Cell phone tracking for post-COVID-19 must be radical to be efficient
It is time to put aside some privacy principles — temporarily and with numerous guarantees — to alleviate lockdowns and try to restart the economy. But the widespread lack of confidence towards political leadership and Big Tech won’t help.
Last summer, at a workshop organized by Stanford’s CISAC, Michal Kosinski, a Graduate School of Business professor, reminded us o a few things about our digital footprint: in 2012, he said, the data output per person, globally, amounted to 500MB per day. Now, it is 62 GB. Then Kosinski mentioned that it takes only 10 “likes” for Facebook to know us better than our working colleagues, 100–150 to know us better than our friends and family and no more than 250–300 “likes” to be better than our spouse at anticipating our behavior. That’s just for Facebook. If you compound the data from our purchase history on Amazon and Google searches, we are surrounded by a swarm of thousands of our own data points.
Everyone who has been in the digital sector long enough remembers the case of Target supermarket in Minneapolis that detected a teenage pregnancy before her father did. That was in 2012, at a time each of us was spitting out 120 times fewer data than we do today.
I’m recalling this to put in perspective the reluctance for cell phone data tracking in critical times such as the global and deadly pandemic we are facing today.
We are already tracked and traced for purposes much more mundane than saving lives or restarting the crippled economy. We de facto consent to give up our data in exchange for questionable free services. Above all, we gave these multiple consents blindly with no idea whatsoever where and for how long these data will be kept, and if they will be sold to some obscure third parties. We only discovered accidentally the scope of our collective negligence when a spectacular scandal like Cambridge Analytica blew up.
Today, what’s at stake is way more dramatic and crucial for everyone’s future: how to restart the economy by allowing a large number of people back to work with a reasonable amount of risks.
I’m talking about a point positioned somewhere between those who demand an immediate and broad de-confinement of the population, and those who believe that harsher sanitary measures are still needed and that the economy will have to wait. (I’m not going to fuel this debate here, but maybe suggest this article from the MIT Tech Review, way too moderate to garner a large audience).
If the two camps diverge on the timing, both agree that lifting the lockdowns will have to be progressive and carefully planned to prevent any deadly resurgence of COVID-19 clusters.
Hence the question of using cellphone data to track the status and movement of people.
On Friday, Apple and Google came up with a solution based on “contact-tracing” technology. In short, it uses Bluetooth communications to assess the proximity of the individuals and keep an encrypted trace of their contact in case one of them turns out to be infected. Data might be uploaded to a cloud-controlled by health officials in the case that exposed people need to be contacted. That’s it. (Those interested in the technical details should read this excellent piece from the Electronic Frontier Foundation or this explainer in The Verge).
Apple and Google described the principle is this little cartoon:
For obvious reasons, both companies have limited their conceptual work down to the technological aspects: fine-tuning communications and encryption. Their system ends at an API, and it is up to the national or local administrations to do the rest. As it is, there is no GPS tracking, which is funny when you look at your Google travel history bouncing between points like this one:
That’s the basic stuff, but you can also create heatmaps of your life on the move by using Google’s Location History Visualizer.
But for the two companies, harnessing their data collection capabilities to create such a repository would have inevitably unleashed an outrage among users.
This is a key paradox of the situation: the capabilities are already here, they are used — with nothing more than our negligent consent. Tech companies take advantage of it to refine their business but these pieces of information won’t be used for the good of the population, even in the context of the worst health crisis of the century.
Coming back to the case of Bob and Alice described in the cartoon, as it is, the app only states that Bob has become positive for COVID-19 and that Alice should be notified. We know nothing of Bob’s recent whereabouts, the restaurant he went to, the subway line he took, or the grocery store he shopped in the weeks prior to developing the symptoms (or being tested).
Now let’s teleport the two characters into South Korea, the country that has been the best (so far) at “flattening the curve” of the pandemic, without a general lockdown. (What follows is based on a conversation I had last week with Pierre Joo, a Seoul tech investor friend of mine who gave more explanation in this piece in French).
Our friend Bob has developed the symptoms that left no doubt about his condition — despite having been tested negative a month ago. (In France, about 40 percent of the PCR tests generate false negatives, according to a doctor I talked to last week who infected his entire family after falsely tested negative). But because Bob has been tested, he has a medical “referent” and he downloaded the Korea Center for Disease Control app where he must enter his vitals twice a day. (Incidentally, this app was hastily developed by Winitech, a Daegu startup specialized in national emergencies, in just one month).
Bob enters his condition in the app, alerting the KCDC. In addition to Bob’s recent proximity to Alice, the medical investigator now in charge of his case has access to his cellphone data, his credit card history, etc. In about 10 minutes, his behavior from the last two weeks is reconstructed. The data are placed under the control of “Smart City Data Hub” created by the Ministry of Infrastructure and Transport and the Ministry of Sciences and Technology.
At first, this application was created with the primary intent of locating clusters and tracing back infected people.
Now we are in a totally different context. After weeks of lockdown in certain countries like France, it is time to relieve the pressure and to consider a selective and progressive lift of the constraints.
One of the options is a careful classification of the population based on their proven status (immunized or not) and for the majority who haven’t been sick already or tested, assessing their risk factors for developing complications. In addition, geographical considerations must apply as some regions have been way more affected than others. That is why such data collection should be linked to the electronic patient record, which contains essential information. In our example, it would be crucial for Alice’s health status to know that she had bouts of asthma and repeated bronchitis. Or that Bob was a chain smoker.
Who could seriously oppose the development of such a system?
In Europe, the vast majority actually does oppose it. You can argue (as I do on Twitter, wasting my time) that scores of protections should and will be deployed — opt-in only, bi-partisan monitoring of the collection and the use of the data, destruction of the non-essential files after a certain time, all sorts of guarantees — but most of the EU population remains very reluctant if not opposed.
The chances of seeing such an efficient — while closely controlled — apparatus being developed collide with a critical factor unfortunately not limited to France, which is the mistrust of political leadership.
In most countries, polls consistently show a steep decline in the institutions that could protect the public from abuse. In the United States alone, according to Gallup, the Supreme Court was trusted “a great deal/a lot” by 56 percent of the respondents in 1988; in 2019 it was down to 38 percent (not even to mention the yawning political divide). The US Congress dropped from 41 percent in 1986 to 11 percent in 2019. And I’m not talking of the current level of trust in today’s American executive branch.
Many Europeans are following the same trend. In France, the far-right and the far-left, closer than ever, can’t wait to see the end of the lockdown to shred what is left of Macron’s presidency. Certainly not the best time for the executive branch anywhere to propose putting a temporary dent in privacy principles, even for public health’s sake.
