Food for Thought About Apple and Google COVID-Tracing Technology
By Robin Cavanaugh
Robin Cavanaugh is chief technology officer of GetWellNetwork of Bethesda, MD.
The recent announcement by Apple and Google to move to the next phase of their contact tracing initiative is a positive step for both the general public as well as application developers and data users. Any effort to embed this type of capability directly into the OS of the mobile device — versus relying on a user locating, downloading, and registering an application — will result in a massive increase in the adoption rate of contact tracing. Further, lowering barriers to data exchange will likely have a positive effect on data collection and, in turn, help halt the transmission of current (or future) infections.
Contact tracing in countries like ours, where privacy cannot easily be bypassed by our government, is complicated for those wanting it and suspect for those who are being traced. Tracking and tracing, while preserving anonymity, require carefully architected controls and the lulling of a wary “what’s in it for me” public by extolling the virtues of these large datasets in a way that will clearly benefit them.
The initial phase of this contact tracing API, at least for Apple, was limited to government health organizations or developers who have been endorsed and approved by a government health organization. This was done to ensure the security and privacy of the data collected through this protocol.
Having just come from a visit to the state of Vermont for a college drop-off, I was witness to the low-tech solution implemented as an alternative to this technology, which was in place at every eating establishment we visited: “Hi, before we can serve you, please fill out your name, email address, and cell phone number on this piece of paper.”
Can I trust this kid earning minimum wage to safely process, store, and dispose of my personal information? Would I like fries with the spam I am undoubtedly going to receive as a result of this disclosure? Which of my enemies’ contact info should I use instead of my own?
These and many other questions caused me to wonder whether my privacy was worth the “world’s best double bacon cheeseburger?” I could imagine instead that this paper was collected by the staff and likely put in a large pile somewhere for later use. I had serious doubts that this information would be entered into any kind of searchable, accessible database, or that I would actually be notified should one of the many diners in this restaurant present with COVID-19 symptoms.
Manual processes such as these pose a significant privacy and security concern for all participants. Traceability and accountability for entities like Apple and Google that are collecting this data are critical to gaining the trust of the people, and to avoiding a tremendous amount of manual effort and false data. Instead, embedding this capability ubiquitously in the cell phone of every user with little or no action required by them to support it — coupled with a modicum of additional trust in those entities over an unregulated and ad-hoc process — will be a boon to the entire operation. Leveraging the contact tracing protocol as implemented by Apple and Google would be a significant improvement in a number of ways, including security, expediency, accuracy, and convenience.
As the need for this data evolves, and it can be safely and securely exchanged and leveraged by other organizations and entities, there are hundreds of uses that could be derived. As it relates to this pandemic, we could use the determined potential exposure not only as a data point, but as a trigger to educate people on what to do with this new realization that they could have been exposed.
We could help mobilize a user’s support and care circle to help ensure that they are following the required protocols. We could predict other likely exposure, not dissimilar to the “Six Degrees of Kevin Bacon” phenomenon, and arm users with means of notifying their community to help keep them safe. The data could be used to get ahead of the transmission model and help with deployment of PPE or planning for spikes in testing or visits to health centers or providers.
Certainly Apple and Google and others will need to ensure that the appropriate privacy controls are in place to avoid misuse of this information, but this is an important next step in the process. In short, more data, collected with greater ease across a wider base, can only lead to better outcomes.