Contact tracing is working in South Korea and Singapore. But it raises privacy issues.
It’s a cool fall evening in September 2020. With a bottle of wine in hand, you slide into the front seat of your car to drive to a dinner party with close friends. It’s been eight months since you’ve seen most of them, at least outside of a computer screen.
As you’re pulling out of the neighborhood, you feel your phone buzz. It’s an alert from the new agency overseeing the coronavirus outbreak. On the lock screen, you can read the words “be advised.” Your heart sinks as you unlock the phone to read the rest of the message:
We have determined that in the past few days, you may have interacted with somebody who has recently tested positive for COVID-19. There is no need to panic. But for the sake of your family, friends, and neighbors, we are relying on your support. As soon as you can, please …
You stop reading. You know the drill. You turn off the car, walk back into the house, and open the wine. It will be a bottle for one. Another spell of self-isolation begins now—or at least until you can get tested to prove that you don’t have the coronavirus.
This could be a vision of the country’s future. It is a world in which many businesses go back to normal, millions of people return to work, and social-distancing measures are relaxed, as we anxiously navigate a purgatory between the virus’s early-2020 outbreak and its possible resurgence.
It is also a world in which the return to normal is predicated on the introduction of a novel technology. Millions of Americans—many of whom might be deeply skeptical of government surveillance, or Big Tech—may become participants in a national project to track their own movements and interactions, to help public-health experts map out the spread of an invisible enemy.
This is the world of “test and trace.”
In the past month, the coronavirus pandemic has necessitated a deep freeze of U.S. activity. Storefronts are closed, millions of Americans have lost their jobs, and millions more are putting their health at risk in hospitals and grocery stores. This modern nightmare may not truly end until a reliable antiviral treatment or COVID-19 vaccine is widely available.
Until that day, which may be a year or two away, our best hope in the fight against the coronavirus is to play a game of sophisticated Whack-a-Mole that often goes by the name of “test and trace.”
Most readers might have an image of what the testing half entails, with those long nasal swabs that practically scrape the edge of our frontal lobe. The tracing half of the equation is less understood. But it is more likely to leave its mark on American politics and society.
In its most basic form, tracing—otherwise known as tracking, or contact tracing—means identifying all the recent interactions of sick individuals to determine whom they might have infected. Testing plus tracing can besiege the virus, starve it of new bodies, and return the world to its previral routine, or something like it.
Until recently, tracing relied on an old-fashioned technology: interviews. To stop the spread of Ebola, authorities from the Centers for Disease Control and Prevention asked sick people to list recent interactions with family, friends, and businesses. That interview would produce a list of contacts, who would be monitored for illness for several weeks. The state of Massachusetts recently announced plans to hire 1,000 people to do these sorts of contract-tracing interviews.
But that old-school approach might not be enough. People have faulty memories about who or what they’ve touched, or where they’ve been. More important, person-to-person interviews might be too slow to arrest a national pandemic accelerating through a population.
The solution? Your phone.
Our cellphones and smartphones have several means of logging our activity. GPS tracks our location, and Bluetooth exchanges signals with nearby devices. In its most basic form, cellphone tracing might go like this: If someone tests positive for COVID-19, health officials could obtain a record of that person’s cellphone activity and compare it with the data emitted by other phone owners. If officials saw any GPS overlaps (e.g., data showing that I went to a McDonald’s hot spot) or Bluetooth hits (e.g., data showing that I came within several feet of a new patient), they could contact me and urge me to self-isolate, or seek a test.
Ramesh Raskar, a computer scientist at the MIT Media Lab, is working on an app that uses GPS to create maps showing the movements of people recently diagnosed with COVID-19. “In an early version, you might see a map with hot spots—2 p.m. at Starbucks, 3 p.m. at the library—that would tell you where people with the disease had recently been,” Raskar told me. “All the government has to do is demand that every test facility release the trails of infected people in an anonymous manner, so that healthy people know where to avoid.”
For privacy advocates, “Waze, but for the sick” might seem harvested from their darkest nightmares. But Raskar is emphatic that his code is open source—“every part of the code should be visible to everybody, every day”—and that no government or tech company would have exclusive control over a centralized database that it could abuse. Users wouldn’t learn anything else about the infected person, such as age or sex.
The technology and privacy challenges of tracing will nonetheless be complex, and could normalize a level of surveillance that might seem totalitarian. If we want to get it right, we should learn from the experiences of other countries. In eastern Asia, tracing has already become a part of daily life. To see a glimpse of America’s future—and to anticipate some of the worst excesses of the technology—it’s useful to briefly review how tracing works across the Pacific.
Let’s start with China, where citizens in hundreds of cities have been required to download cellphone software that broadcasts their location to several authorities, including the local police. The app combines geotracking with other data, such as travel bookings, to designate citizens with color codes ranging from green (low risk) to red (high risk). High-risk individuals can be banned from apartment complexes, offices, and even grocery stores. Many human-rights advocates fear that what has been rolled out as a public-health app is moonlighting as a tool of government espionage and mass discrimination.
