As the UK is put under lockdown, the race is on to create a phone app that can reduce the spread of coronavirus. Elsewhere in the world, apps and mobile network location data are already being used in various opt-in and mandatory systems, the hope being that they can potentially halt the pandemic in ways that traditional tracking methods may not.
Proposed in a paper by infectious disease experts from Oxford University’s Big Data Institute (BDI), the idea is that, if a sufficiently large number of people installed a dedicated Covid-19 contact tracing app on their phones, their movements could be tracked via GPS, Wi-Fi and Bluetooth proximity sensing.
It's proposed that when the app detects a person has crossed paths with someone who has contracted coronavirus, they can be instantly contacted and sent for testing. The app would be able to work retrospectively. The BDI's Christophe Fraser says that “the instant mobile app concept is very simple".
"If you are diagnosed with coronavirus, the people you’ve recently come into contact with will be messaged advising them to isolate," he says. "If this mobile app is developed and deployed rapidly, and enough people opt-in to use such an approach, we can slow the spread of coronavirus and mitigate against devastating human, economic and social impacts.”
The Oxford team has provided the British and other European governments with feasibility data showing that such an app could be deployed effectively and ethically. It's not currently clear whether this will contribute to the contact tracing app currently in development by NHSX for the Department of Health and Social Care, but the key factors to any app's success will be the same: user adoption and access to testing.
The Big Data Institute estimates that over 60 per cent of the UK’s population would have to be using the app for digital contact tracing to reach enough people as they become infected. And it’s essential that people identified by the contact tracing app be promptly tested. This may require a significantly higher rate of testing that we’ve so far seen in the UK. As of March 24, UK government data shows 90,436 people have been tested in Britain (population 66.44 million) compared to more than 330,000 in South Korea (population 51.47m).
For scientists and public health bodies tasked with investigating technological solutions to monitor, track and reduce the spread of the coronavirus, this is not new ground. In 2011, an app called FluPhone was released by Cambridge University researchers to trace the spread of the flu in the city through Bluetooth and Wi-Fi based location and contact tracing. But uptake was less than one per cent, rendering the effort useless.
Read more: What the world can learn from South Korea’s coronavirus strategy
In the US, the open source CoEpi project is recruiting app developers and has released a manual protocol to guide people through the process of communicating their diagnosed or self-observed health status with the people in their lives, which the team ultimately hopes to automate through an app.
German geo-tracking firm Ubilabs, working with the Hanover Medical School, has already developed a prototype coronavirus mapping app, in line with proposals by epidemiologists that people could donate tracking data that they’ve already collected about their movements through platforms such as Google Maps. And MIT already has an app to help people privately log their movements so they and health authorities have an accurate record of their movements to help with current manual contact tracing efforts.
Phone location data has already played a role in tracking coronavirus infection vectors. The Big Data Institute team’s paper details the success of phone tracking carried out in China and South Korea. In China, ‘health code’ add-ons for Alibaba’s Alipay payment platform and Tencent’s WeChat have been used to restrict the movement of potentially infected people.
The system generates unique green, yellow or red QR codes that grant different travel and access rights, with only green code holders able to circulate freely while yellow and red codes indicate that a person must be quarantined. Abacus reports that this quarantine status is calculated using data including an individuals’ travel history, time spent in areas affected by coronavirus and their relationships to potential carriers.
The codes are reportedly based on “information provided by big data companies [that] allows its system to track a person’s location down to the county level”. The assessment based on that data, which appears to include information gathered by other widely-used apps from Alibaba and Tencent as well as people's travel trajectories and, in some cases, self-reported body temperature, is algorithmically generated by a system that’s been criticised by some for its lack of transparency or options to appeal.
Health codes are generated in different ways in different regions, which has contributed to delays in the roll-out of a national system.
China’s tech giants are also placing some of that infection data in the hands of citizens, with a Baidu mapping app that shows the locations of confirmed and suspected cases to make them easier to avoid, while cybersecurity firm Qihoo 360 has launched a service to help people see if they’ve shared a plane or train with anyone who’s come down with coronavirus.
South Korea’s Ministry of the Interior and Safety, similarly, has released its self-isolation safety protection app which, according to MIT Technology Review, lets quarantined individuals keep in touch with their case workers and uses GPS location tracking to ensure that they’re not breaking their quarantine. Adoption is also high in South Korea for third-party maps and contact tracing apps that use publicly available government data about the location and movements of infected individuals, while a new government system leverages the country’s smart city infrastructure to give health investigators instant access to CCTV footage and payment card transaction data to help them see where infected individuals have been.
While both China and South Korea’s approaches have helped them flatten the infection rate curve, reducing the rate at which coronavirus is spread, privacy advocates have highlighted concerns with the level of personally identifiable data exposure and lack of transparency in their systems.
On March 20, Singapore launched its TraceTogether app, which more closely follows the Oxford researchers’ model of opt-in data tracking. It’s also more precise than the GPS based systems used in some other places. And potentially less privacy invasive. Once the app is installed, it uses Bluetooth to identify other phones in its immediate proximity that are running the app, furnishing it with a record of a user’s interactions with others to aid contact tracing if they become infected.
However, Singapore has a reputation as a surveillance state and the government’s publication of the home and workplace addresses of infected people isn’t a model that’s likely to sit well in the UK – or with GDPR. The Big Data Institute’s proposal emphasises the importance of privacy, ethics and social responsibility, recommending measures such as oversight by an advisory board that includes members of the public, the use of a transparent and auditable algorithm, and effective protections around the use of personal data.
Read more: What is GDPR? The summary guide to GDPR compliance in the UK
But while proposals for apps to be used in Europe and the US often take into account ethical and privacy concerns, these may not necessarily be top priorities for governments handling a global health crisis. The Electronic Frontier Foundation has called on governments to commit to transparency about their surveillance plans. It warns that using bulk GPS data for contact tracing could lead to disproportionate and unethical use of personal data and may be too inaccurate to be effective.
French privacy advocate La Quadrature du Net that Belgium, Italy, and the United States are among countries preparing for the mass collection of residents’ geolocation data, while Privacy International is keeping tabs on the privacy implications of measures against coronavirus around the world.
In the US, Facebook and Google have been in talks with government officials specifically about tracking and Israel has already begun using a previously secret cache of mobile phone location data collected by the country’s internal security agency to send text alerts to people who’ve been in proximity to known coronavirus carriers.
The British government has been working with mobile providers BT (EE's parent company) and O2 to analyse broad movement patterns of the population. This use of anonymised data is a positive sign of a measured response, but the government has the right to go beyond that. In a March 12 statement, the Information Commissioner’s Office says that “public bodies may require additional collection and sharing of personal data to protect against serious threats to public health”.
And, on March 19, the European Data Protection Board issued a statement emphasising that member states should attempt to do what they can with anonymised data but notes that they have the power to “introduce legislation to enable the processing of non-anonymised location data where necessary to safeguard public security”, including the location tracking of individuals, under strict privacy safeguards.
Transparent, opt-in tracking of the kind proposed by the Big Data Institute represents the gold standard for privacy, and we anticipate further news from the team in the coming weeks. But it remains to be seen whether privacy and data protection will remain priorities for the government as it tackles an increasingly pressing medical crisis.
😓 How did coronavirus start and what happens next?
❓ Does alcohol kill coronavirus? The biggest myths, busted
🎮 World of Warcraft perfectly predicted our coronavirus panic
✈️ Flight data shows the huge scale of Covid-19
👉 Follow WIRED on Twitter, Instagram, Facebook and LinkedIn
This article was originally published by WIRED UK
