A policy proposal for Digital Contact Tracing during the coronavirus outbreak.

(A translation of this text is available in Italian)

Everyone is probably aware of the covid-19 outbreak. At the moment it seems that, in order to avoid deaths in the order of millions, we will have to lock down entire countries until we have a vaccine (~18 months estimated at the moment) [1].

There are suggestions of an alternative. Some in the scientific community are suggesting that digital contact tracing (DCT) with mobile phones might work, e.g. [2]. This might be the only way to avoid both economic collapse and the death of millions. But tracking the movements of millions of people is a slippery slope.

Some countries have tried this approach already, and there are indications that it might work. But there are concerns on the implementation of such a policy. For example, South Korea has a system that gives public announcements in a way that might leak the identities of individual citizens [3]. Israel is tracking cell phone signals [4], which has at least two problems. One is that it is not possible to choose whether to be tracked, and the other is that there is no one-to-one correspondence between mobile phones and individuals, which makes it impossible to assign responsibility.

So a good idea might be to start thinking what limits and constraints to impose on DCT policies, to prepare for the likely moment when most other countries will start implementing them. Crises tend to accelerate technological developments. A computerised system on the scale needed for DCT could have momentous consequences, both positive and negative. It is therefore important to get it right.

I will list some ideas for a policy proposal here. What I would like to attain with this is a) to get people to start thinking about this hypothesis, b) receiving criticism from different perspectives to improve the proposal, and finally c) transforming this proposal in a petition to limit the scope and increase the effectiveness of DCT in the event it is adopted in the future.

1. Participation in DCT should be voluntary. Many countries are in or preparing to lock down, which severely restricts their citizens’ freedom of movement. If and when the number of infected individuals returns small enough to be manageable, citizens should be offered the alternative of moving freely, but under DCT. Making participation voluntary means that those who opt in will be explicitly trading off some of their privacy in exchange for increased freedom of movement. It allows to obtain (and measure) trust in the DCT system, and increase compliance. It reduces the perception of oppression, and gives greater choice to the individual.
2. Hardcoded shut-down. The DCT policy and any associated data should be respectively cancelled and destroyed after the pandemic has ended (e.g. after the vaccination rate goes above a certain threshold). The conditions for the end of DCT operations should be clearly stated in the law. The system might be kept in preparation for the next pandemic, and some forms of anonymised and aggregated data stored for scientific research.
3. Data storage should have an expiration date. After a certain amount of time, one can be reasonably sure that an individual is not contagious anymore. So the recorded history of any individual’s movement should not be longer than that time (but the information that they are immune might be stored until the end of the DCT operations).
4. Opt-out should be available at any time. With the condition that citizens return in lockdown if they do not wish to be tracked.
5. A separate and independent organization should be created to manage any data and operations associated with DCT. This is to make sure that no individual, organization or state institution is privy to the sensitive data that DCT requires. No one outside the organization should have access to any data that is not anonymised.
6. Anonymised communication. Any individual subject to DCT should only be able to know whether they are at risk of being contagious/ill, but not when and where they might have contracted the infection. For example, suppose Alice has been at a bar at the same time as Bob, who she doesn’t know. Suppose one day later Bob is diagnosed with the illness. Alice should only receive the information that she has been in the proximity of a contagious individual, and she is now at greater risk of being infected herself. No information that could trace the contagion back to Bob should be disclosed.
7. Every DCT device should be tied to a specific individual, and it should be illegal to use someone else’s device or identity.
8. International cooperation. Although this creates a number of diplomatic problems to solve and it might slow down reaction time, it would be easier technically to pool the resources of many countries to develop such a system. A single standardised system might make international travel across participating countries feasible without quarantining travelers. It would also make it less likely for DCT to be used for purposes not originally intended.
9. Security. The highest standards in cryptography and cyber-security should be adopted in order to avoid data theft and any other fraud. Encrypted communication, digital signatures for software distribution and to confirm identity are some examples of this.
10. Transparency. This is probably the most important point. Trust is needed to obtain compliance, and only transparency can beget trust. Everything that can be made subject to public scrutiny should be. For example, the software that runs DCT, both centrally and on-device, should be made open-source. The models used to make predictions should be explained in technical papers, and their predictions should be published regularly. Any decision about the operation of DCT should be made public, and it should be clear who is in charge of decisions. Anyone should be able to check exactly what information the DCT system has about them at any time.

Please criticise this proposal, improve it, and share it with anyone who might be interested or in a position to help shape policy making. You can contact the author at: write.to.orange@gmail.com

References:

[1] https://www.imperial.ac.uk/media/imperial-college/medicine/sph/ide/gida-fellowships/Imperial-College-COVID19-NPI-modelling-16-03-2020.pdf

[2] https://www.medrxiv.org/content/10.1101/2020.03.08.20032946v1

[3] https://www.nature.com/articles/d41586-020-00740-y

[4] https://www.haaretz.com/hblocked?returnTo=https%3A%2F%2Fwww.haaretz.com%2Famp%2Fisrael-news%2F.premium-israeli-coronavirus-surveillance-who-s-tracking-you-and-what-happens-with-the-data-1.8685383