Governments vs. Big Tech: Resolving Differences in Contact Tracing

Getting back to saving lives while protecting civil liberties

From the CoVista Group at the University of California, Berkeley

Governments around the world have become increasingly frustrated with tech giants dictating public health policy. The software created by Apple and Google enables individuals to track their own potential exposure through collated exposure notifications. However, the same software prohibits location tracking, denying key information needed by public health officials for robust contract tracing. This information is needed to treat and isolate COVID-19 positive people, identify transmission hotspots, and protect against continued spread of infection.

We present two simple ideas that can be adopted to break through this stalemate and return to accomplishing our crucial common goal: determine contacts of people with COVID-19 swiftly, thoroughly, and accurately by innovation using cellphones, our most pervasive individual technology.

The Big Tech Proposal

Apple and Google have adopted a decentralized approach to mobile contact tracing that prioritizes individual privacy. Under the Apple-Google Exposure Notification (AGEN) protocol, individual phones determine if the user has been exposed, without revealing

• the identity of the infected individual
• where the contact event took place

The protocol does not use location information. It relies on the Bluetooth radios present on all modern phones to detect proximity with others. Beyond not collecting Protected Health Information (PHI), the decentralized approach retains the non-PHI on the phone, allowing individuals to determine risk locally.

Government Needs

Governments and public health authorities want to understand where and how the disease is spreading, so they can take preventative measures. They also want to be able to use mobile contact tracing to augment existing manual contact tracing efforts.

• While centralized contact tracing may offer utility critical to re-opening the world’s economy, it raises profound concerns for civil liberties and personal privacy.

With these goals in mind, governments advocate for a centralized approach, whether national or regional, where they maintain records of each person’s locations and interactions. This allows governments to determine exposures and notify people directly, as timeliness reduces spread. While centralized contact tracing may offer utility critical to re-opening the world’s economy, it raises profound concerns for civil liberties and personal privacy.

Government efforts that avoid reliance on the industrial Exposure Notification offerings have run into a host of failings, including reliability, power drain, interoperability, and participation.

Big Tech Dictating Public Health Policy

Apple and Google have taken an unprecedented position — essentially dictating public policy, not just by requiring the decentralized approach, but also by prohibiting contact tracing apps from collecting location information.

Further, they are restricting access to the new contact tracing APIs to national governments and permitting only one app per country or region. This decision circumvents the local governments, tribal organizations, and community health services that are often most aware of existing manual contact tracing efforts and the needs of their communities. Meanwhile, government’s contact tracing apps have failed due to restrictions imposed by AGEN.

Solution

Surprisingly, the following two simple measures can support manual contact tracing efforts, provide visibility into the spread of disease, and return authority to local communities all while preserving privacy within the Apple and Google framework.

1. Treat places as people. Endow public places with the same privacy-preserving technology we used to monitor exposure for individuals.
2. Nation-scale data, not apps and processes. Build a common backend for the AGEN protocol that spans apps and governmental boundaries.

In the rest of this article, we describe these two simple measures and how they both improve contact tracing while also preserving individual privacy.

Treat places as people

If we treat public places as people, we can use the AGEN protocol to a) understand COVID-19 exposures across space, b) integrate with manual contact tracing, and c) do so with the same privacy-sensitive protocol. To treat places as people in AGEN, simply attach mobile phones or specialized low-cost beacons to publicly accessible places (e.g., county services, stores, buses). Like a lighthouse, these devices help communicate risk associated with places. Well-positioned, they can offer robust proximity detection, can detect their exposure, and the can convey aspects the risk that represents.

By choosing to share their locally computed exposure risk with public health authorities through the AGEN protocol, owners of publicly-accessible places can aid in mitigating virus spread. Alternatively, if a place is identified through traditional, manual contact tracing, the place can still anonymously participate in the AGEN protocol, notifying others without revealing where they were exposed.

Treating places as people empowers stewards of public spaces to collaborate with public health authorities to help mitigate the spread of disease without jeopardizing the privacy of patrons or the reputation of the public spaces.

This procedure can facilitate detection of exposure from a non-participating individual while improving anonymity over manual contact tracing methods. Going even further, such places could provide other means of beaconing that do not involve smartphones, such as QR code displays, codes on receipts and so on.

Nation-scale data, not apps and processes

Rather than “one app per nation,” a better solution would be to provide a common privacy-preserving data exchange across apps and administrative boundaries — a Commons. This would allow societal structures and innovation, rather than corporate policy, to determine how the app ecosystem should evolve. It is very likely that participation will be greatest if the apps are available through local organizations (e.g., tribal organization, university campus) that individuals trust. A common privacy-preserving data exchange is already compatible with the AGEN protocol.

When an individual tests positive and they engage in a conventional contact tracing interview with a public health professional, the professional obtains an authorization so the individual, on an opt-in basis, can share their anonymous exposure information. Public health professionals serve to protect the integrity of the information in the Commons without exposing any patient data or medical data.

Their actions are quite similar to publishing counts of cases, statistics and demographic information, as is done today. The Commons might be hosted by governmental or NGO structures, based on national or regional policy. A diverse and innovative app ecosystem can grow to meet the needs of individuals and agencies.

A Call to Action

With these two simple innovations, we can move past the conflicts and controversy and on to utilizing privacy-sensitive mobile contact tracing to improve the efficacy of public health measures — thereby saving lives and unnecessary suffering — while respecting civil liberties.

• Apple and Google should continue to focus on interoperable building blocks, while being receptive to innovations that foster both user privacy but also a shared data Commons, a diverse app ecosystem, and integration of public and social health outcomes.
• Governments and public health authorities should utilize AGEN-equipped places rather than App location services, to assist manual contact tracing without compromising civil liberties. They should recognize that Apps specialized to local communities are likely to be important for widespread participation, piecemeal approaches to data management does not serve the public health. Public health efforts should utilize a data Commons of appropriate scale.
• You too can help by sharing this article with your local public health authority or company leadership. Help us build awareness of these two simple innovations, among agents capable of change.

Governments around the world are taking too long to slow COVID-19 and Big Tech could be part of the solution, rather than part of the problem. Contact tracing is a key part of public health management for isolation, treatment, and quarantine. We should all be moving quickly, as areas are opened up, so we can respond as fast as we can to keep the pandemic under control. The measures we have described can allow us to come together and use innovative contact tracing technology today to protect our communities and the health of those around us.