COVID–19 Contact Tracing App: Are You Concerned About Your Privacy?
“Hello, my name is Sarah and I am calling on behalf of the Public Health Agency of Canada regarding a potential COVID–19 exposure in your household. Our records show that a member of your household may have been in close contact recently with a person who have now tested positive for COVID–19. Could you please hand over the phone to John Doe so I can have a conversation with him to better understand the situation? …”
In this imaginary phone call we are entering the realm of traditional contact tracing. It is done by trained interviewers (the Contact Tracers). Information gathered through the conversation¹ is documented and reviewed by Case Investigators, who then generate a list of persons for the Contact Tracers to contact. This process continues until it reaches the point that further expansion of the tracing is deemed unnecessary as the risk of having a viral transmission outside of the tracked group is lower than a predetermined threshold.
It may have become quite obvious to you that the list of persons need to be contacted grows exponentially. With more and more identified cases (i.e. tested positive for the virus) the size of the list would soon become unmanageable. This is why some experts say we need a tool to help us to track and report these potential exposures so resources and assistance (e.g. tests) could be directed with better focus on those who most need them.
On the other hand, talking to an interviewer will give you the opportunity to decide whether or not you want to share certain information which may be sensitive or private to you, while an automated “tracking” software may take this liberty away and just report on every detail. This is the fear (and many misunderstandings, shall I say) around the recently released COVID–19 Alert², the Canada’s official COVID–19 exposure notification app.
(Just after I published this I came across Global Commoner’s article that provides a great overall introduction of the COVID-19 Alert app. You can read more about this app here.)
How Does It Work?
Under the hood, the COVID–19 Alert app uses the new technical solution Apple and Google jointly proposed and implemented for automated contact tracing. Some high-level understanding to this technology will be helpful in addressing the privacy concerns. You can read its full specification³ if you need more information.
The following are the key lines that would help relieving the worries from privacy-conscious people. Myself, being one of these people, did my own research before choosing to trust this technology. In a nutshell, the new technology:
- It uses Bluetooth signals, not GPS.
The Bluetooth⁴ technology is a short-range communication standard. Its typical effective range is less than 10 meters (33 feet). Newer versions of Bluetooth specification also provide a “signal strength” indicator, allowing the communicating devices to estimate its proximity to each other. These features make Bluetooth a great solution for automated evaluation of whether close contact has happened between two device owners.
Moreover, unlike GPS⁵, Bluetooth alone can not be used to determine your exact location. Although in theory someone who knows your Bluetooth identity (e.g. your Bluetooth Address) could be able to set up a tracker and know you were in close range when the tracker picked up your Bluetooth signal, the Bluetooth specification in fact requires active randomization of your Bluetooth identity every few minutes. This makes Bluetooth tracking very difficult. This is especially true when combined with the next design we are going to discuss.
- It records randomized “tokens”, not the real information about the users.
With all the protection provided by Bluetooth specification this new technology goes one extra mile. It does not even record the Bluetooth identity of nearby devices. Instead, it records a set of randomly generated numbers from the nearby device while sending it its own set of random tokens for the nearby device to record.
These numbers change every 15 minutes; the recorded random numbers are only kept for 15 days… Apple and Google have applied a rigorous cryptography design to make sure it can not be used to track you.
When someone shares a positive diagnosis the software will then be able to look at its recorded history and see if it can find a match of those random numbers. If a match was found, you will be alerted that you were in close range to a person at a point in time in the past 15 days. However, it will not tell you exactly when, and it can not tell you where, preventing you from being able to identify that person who shared his/her diagnosis.
- It only shares a positive diagnosis when the user chose to.
A user who has been tested positive for COVID–19 must opt-in to share his/her diagnosis. The software does not know if and when you would be tested positive so it has no way of sharing that information by itself.
- When it shares diagnosis it only shares just another random token, not the user’s real information.
When you did choose to share that important diagnosis information (and all users of this technology, along with public health officials, will thank you for that), it is shared anonymously. You will only be sharing some random numbers that you device have generated in the past 15 days, nothing about yourself is shared. With the second point we have discussed above, others will not be able to identify who you are or where you have been.
What Else Should I Know And Be Concerned About?
With the above information I believe you would be as confident as myself to start using this new COVID–19 Alert app. That said, you still need be aware that there are some remote possibilities that your privacy may still be breached.
- First, Apple and Google created a design and implemented its underlying platform (i.e. an API) but they didn’t design, create and operate the tracking app.
The underlying technology is robust in protecting your privacy, but it doesn’t prevent the contact tracing app from abusing it. For example, if our government one day decided that this Bluetooth-based contact tracing technology is not enough, they could certainly add GPS tracking into this app and start to tracking your exact locations. Luckily, on most of mobile devices when some app wants to use your GPS, you would receive a notification asking for your permission for this action. So my recommendation is to keep your privacy consciousness and do not grant this type of permissions to the apps that you don’t want yourself be tracked with.
- Second, although a lot of thoughts have been put into designing an untraceable platform, in some rare cases you could still be identified.
This type of privacy breach would happen if you had a very simple daily routine and a very small contact circle. For example, we all know that the provinces are considering school reopening in September. I thought about if I should install the COVID–19 Alert on my daughter’s phone and have her bringing it to school everyday in case she got exposure from school. In this type of scenarios, if one of her classmates was tested positive and shared this diagnosis, and given the fact that the only activities they did in the past 14 days were going to school and staying at home, they would be able to identify who shared that diagnosis. (Jenny didn’t come to school today and I got an exposure notice…). If you fall into this category, I would still recommend you install the app so you could get exposure notifications, but think about the privacy implications before you choose to share your own positive diagnosis. (But again, all users including me will thank you for deciding to share that.)
Experts and public health officials are staying that the app will be more effective if more people are using it. Some estimate that as much as 60% of the population need to be using it while others put the estimate at as low as 15%.
Regardless which is the correct number, I believe we should all start using it to contribute to controlling and stopping this pandemic before it had further impact on the economy and our lives.
