Newsom’s move to blunt the spread of the coronavirus was just one sign of the increasingly close cooperation between government authorities and technology companies in fighting a dangerous common enemy. This global wave of experimentation has involved data sets long considered so personal and sensitive — capable of revealing how smartphone users spent their days, and with whom — that many government officials shied away from their use out of fear of public backlash.
But health experts say such new tactics, while testing traditional privacy boundaries in the United States and elsewhere, could play a central role in the battle against the coronavirus as nations try to reopen their economies. Key will be expanded disease surveillance with the help of emerging technologies to identify new infections before they create major hot spots.
Experts say that old-fashioned public health approaches, such as widespread testing and manually tracing the contacts of people with newly discovered infections, probably will remain the most effective way to control the pandemic. But with few signs that the United States is assembling the army of health workers needed to track coronavirus infections, technology may be called on to fill the gaps.
Already technological tools are helping authorities fine-tune their public directives, and data derived from individual smartphones may soon play an important role in mapping webs of potential new infections and alerting people at particularly high risk of developing covid-19 that they need to be tested immediately.
“You need most [exposed] people to go and get tested,” said Ashish Jha, faculty director of the Harvard Global Health Institute. “If we can do this and keep it going, I think we have a shot — just a shot — at keeping our economy going.”
There is some evidence of public acceptance of technological surveillance tools. A Pew Research Center study published Thursday found that slightly over half of those surveyed say it is at least “somewhat acceptable” for the government to use people’s cellphones to track those who’ve tested positive for the virus to understand how it is spreading. Forty-five percent said it is acceptable for the government to do so for people who may have had contact with someone who tested positive for the coronavirus.
There is less support for monitoring mobile devices to ensure that people are following social distancing orders, however. Just under 4 in 10, 37 percent, said it was at least “somewhat acceptable” for the government to track people’s locations to monitor compliance.
Privacy advocates caution that the rush to deploy possible technological solutions to a devastating pandemic may be outrunning the public’s understanding of how their data is being collected and used. They warn that the apps and other services developed to fight the coronavirus might someday be used by different government authorities to fight crime or monitor political activity.
In part because of these concerns, most of the technological tools being deployed — such as the activity map Facebook provided to California authorities — rely on what is known as aggregated and anonymized data, meaning they are compilations of data that have been stripped of information that could be used to identify an individual. New Mexico officials are using such anonymous smartphone data to help anticipate surging hospital demand, and Colorado officials have used similar data to determine whether residents are traveling less, in compliance with the stay-at-home order the state’s Democratic governor, Jared Polis, issued March 25.
But officials in other nations, mainly in Europe and Asia, have gone farther, harnessing smartphone data to identify infected people and warn others that they are at risk and, in some cases, must quarantine themselves. Many Israelis, for example, have received texts from public health officials alerting them that, based on cellphone location records collected by the government, they had been near an infected person and needed to go into isolation for 14 days.
Momentum is building for similar — though less draconian — approaches in the United States. Longtime Silicon Valley rivals Google and Apple announced last week that they will build new features into their widely used smartphone operating systems to assist authorities in investigating new cases of coronavirus infection. The companies say that their detection system, unlike the ones used in Israel and some other nations, would be completely anonymous, voluntary and designed with safeguards for people’s privacy.
As technologists seek to balance public health benefits with privacy concerns, there remains uncertainty about how effective any of these tools might be, and whether the time, money and energy spent on them would be better used expanding virus testing or hiring more people to conduct contact-tracing investigations.
“Before we rush off and do [the technological initiatives] at huge scale, we should know they work. We don’t randomly go popping pills,” said Daniel Weitzner, a former White House official now developing contact-tracing technology for the Massachusetts Institute of Technology, where he is a researcher. “You don’t want to trade off any privacy risk at all for no benefit. We want to make sure there’s clear evidence of effectiveness before we suggest hundreds of millions of people start doing this.”
Smartphones are a continuous fountain of revealing data: Telephone companies know where a cellphone user is by tracking what cell towers the customer’s phone is communicating through, and many types of smartphone software, including for apps such as Facebook and Waze, collect user information such as GPS coordinates or proximity to known WiFi signals. Most smartphones also can register how close they are to other devices, using Bluetooth radios that search for nearby speakers or wireless headphones.
