What To Ask Before Downloading A Contact Tracing App

Imagine Any Other Winter Before This One

Instead of a global pandemic, flu season is in full swing and everyone needs to get their vaccine. Last week it looked like all your coworkers were home sick or sniffling. You get a message from your insurance provider about an app they're launching to track where you go and who you come in contact with - all to help prevent people from spreading the flu. It turns out the vaccine hasn't been very effective this year. They're offering discounts on your premium if you download the app. “Help keep your community safe!” is the call to action.

You'd probably have some questions before clicking 'I AGREE'. Of course you want to help people stay healthy but just because the cause feels good doesn't mean you shouldn't ask questions. Getting to access the intimate details of your life like where you go and who you meet is a serious (and contested) privilege for companies. Only a few tech and telecom giants have been able to justify it by providing technology that feels like a superpower: the ability to talk to almost anyone at any time or the ability to summon a map, point to a destination, and know exactly how to get there.

You doubt your insurance company will be able to really benefit you or your community enough to make sharing those details worth it. You delete the message.

Contact Tracing Today

Today we're being asked to do all we can to protect our communities and ourselves. The stakes are much higher than a typical flu season and you're probably tuned in to public health leaders and their recommendations. Testing and treatment strategies make up most of the discussion but tracking the virus as it spreads has become an increasingly important challenge to solve.

For those who aren't familiar with the concept of contact tracing, here's a summary. Let's say you've tested positive, already you've spread the virus to those around you in the previous weeks without realizing it. In order to stop the chain reaction of those people continuing to unknowingly spread the virus, you must do two things. First, remember who you interacted with. Second, alert those people. Then those people must quarantine or do whatever possible to stop themselves from spreading it to others. You may have heard of 'flattening the curve'. Well the next big thing will be 'lowering the R0'. R0 or R-naught represents the number of new people infected by a single case. Traditionally, public health workers manually collect the data that helps them calculate the R0 and understand how quickly the virus is spreading. They'd sit 6 feet away from you and interview you to identify risks and prevent further spread.

But remembering all of your interactions, sharing them with a public health worker, and getting in touch with everyone is a really hard thing to do. But wait… what if we all carried around little trackers in our pockets and they could sense other trackers. Then when someone reported they were sick, the trackers would immediately send out an alert to those they crossed paths with? Well for most of us that technology already exists and it's called a smart phone. And tech giants like Google and Apple and telecom companies already generate that data.

Public Health Meets Tech Tracking

Well, except for one extremely critical piece of information: who's testing positive. For Apple and Google to have any impact with their data, they'd have to share their very proprietary and very sensitive data with the thousands of local clinics, hospitals, and testing centers who actually know what's up. Or they'd have to coordinate across all of these groups to collect the data they need to send out notifications. These scenarios seem unlikely.

Historically, Google and your telecom shared detailed consumer location and preference data with plenty of advertisers and business partners. But the complexity, scale, and legal risk of this situation is definitely not as lucrative as Google’s other healthcare projects. Also over the last 3 years, data privacy legislation has begun to stem the flow of personal data into the coffers of advertisers and business partners. But now the question becomes what happens to the flow of personal data into health care organizations when we really can benefit from it?

We cannot deny that our health institutions are in need of help. We're in a state of such emergency that even New York Times activist and writer for the 'Privacy Project', Charlie Warzel, has acknowledge the benefit of tracking during this time. Using technology and data from Google, Apple, and telecoms seems like an obvious opportunity to reduce the R0.

So when Apple and Google announced a partnership this April to build a contact tracing api that included many safeguards to protect people's information and privacy, most people were optimistic. There are thorough debates and technical write ups about what they're proposing. I won't dive into details here, but if you'd like to learn more I'd recommend starting with this summary by the Verge.

Moving Forward While Restoring Privacy

The need for contact tracing seems obvious and necessary now but what happens when health organizations are asked to give up tracing because things have 'gone back to normal?' How do you go back and click 'DECLINE'?

Historically, clawing back privacy rights has been like simultaneously fighting a battle uphill with the sun in your eyes and cleaning pee out of a pool. Companies often refuse to give up the 'competitive edge' of knowing where people are and what they are doing. Right now in California, advertisers are fiercely opposing giving up access to your browsing data and ability to follow you around the internet.

What happens when other organizations want to compete, like when your insurance company builds an app with these capabilities? Remember the term 'health organization' applies to both non profit clinics and to billion dollar financial institutions - institutions whose number one priority is to pay back shareholders and investors and don't always have your best interest in mind. Whenever a powerful company gains even more power, especially during a crisis with so many unknowns, we need to pay attention and set expectations for when these new powers will be reversed or diluted. We need to make sure regulators have the funds to investigate and hold accountable organizations that misuse or abuse their power. There are plenty of current examples and horrors throughout history showing what can go wrong when people simply trust and stand by.

Before downloading a contact tracing app, here are four things to ask:

  1. What data does the technology track? Does it use GPS? Yes? Red Flag! It shouldn't track your exact location. It should be bluetooth based and only track your position relative to others.
  2. Does your device have the updates necessary to run the software? Does the organization distributing the app have guidelines/requirements? No? Red Flag! Hackers can intercept your data if your device isn't up to date. Organizations should be up front about the technology required to run the software safely.
  3. Who built the technology? Was it done by a suspicious looking group or a college intern? Yes? Red Flag! App developers should be properly certified and following HIPAA and cybersecurity guidelines.
  4. What happens if you test positive? Is identifiable information shared with others who have crossed paths with you? Yes? Red Flag! Contact tracing apps should alert others that they've recently crossed paths with someone who tested positive. That's all. No other details are necessary. You have the right to keep your health information private and remain anonymous.

As we see more communities embrace contact tracing, don't blindly accept something that doesn't feel right. In the medical field, you should always be respected and encouraged to get a second opinion. If an organization is encouraging you to download an app and you’re not sure who to ask for help, feel free to reach out to us at [email protected]