Tracing Covid-19 patients while preserving privacy?
Published 8 April 2020 by Clément Renaud
As pandemic-stricken nations strive to trace the detailed movements of their citizens, a team of European researchers offers a decentralized protocol that could store relevant information on people without mass collecting personal data.
“Contact tracing”, or monitoring the movements and meetings of individuals carrying an infectious disease, is at the core of current efforts to contain the spread of the Covid-19 virus, all the while raising apprehension over general surveillance. In Switzerland, SPRING Lab at École Polytechnique Fédérale de Lausanne offers an alternative protocol that preserves privacy.
The Decentralized Privacy-Preserving Proximity Tracing (DP-3T) protocol uses Bluetooth on a mobile device to detect the proximity of other people’s devices while emitting randomly unique and ephemeral identifiers that protect the individual’s privacy. This data is stored on the person’s smartphone for 14 days, so that in case the person becomes infected, it be uploaded to a central server for processing, with permission from both the individual and health authorities.
This initiative, led by SPRING Lab’s Carmela Troncoso, aims to minimize the collection of personal data while helping health authorities to track the movements of the epidemic itself. Non-infected users remain anonymous, no personal data is collected, and above all, the system becomes inactive once there are no more confirmed cases.
The DP-3T protocol is being proposed at an opportune time, when many governments are searching for a smooth transition out of general lockdown. However, whether or not a government (or its citizens) will be willing to adopt the protocol remains to be seen. Singapore has already implemented another Bluetooth-based system, raising much criticism over the quality of data dependent on people’s willingness to download and install the app on their phones.
Specter of real-time monitoring of citizens
For many nations, these past weeks of monitoring the spread of the Covid-19 epidemic has been an opportunity to deploy new surveillance technologies on an unprecedented scale. Since February 2020, China has implemented a pass system based on QR codes distributed via the mobile applications Alipay and WeChat. In Poland, the government has installed an app that allows the police to demand a selfie within 20 minutes to prove that the person is actually at home. After 77 days of lockdown, the residents of Wuhan can now leave the city, under the condition that they submit to a blood serum test. Similar measures are being discussed in Italy.
In France, the National Academy of Medicine advises against the movement of individuals released from lockdown being conditioned on individual health tests. The French government is currently developing a mobile application called StopCovid to follow the evolution of the disease among its citizens.
Most recently, the European Data Protection Supervisor called for the development of a pan-European application to monitor people’s movements, respectful of individual citizens’ rights to manage their own personal data, following numerous existing efforts.
Nonetheless, European nations are still tempted by the possibility of real-time monitoring of their citizens’ movements. As the anticipated recession foreshadows even more social instability in the weeks to come, governments may seize this epidemic opportunity to increase heavy-handed control on their populations.
Already in 1975, French philosopher Michel Foucault wrote in Discipline and Punish: “In order to make rights and laws function according to pure theory, the jurists place themselves in imagination in the state of nature; in order to see perfect disciplines functioning, rulers dreamt of the state of plague.” Now more than ever, the ethical appropriation of digital technologies is fundamental to preserving our individual and collective freedoms.
Download the “Decentralized Privacy-Preserving Proximity Tracing (DP-3T)” white paper documents or read the comic