All of that information is potentially useful to public health officials as they seek to track both the broad movements of populations in regions infected by the coronavirus and the more specific risks posed by infected individuals.
South Korea has used cellphone location data to reconstruct the movements of infected people and alert nearby residents that they may have been exposed. Such information is behind Israel’s ability to identify people at risk of infection and send them texts ordering them to quarantine themselves. Hong Kong has deployed “geofencing” — a technology marketers use to deliver coffee shop ads when potential customers walk nearby — to determine whether people with confirmed infections stayed home during their quarantines. Violators faced jail time or fines.
Singapore has harnessed Bluetooth technology to identify potential new infections by seeing whether the devices of people known to have the coronavirus have been within six feet of the devices of other people for prolonged periods of time. Government health officials can then request those logs as they investigate the virus’s spread.
Such approaches also are gaining ground in Europe, where a cross-continental group of researchers has designed a system for “Decentralized Privacy-Preserving Proximity Tracing” that Germany and other nations plan to adopt. In the United Kingdom, health authorities are working on a contact-tracing app that would send people color-coded warnings about people with whom they had crossed paths over the previous two weeks: yellow alerts for people with unverified self-diagnoses; red alerts for infections confirmed by medical staff.
Other countries are going farther in using location data to police social interactions and combat the virus’s spread. New Zealand, Taiwan and Thailand have used phone-location tracking to monitor quarantined people’s movements, and issue heavy fines to people found to have violated the orders. In China, Poland and Russia, health officials have used facial-recognition software to confirm whether someone has obeyed lockdown orders.
The experimentation in the United States has been less aggressive, relying mainly on collected sets of anonymous user data, provided voluntarily by companies.
California’s decision to limit access to beaches and parks, for example, drew on data not only from Facebook but from Google.
In Colorado, a team of investors and engineers has used smartphone data to determine that traffic in the state has decreased substantially, said Brad Feld, a technology investor in that state. Like officials elsewhere, those in Colorado have sought to avoid triggering a privacy backlash by working with data sets stripped of personally identifiable information.
“I’m not sure we’re going to tolerate as a culture the federal government knowing all of our movements. I’m not sure we’re going to tolerate phone companies retroactively providing our location information,” said Sarah Tuneberg, the director of the Colorado response team for developing technological tools to aid in the coronavirus pandemic. “In the absence of those, we’re going to have to create other innovations.”
Some of the data tapped by Colorado and other states comes from Descartes Labs, an analytics firm based in Santa Fe, N.M. It used location data gathered from 10 million mobile devices to help public health authorities determine how far people are traveling on a given day, issuing an aggregated score for each county. The lower the score, the more likely that people in a given spot are following government guidelines and staying home.
In Descartes Labs’s home state, officials have been using its technology for weeks to try to determine which hospitals faced looming crushes of new infections, and the information on travel helped Gov. Michelle Lujan Grisham (D) measure the effectiveness of social distancing guidelines and contributed to her order last week to close more businesses, said Tripp Baird, a spokesman for the governor.
‘Sticky, sticky issues’
Far more sensitive — and also potentially more useful — are individualized indicators of infection risk detectable through smartphone data.
The initiative announced last week by Google and Apple seeks to achieve that goal while protecting people’s privacy, the companies say. They are updating their dominant mobile operating systems to allow the Bluetooth radios built into billions of smartphones worldwide to assist public health officials in conducting contact tracing, the laborious process of identifying who may have been exposed to people who tested positive for the coronavirus.
Such approaches do not rely on precise geographic location and would not create a central repository of information about people’s individual health information, the companies say.
The system would work like this: Health authorities would give a person who tested positive for the coronavirus a special code that would allow them to tell the app on their phone that they had a confirmed infection. The system would then send an alert to the smartphone of anyone who has come in contact with the infected person over the past two weeks. The alert would include guidance on how to reach their local health department and an admonition to quarantine themselves.
The system would use numeric codes, not personal information, to log the interactions, and that data would remain on people’s phones, not shared with authorities, and be erased after a few weeks, company planning documents show. Health authorities also would not have access to potentially exposed people’s names or phone numbers — a concession to privacy concerns that potentially could limit the effectiveness of the Google and Apple approach, which could become available next month.
