google and Apple already have a contagion tracking system in the works. That means Californians may soon be turning to their smartphones and other devices to help them navigate the post-COVID era. When they do, they’ll be confronted with a new set of old questions: How much data are we prepared to give away? Who will have access and how will they use it? And how much of our privacy are we willing to trade for a return to life as it was before the pandemic?

“We have been provided all kinds of platforms and apps in the space of tracing,” Gov. Newsom said at Wednesday's daily COVID-19 press briefing. He added that a team of technical advisors including Todd Park, the Obama administration’s chief technology officer, would soon develop an apps recommendation.

California is in a long-term love-hate relationship with privacy. This is the home of Silicon Valley, birthplace of the modern data-harvesting economy, where multibillion-dollar corporations deployed business models based on vacuuming up, packaging and selling your every like, share and purchase.

But despite — or maybe because of — that distinction, the state also two years ago passed the strictest, most comprehensive consumer privacy law in the country, which the state Attorney General’s office is to start enforcing this summer. Privacy proponents have gathered signatures to put an even stronger initiative on the November ballot.

Now the coronavirus pandemic is generating calls for an unprecedented expansion of the state’s public health surveillance system. Experts have urged governments to hold off on lifting social distancing decrees until they’ve built up the capacity to monitor, track down and isolate new infections. How California takes privacy into account in the process is profoundly important, said UC Berkeley bioethicist Jodi Halpern.

“California is not only a leader in the U.S., it’s a leader in the world on privacy,” she said. “It will be the model.”

Contact tracing coronavirus? There’s an app for that

Last week, Newsom announced that his office would be watching six metrics to determine when to relax the stay-at-home order he first issued on March 19. The first indicator: whether the state can rapidly identify and track down new cases.

Contact tracing is at the center of that strategy. It requires tracking down every infected person’s most recent contacts — every friend, family member and barista they’ve potentially swapped germs with since becoming contagious — and then making sure all those people get tested and, if necessary, isolate themselves.

But contact tracing is labor intensive, typically requiring a lengthy interview between a subject and a public health investigator. The interviewee might forget details or intentionally omit them. And because someone with coronavirus can remain asymptomatic for days before developing symptoms — if they develop symptoms at all — this new virus is particularly tricky to contain.

The bigger concern is the existence of a database like this that would be a whole new form of surveillance.”
Tina White, Stanford artificial intelligence researcher and executive director of Covid Watch

“Manual” contact tracing “is too slow, and cannot be scaled up once the epidemic grows beyond the early phase, due to limited personnel,” wrote a team of Oxford University researchers in the journal Science late last month. “We suggest that…a mobile phone App implementing instantaneous contact tracing, could reduce transmission enough to achieve…sustained epidemic suppression, stopping the virus from spreading further.”

Earlier this month, Google and Apple announced a plan to do exactly that. In an almost unheard-of collaboration, the two California tech rivals say they’ll work to create a phone-to-phone contact tracing system to help citizens and public health officials track new hotspots. And unlike contact tracing apps that have been deployed around the world, the plan has earned the cautious backing of some privacy rights advocates.

Most public health experts argue a contact tracing system will only be effective if mass diagnostic testing is first made available. They also argue that an app can’t replace the work of trained public health investigators. “Making phone calls, while old fashioned, is the best way to do what we have to do,” Mike Reid, a UCSF infectious disease specialist who is leading San Francisco’s contact tracing program told NPR.

But there is hope from some circles that it can complement that work.

“Digital technology isn’t going to be the thing that beats COVID-19 on its own,” said Adam Conner of the Center for American Progress, a center-left national think tank, who co-authored a report on how policy makers can make use of digital contact tracing tools without jeopardizing the right to privacy. But it could help “alleviate stress” on a public health system under enormous stress.

“Voluntary, strongly encouraged, and well-designed digital contact tracing systems could play a key role in allowing the public to take the appropriate measures to prevent another outbreak—alerting residents if they’ve been near someone who tests positive, helping them understand where to get testing, and providing them with needed guidance from public health officials in their area,” the report reads.

This is the type of conversation, Conner said, that Californians should get used to having in the months, and perhaps years, to come.

Will barcodes prove we’re safe to work, ride or fly?

Presume a reliable serological test has been developed that can tell whether someone has already been infected — and therefore may be immune to new infection. Will California consider developing an “immunity certificate” system, allowing only those select individuals to fly on airplanes or hold high-exposure jobs? Will citizens be required to scan a barcode on their phones to prove that they are healthy enough to enter a public building or ride a bus, as they are now in China?

“Any limitations on people’s civil liberties should be justified robustly by scientific evidence,” said Jacob Snow, an attorney with the American Civil Liberties Union in Northern California. “That’s true whether you’re talking about shelter-in-place orders or whether you’re talking about some system of identifying people who can do certain jobs. And as we deal with this public health crisis, we need to be mindful of how policies can be vectors for discrimination — and we need to ensure that that doesn’t happen.”

App-assisted COVID-hunting has become common in the pandemic era. Few would pass muster with the ACLU.

In South Korea, public health authorities merge smartphone location data of COVID-positive patients with their credit card records and public closed-circuit TV footage before blasting out revealing reports, “Amber Alert” style, to everyone who lives or works nearby. Personal details about a new case include age, gender, occupation, social distancing behavior or lack thereof, purchase history and whether the individual recently attended any “love motels” or sexual harassment training courses.

