Uncategorized

The New Scarlet Letter

By KIM BELLARD

This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.

If you live in one of the jurisdictions that have imposed stay-at-home requirements, you’re probably making your essential excursions — grocery store, pharmacy, even walks — with a wary eye towards anyone you come across.  Do they have COVID-19?  Have they been in contact with anyone who has?  Are they keeping at least the recommended six feet away from you?  In short, who is putting you at risk?   

Well, of course, this being the 21st century, we’re turning to our smartphones to help us try to answer these questions.  What this may lead to remains to be seen.

We long ago seemed to shrug off the fact that our smartphones and our apps know where we are and where we have been.  No one should be surprised that location is of importance to tracking the spread of COVID-19.  No one should be surprised that it is already being used.  We may end up being surprised at how it will be used.

Baidu coronavirus map app (Qilai Shen/Bloomberg News)

Last week Israel granted its domestic security agency emergency powers to track the mobile phone data of people who have (or may have) coronavirus.  The intent is for the health ministry to track whether such persons are adhering to quarantine rules, and possibly to alert others who had previously come in contact with them.    

China is using the AliPay Health Code to assign color codes to individuals based on their known health status — green, yellow, red.  No one is admitting exactly what the codes mean or how they are determined, but The New York Times did an analysis that:

found that the system does more than decide in real time whether someone poses a contagion risk. It also appears to share information with the police, setting a template for new forms of automated social control that could persist long after the epidemic subsides.

The system is used in real time to determine, for example, who can board mass transit or use public housing.  It is being rolled out nationwide, despite the lack of transparency about how the codes are determined, used, or updated.  As one citizen told The Times: “Alipay already has all our data. So what are we afraid of? Seriously.”

Seriously.  

Singapore has developed a tool — TraceTogether — that uses Bluetooth to track whose phones have been in close contact, and for how long.  If someone then tests positive for COVID-19, the health ministry can easily determine who has been in contact with them.  It supposedly does not collect name or even location, but the health ministry can identify individuals if deemed “necessary.”  The government is making the technology freely available to developers worldwide.  

South Korea is using smartphone data to create a publicly available map of movements of known coronavirus patients, and aggressively message those who might have come in contact with them.  As The Times also reported:

South Koreans’ cellphones vibrate with emergency alerts whenever new cases are discovered in their districts. Websites and smartphone apps detail hour-by-hour, sometimes minute-by-minute, timelines of infected people’s travel — which buses they took, when and where they got on and off, even whether they were wearing masks.

Unfortunately, the information about their movements is having significant ripple effects, disclosing destinations users might have preferred not be public, or attaching a stigma to places they frequented. One person told The Guardian: “I thought I only had to protect my health, but now I think there are other things more scary than the coronavirus.”

In the U.S., volunteers from several big tech companies built covidnearyou, which allows people to self-report such facts as any symptoms, travel history, or exposure to people who have tested positive.  Anyone can then use their map to determine if there are affected individuals near them.  

MIT’s Media Lab has developed Private Kit: Safe Paths, “An app that tracks where you have been and who you have crossed paths with—and then shares this personal data with other users in a privacy-preserving way.”  Unlike efforts in some other countries, the data is encrypted and does not go through a central authority.  MIT Technology Review says:

This lets users see if they may have come in contact with someone carrying the coronavirus—if that person has shared that information—without knowing who it might be. A person using the app who tests positive can also choose to share location data with health officials, who can then make it public.  

Going one step further, two San Francisco hospitals have developed a smart ring that is “able to detect body temperature and pulse.”  It is aimed at health care professionals and workers, such as ER doctors, as an early indicator of COVID-19 exposure.  It’s probably only a matter of time before laypersons demand a version.

One can easily imagine such a smart ring being connected to a smartphone app, perhaps even generating a color code, and broadcasting the individual’s status and location to others worried about potential exposure.  I bet Alibaba would be happy to help.

Everything else being equal, it’s good to know who represents a risk to us.  Typhoid Mary became Typhoid Mary because people around her didn’t know she was a carrier.  It would be in the public benefit to ensure that people can get warning about other people who are most likely to be infectious with COVID-19.

That being said, everything else is not equal.  We don’t have a good understanding of when people with COVID-19 are most infectious, how COVID-19 is most likely transmitted, or how exposure to such people increases risk of third-party transmission.  Tagging people and then broadcasting that tag, along with location and even identity, could put people at risk of discrimination (e.g., refused service or contact) and even attacks.  

As one privacy expert told The Times: “That could extend to anyone, to suddenly have the status of your health blasted out to thousands or potentially millions of people.  It’s a very strange thing to do because, in the alleged interest of public health, you are actually endangering people.”

And we need to bear in mind that whatever technology we bring to bear on this public health problem could subsequently be used for other problems, public health or other.  We increasingly live in a surveillance society, and that can be to our benefit — or to our detriment.  We don’t always realize the slippery slope we’re on until the slide has become irreversible.  

I’m all for using technology to address public health crises.  I’m just not clear what the ultimate price we’re going to have to pay for that, and that makes me nervous.  

Kim Bellard is editor of Tincture and thoughtfully challenges the status quo, with a constant focus on what would be best for people’s health.