Such a Bluetooth-based system, if widely adopted, could help reduce the guesswork of contact-tracing investigations and alert unsuspecting people to potential infection. Google and Apple have said their systems at first would rely on new and experimental apps developed by health departments or third-party developers, and that users would have to download and install on their phones. But eventually, the companies said, the contact-tracing features would be built into smartphone operating systems, making them more easily available for widespread use.
Whether that will be enough to make the system truly effective for contact tracing is uncertain. Researchers suggest that for such a system to be effective, perhaps as much as 60 percent of the U.S. population would have to participate. But even if it’s built into every new phone, users would still have to enable it in the same way they enable other smartphone features, and people with older phones, spotty Internet connections or confusion over their Bluetooth settings could be left behind. In Singapore, where a similar system has been used for weeks, about 1 in 6 people have downloaded the app.
Anthony S. Fauci, director of the National Institute of Allergy and Infectious Diseases and a member of the White House Coronavirus Task Force, said in an interview on Snapchat that the privacy concerns about the use of personal smartphone data create “sticky, sticky issues.”
“Even though from a purely public health standpoint, that makes sense,” Fauci said. “You know, you could look at somebody’s cellphone, and say, ‘You were next to these 25 people over the last 24 hours.’ Boy, I gotta tell you, the civil liberties-type pushback on that would be considerable.”
Location data might not work
Aside from privacy concerns, public health experts wonder whether these new technological approaches will prove effective against an unpredictable, fast-moving pandemic — especially at a time when more established public health priorities, such as providing enough testing and medical protective gear, have fallen disastrously behind.
Ashkan Soltani, a security researcher and former Federal Trade Commission chief technologist, said he and other researchers had counted more than 50 contact-tracing projects that have been launched by engineers over the past few weeks.
Some use WiFi and Bluetooth to pinpoint people’s locations, while one project uses the audio frequencies from a smartphone’s microphone to attempt to detect it with more precision. The smartphone emits ultrasonic waves that can be picked up by the microphone of another device if it’s close.
Some of the projects are better at protecting privacy than others, Soltani said, and some, he cautioned, don’t have any public health experts involved. He said the risk of error is high. If a person goes downstairs to pick up a pizza delivery and doesn’t take their phone with them, it won’t pick up the infection status of the person at the door.
Bluetooth, meanwhile, will register a device as nearby even if it’s on the other side of a wall, raising the possibility of triggering false warnings that could distract health-care workers from real infection risks and cause needless worry and disruption.
To minimize false positives, the Google and Apple system will indicate a contact only when two people are nearby for a matter of several minutes, the companies say. But that timing mechanism likely would miss brief but risky exposures, such as from coughs or sneezes that can spread the virus widely in a matter of seconds. The system also will lack the ability to detect transmission risks from an object or a location harboring the virus, such as an elevator button or grocery store checkout aisle.
Cyrus Shahabi, a University of Southern California computer science professor working on a contact-tracing app that would use location data to provide “risk” scores for public areas, said that challenge is a critical one that the system will struggle to overcome.
“It could potentially give so many false positives that it renders the approach effectively useless,” Shahabi said.
Jason Bay, the product lead of Singapore’s TraceTogether, still the most prominent real-world example of a Bluetooth contact-tracing system, has also pushed to adjust expectations about how useful the system will be.
“If you ask me whether any Bluetooth contact tracing system deployed or under development, anywhere in the world, is ready to replace manual contact tracing, I will say without qualification that the answer is, No,” he wrote in a Medium post last week. “You cannot ‘big data’ your way out of a ‘no data’ situation. Period. Any attempt to believe otherwise, is an exercise in hubris, and technology triumphalism. There are lives at stake.”
But many government officials on the front lines of the pandemic have been emboldened by the stakes involved and by their sense, still untested, that the public may be more accepting of using personal data than in the past — if the purpose is worthy.
“Many companies that are collecting voluminous data about us, often without our knowledge or consent, are using the data for social good,” said Beth Noveck, chief innovation officer in New Jersey, which is using Zip codes submitted during Web queries to predict future virus hot spots. “There are many legal and ethical dilemmas that arise from collection of data without our consent. But on the bright side, if there is a silver lining, it’s the ability to do some good with that data.”
Dwoskin reported from Oakland.