Next, let’s look at South Korea, a democracy that has arguably been more successful than any other in containing the spread of the virus. The government uses several sources, such as cellphone-location data, CCTV, and credit-card records, to broadly monitor citizens’ activity. When somebody tests positive, local governments can send out an alert, a bit like a flood warning, that reportedly includes the individual’s last name, sex, age, district of residence, and credit-card history, with a minute-to-minute record of their comings and goings from various local businesses. “In some districts, public information includes which rooms of a building the person was in, when they visited a toilet, and whether or not they wore a mask,” Mark Zastrow, a reporter for Nature, wrote. “Even overnight stays at ‘love motels’ have been noted.”
New cases in South Korea have declined about 90 percent in the past 40 days, an extraordinary achievement. But the amount of information in South Korea’s tracing alerts has turned some of its citizens into imperious armchair detectives, who scour the internet in an attempt to identify people who test positive and condemn them online. Choi Young-ae, the chair of South Korea’s Human Rights Commission, has said that this harassment has made some Koreans less willing to be tested.
Singapore offers perhaps the most likely model for the West. Residents can download an app called TraceTogether, which uses Bluetooth technology to keep a log of nearby devices. If somebody gets sick, that user can upload relevant data to the Ministry of Health, which notifies the owners of all the devices pinged by the infected person’s phone.
“Bluetooth is much better than GPS at tracking actual contacts, and it gives a good picture of which phones come close to each other,” says Ulf Buermeyer, a privacy advocate, an officer at the Berlin Department of Justice, and the president of Germany’s Society for Civil Rights. “The downside of Singapore’s app is that you have to register with your phone number. When a person is found infected with the disease, the authorities can easily match the IDs with associated home numbers and impose restrictive measures directly on these people.”
Germany, which is helping to lead Europe’s tracing efforts, is looking to tweak the Singaporean model in a way that might make it more amenable to Western sensibilities. Buermeyer told me that one possibility is to program phones to broadcast a different ID every 30 minutes. So, for example, if I went to Starbucks in the morning, my phone would broadcast one ID over Bluetooth to all the other phones in the café. An hour later, at lunch with a friend, it would broadcast a different ID to all the other phones at the restaurant. Throughout the day, my phone would also receive and save IDs and log them in an encrypted Rolodex.
Days later, if I were diagnosed with the coronavirus, my doctor would ask me to upload my app’s data to a central server. That server would go through my encrypted Rolodex and find all of the temporary IDs I had collected. An algorithm would match the temporary IDs to something called a push token—a unique code that connects each phone to the app. It could then send each phone an automated message through the app: please be advised: We have determined that in the past few days, you may have interacted with somebody … At no point in this entire process would anybody’s identity be known to either the government or the tech companies operating the central server.
This brief global tour of tracing technology provides at least three lessons.
First, test and trace seems to work—period. Singapore and South Korea are very different countries from each other and from the U.S. But they have learned from previous outbreaks. Through tracing, both countries have reduced COVID-19 deaths much more successfully than many similarly dense U.S. cities.
Second, the sheer amount of information made available by tracing apps will be tantalizing for power-hungry governments and data-hungry corporations to monopolize. A tracing app made necessary by the pandemic cannot become an indefinite surveillance system run by some occult government agency.
Third, the virus creates a dilemma of data. At the moment, what we don’t know—who is infected, and where they have been—can kill us. Test and trace offers a road out of ignorance. But the more we seek to learn about the sick, their locations, and their contacts, the more we begin to infringe on the privacy of patients and businesses.
For the past few years, privacy advocates have criticized advertising giants such as Google and Facebook for following us around the web and harvesting our data to anticipate future behavior. Whether you found these critiques compelling or overwrought, the accusations certainly apply to tracing technology. It is easy, then, to imagine how some test-and-trace apps might be tarred as “swabs and surveillance” and rejected outright.
But while online advertising technology might mislead consumers about the nature of the task at hand, the aim of smartphone tracing is straightforward: This is software to tell you whether your cellphone signal or daily routine intersects with a viral contagion that is killing people and destroying the economy.
The pandemic has already required Americans to embrace extreme behavior in the name of saving lives. Tens of millions of Americans are living under house arrest. Many chief executives and entrepreneurs have said they agree with a government mandate to shut down their businesses. In these strange times, common rights that once seemed nonnegotiable have been suddenly renegotiated. Compared with our life just six weeks ago, smartphone tracing might seem like a violation of our dignity and privacy—and compared with our life six years from now, I hope it will be. But compared with our present nightmare, strategically sacrificing our privacy might be the best way to protect other freedoms.
“I am a privacy advocate, but I don’t hold privacy as an absolute value,” Buermeyer told me. “Privacy has to be balanced in context with other human rights. Life and health, I think, are important human rights.”