How, precisely, will we end the period of confinement that has stifled entire economies and left more than 1 billion people sheltering in place?
Some have suggested a selective approach, whereby younger, less vulnerable cohorts would be ushered back to work before others.
However, dire warnings from epidemiologists about the inevitable health consequences have since eroded support for this strategy in most quarters.
Now, the only generally accepted solution is a gradual relaxation of restrictions, enabled by mass-scale testing, tracking and contact tracing to identify all those with whom an infected person has interacted.
And, because it is not feasible to test 100 percent of the population, the ultimate solution lies in making track-and-trace systems work.
The only realistic way to track and trace at the necessary scale is to use the geolocational data provided by cellphones. In this approach, a “contact” occurs whenever two people’s devices — namely, their Bluetooth signals — come into close proximity for a certain period of time.
Several systems for identifying such interactions have already been proposed or even deployed.
Singapore has relied on its TraceTogetherinitiative; Google and Apple recently joined forces to design a voluntary contact-tracing app; and a broad consortium in Europe has launched the Pan-European Privacy Preserving Proximity Tracing (PEPP-PT) project.
Clearly, any track-and-trace system is going to raise serious privacy issues. The entire point, after all, is to identify infected people.
Even if user IDs are anonymized, they will need to be linked to a name and cellphone number at some stage in the process.
The current designs can be augmented with additional technical features to constrain the use of the collected proximity data, while still allowing for effective tracking and tracing.
However, first, the rules governing data collection and use will need to be adapted to our new surveillance needs.
To that end, one recent proposal distinguishes between three types of privacy: from third-party snooping, from one’s contacts and from the government.
With the exception of South Korea, none of the countries with track-and-trace systems already in place make personal information about positive cases publicly available (as is done with sex-offender registries in the US), but even programs that ensure the first two levels of privacy cannot offer privacy from the government without compromising the system’s effectiveness.
Hence, for now, we should design systems to protect against passersby and hackers.
However, we will need to wait for practical methods of achieving the third level of privacy.
One important technical requirement is to limit the lifetime of the contact data — the log of each Bluetooth interaction with another device — to 14 days, after which it should be erased automatically.
This principle should apply both to the data carried on the phones and to that stored by the government.
However, for this rule to be observed fully, urgent research and development will be needed to streamline auto-destruction protocols for data, which are currently too complex and burdensome for the task at hand, especially when it comes to mobile devices.
That is a task for the software and hardware developers.
As for policymakers, the top priority should be maintaining the “use limitation principle,” which holds that data provided by users will serve only the purpose declared during its collection — that is, to track positive COVID-19 cases.
Policymakers are also going to have to address the process by which cellphone users consent to releasing their data. An opt-in approach, which is optimal from a privacy perspective, would rely on users installing the track-and-trace app voluntarily.
However, outside of Southeast Asia, there is no evidence that this approach would ensure sufficient participation rates.
A slightly more assertive option is the opt-out approach, whereby all mobile devices would automatically have the app installed, but users would be able to remove or disable it.
A recent Canadian survey indicates that two-thirds of the country would support a government track-and-trace program. Yet that implies that as many as one-third of Canadians might opt out.
The only remaining option, then, is compulsory data sharing, in which the app is hard-coded into the operating system of the device.
To make this approach more palatable, the system — like the data collected — would need to come with a sunset clause, so that it is phased out when the crisis has passed.
How do we define that moment?
In the US, rules governing patient privacy in medical settings under the Health Insurance Portability and Accountability Act have been significantly relaxed in response to the crisis, and the US Department of Health and Human Services has offered little indication of when they will be fully reinstated.
To avoid repeating the same mistake, track-and-trace programs should come with a clearly stated, verifiable goal, such as a period of no new infections, or inoculation of the majority of the population when a vaccine is available.
These sunset provisions should then be written into the software and subject to audits by independent bodies such as the Electronic Frontier Foundation.
A final question is who should be designing such systems, setting the rules for data collection and storage, and deciding on the best approach to balancing privacy and effectiveness.
Rather than giving absolute control to developers or the state, we should convene representatives from the private sector, government, academia and civil society.
The COVID-19 pandemic compels us to rethink well-established frameworks for data collection and privacy protection.
Addressing the public-health emergency with as little computational overhead as possible is no small feat.
Grant-making institutions that fund computer science urgently need to reorient their priorities toward efforts to introduce practical, but responsible methods of proximity-data collection and the necessary safeguards.
If privacy must temporarily play second fiddle to public health, there must be well-defined protocols for ending the state of exception.
As the American anthropologist Margaret Mead put it: “It may be necessary temporarily to accept a lesser evil, but one must never label a necessary evil as good.”
Stan Matwin is a professor of computer science, Canada Research chair and director of the Institute for Big Data Analytics at Dalhousie University in Halifax, Nova Scotia. He is also a professor at the Institute of Computer Science at the Polish Academy of Sciences.
Copyright: Project Syndicate
Late last month, Beijing introduced changes to school curricula in the Inner Mongolia Autonomous Region, requiring certain subjects to be taught in Mandarin rather than Mongolian. What is Chinese President Xi Jinping (習近平) seeking to gain from sending this message of pernicious intent? It is possible that he is attempting cultural genocide in Inner Mongolia, but does Xi also have the same plan for the democratic, independent nation of Mongolia? The controversy emerged with the announcement by the Inner Mongolia Education Bureau on Aug. 26 that first-grade elementary-school and junior-high students would in certain subjects start learning with Chinese-language textbooks, as
There are worrying signs that China is on the brink of a major food shortage, which might trigger a strategic contest over food security and push Chinese President Xi Jinping (習近平), already under intense pressure, toward drastic measures, potentially spelling trouble for Taiwan and the rest of the world. China has encountered a perfect storm of disasters this year. On top of disruption due to the COVID-19 pandemic, torrential rains have caused catastrophic flooding in the Yangtze River basin, China’s largest agricultural region. Floodwaters are estimated to have already destroyed the crops on 6 million hectares of farmland. The situation has been
The restructuring of supply chains, particularly in the semiconductor industry, was an essential part of discussions last week between Taiwan and a US delegation led by US Undersecretary of State for Economic Growth, Energy and the Environment Keith Krach. It took precedent over the highly anticipated subject of bilateral trade partnerships, and Taiwan Semiconductor Manufacturing Co (TSMC) founder Morris Chang’s (張忠謀) appearance on Friday at a dinner hosted by President Tsai Ing-wen (蔡英文) for Krach was a subtle indicator of this. Chang was in photographs posted by Tsai on Facebook after the dinner, but no details about their discussions were disclosed. With
On Sept. 8, at the high-profile Ketagalan security forum, President Tsai Ing-wen (蔡英文) urged countries to deal with the China challenge. She said: “It is time for like-minded countries, and democratic friends in the Indo-Pacific region and beyond, to discuss a framework to generate sustained and concerted efforts to maintain a strategic order that deters unilateral aggressive actions.” The “Taiwan model” to deal with the COVID-19 pandemic provides an alternative to China’s authoritarian way of handling it. Taiwan’s response to the health crisis has made it evident that countries across the world have much to learn from Taiwan’s best practices and if