The Israeli government has authorized the state security service to begin trawling its vast database of cellphone metadata, secretly assembled to combat terrorism, in order to monitor COVID-19 cases.

In Taiwan, those under mandatory quarantine are tracked by GPS. Those who appear to stray from their apartments or shut off their phones can expect police at the door within an hour.

Extraordinary times “but human rights law still applies”

In response, 110 international organizations including Amnesty International warned in an open letter earlier this month against epidemiological campaigns being “used as a cover to usher in a new era of greatly expanded systems of invasive digital surveillance…these are extraordinary times, but human rights law still applies.”

But during a public health emergency, balancing the demands of public health and the right to privacy can be a challenge, even for some privacy advocates.

“Every time he opens his mouth, what runs through my head is: We need more surveillance.”
Former Employee of the Electronic Privacy Information Center, to Protocol

Marc Rotenberg, president of the Electronic Privacy Information Center, a Washington D.C.-based advocacy group that co-signed the open letter, reportedly failed to mention to any of his colleagues that he had been tested for COVID-19. When the test came back positive, the entire staff was ordered to self-isolate.

“He’s out there saying privacy trumps surveillance,” a former employee told Protocol. “Every time he opens his mouth, what runs through my head is: We need more surveillance.”

The appetite for more surveillance may be especially limited in California. In 2018, state lawmakers passed the California Consumer Privacy Act. The law gives residents the right to see what companies know about them, to have that data deleted and to request that it not be sold to third parties. That followed another first-in-the-nation law from 2004, which forces data-gathering companies to post detailed privacy notices.

These laws aren’t likely to prevent a public health agency from gathering coronavirus-related data, but they speak to the California’s aggressive tack when it comes to privacy issues, said Joseph Guzzetta, a cybersecurity lawyer with the San Francisco law office Severson and Werson.

“There certainly is an ideological conflict,” he said. “This is going to test how committed we are as a state to privacy as a concept.”

The Google and Apple project may have found a way to skirt that conflict altogether.

The two companies plan to build their contact tracing system around Bluetooth technology — the same low-range system that allows you to pair a smartphone to speakers or link a computer to a wireless mouse or keyboard.

The anonymity of Bluetooth for coronavirus tracing

According to a white paper put out by Google and Apple, the new system would allow each phone to keep a running log of all the signals it receives from other phones that come within a certain distance. Of vital importance to privacy advocates, these “chirps” would be identified by a unique string of constantly changing digits. All those swapped codes would be stored on the phone itself, inaccessible to anyone else.

In other words, every time app users have an insufficiently “socially distanced” interaction, their phones would add that interaction to a private, nameless list. If one app user were to then test positive for COVID-19, the individual or perhaps that person’s doctor could plug that information into a central system, comparing the phone’s internal contact log to those submitted by other phones and sending “get yourself tested” notifications to all the phones that match.

Privacy advocates say a Bluetooth system has an advantage over other remote tracking methods that use GPS or cell phone tower data. For one, Bluetooth signals don’t contain location-based information. Your phone would not be able to name the bar or the particular evening when two phones were in close proximity to one another — only that at some point they were close enough to chirp at each other.

Bluetooth can also be more accurate — to a point — than other location technologies, which may get confused inside buildings or in rural areas.

And rather than feed every possibly infected person’s information into a central database, the system would alert those who have been affected directly, giving them a number to call to get tested. Less contact tracing than contact nagging.

It’s certainly less invasive, but it also could be less effective if people choose to ignore the warning. That’s a worthwhile tradeoff, said Tina White, executive director of Covid Watch and an artificial intelligence researcher at Stanford University. Earlier this year, White began working with researchers and programmers in Canada, Australia and Romania to launch a Bluetooth-based decentralized contact tracing system very much like the one announced by Apple and Google.

“The biggest concern,” White said of a more centralized system, “isn’t necessarily that you could track down the exposed people. The bigger concern is the existence of a database like this that would be a whole new form of surveillance.”

Singapore, France and Australia all have or are currently developing Bluetooth-based contact tracing apps that collect user data in a central server, giving public health authorities access to data about those who have been infected and their contacts.

“No country has really adopted a decentralized model yet,” said White. “There’s still this sort of battle happening.”

What if privacy-concerned Californians opt out?

Google and Apple would not be producing their own app, but handing off this technology to public health authorities to serve as their application’s foundation. It’s unclear whether public health agencies would be allowed to tack on additional data collection functions, to the chagrin of privacy advocates.

But there is a limit to how effective these apps are. In Singapore, which developed its own contact tracing application, TraceTogether, only 1 in 5 of the island city-state’s residents have downloaded it. Experts estimate that 60% – 80% of the phone-toting public must have such a system installed to be of any use.

That might be less of a concern with a project jointly managed by Google and Apple, two companies that happen to run operating systems on the vast majority of the world’s phones — Androids and iPhones. The companies said in a press release that they will have the technology developed by May, but plan to automatically place the service on future updates of their respective mobile operating systems. Users would have to opt-in, they said.

People might be more likely to use such an app if their privacy is guaranteed, said Conner from the Center for American Progress.

“If you follow the Apple and Google model now, you could build this in a relatively privacy-protecting way,” he said. “The value proposition of an app that allows you to learn if you’ve gotten near to someone with COVID-19” —potentially saving your life in the process — “is pretty compelling.”

CalMatters.org is a nonprofit, nonpartisan media venture explaining California policies and politics. Sign up for our newsletters and follow us on Facebook, Twitter and Instagram.