Here’s a OPT-In prior work on an app to help with disease spread. Created by my former advisor, and one of my fave teachers nearly a decade ago. Computer Laboratory - Fluphone Project
While this project may not have been reviewed for privacy implications of the time, and certainly the technological tools we have for preserving privacy has moved on, I know they both are willing and able to examine their projects for privacy implications. I add it here to show how apps could be part of the solution, if they were designed to respect privacy from the start.
The publications are helpful too:
-
D. Fay, J. Kunegis, and E. Yoneki “Centrality and Mode Detection in Dynamic Contact Graphs; a Joint Diagonalisation Approach”. IEEE/ACM ASONAM, Niagara Falls, Canada, Canada, August, 2013 (PDF).
-
D. Fay, J. Kunegis, and E. Yoneki "On Joint Diagonalization for Dynamic Network Analysis ". Technical Report, University of Cambridge, 2011 (UCAM-CL-TR-806 ).
-
E. Yoneki "FluPhone Study: Virtual Disease Spread using Haggle ". ACM CHANTS, 2011 (PDF).
-
E. Yoneki, and J. Crowcroft "EpiMap: Towards Quantifying Contact Networks and Modelling the Spread of Infections in Developing Countries ". International Conference on Wireless Technologies for Humanitarian Relief (ACWR), December, 2011(PDF).
-
M. Freeman, N. Watkins, E. Yoneki, and J. Crowcroft " Rhythm and Randomness in Human Contact". International Conference on Advances in Social Networks Analysis and Mining (ASONAM), Odense, Denmark, August, 2010 (PDF).
-
E. Yoneki “Visualizing Communities and Centralities from Encounter Traces”. ACM MobiCom Workshop on Challenged Networks (CHANTS), San Francisco, USA, September, 2008 (PDF).
So while APPs could be helpful, and so could data, Edin of Privacy International covers a global trend of enforcing people to install apps and invade their privacy through a variety of surveillance mechanisms: https://www.youtube.com/watch?v=B-w51EfpY24
I think the RSA covers this tension well: Data could help, but it must be freely given, protected in a variety of ways, and transparency about it’s use must be maintained and sustained.
Data is key to overcoming the coronavirus crisis - RSA
I really like that RSA link, @eireann_leverett.
As we have seen from our data rights work, there already existed a desire among the public for greater say and control over their data rights. If the crisis is the catalyst, how do we deliver workable mechanisms that prompt positive change?
This is where deliberation – facilitated conversation by citizens – comes in. The RSA’s Tech and Society team has found deliberation of inestimable value, not only in building trust between citizens and radical technologies, but also in enabling citizens to co-design governance mechanisms. The RSA’s Forum for Ethical AI enabled just this sort of dialogue in the context of automated decision systems.
This is exactly what we want to do here.
See you in a little while then to listen and learn. Looking forward to it.
The Icelanding COVID-19 contact tracing app is not bad in this regard. From their README:
With the user’s consent the app keeps their location data. In case the contact tracing team of the Department of Civil Protection and Emergency Management needs to track someone’s movements, they will be asked to upload their location data.
This would allow for the tracing team to help retrace a user’s movements for the last two weeks and increase the likelihood of identifying individuals you might have been in contact with.
Completely automated, continuous sharing of data might not have higher privacy implications when employing data obfuscation and cloaking mechanisms. But users can’t understand these mechanisms properly, so they can’t “give freely”. Even I would prefer to give raw data on request than obfuscated data continuously.
It appears that the Icelanding system is about requesting the infected person for their location data of the last two weeks. That won’t help to find all the contacts, as not all the places know their guests (public transport won’t know, for example). What they could do is add a feature to this software that will broadcast a request like “anyone who has been at [location] at [time], please step forward”. The app on the user’s phone would do all the work of figuring out if the user has been there and then, and only if so, would notify the user, asking to confirm sharing this detail with the civil protection services. It’s a distributed, privacy enabled database system because every user has full control over the location database on their own phone.
YES! I agree wholeheartedly.
I very much agree. It’s frustrating when there are so many great techniques for preserving privacy in location services that are cool pieces of cryptography…yet if we can’t explain zero knowledge proofs and homomorphic encryption methods, then we can’t expect the public to trust them. Sad, but true. So these opt in approaches are the best (and if we’re lucky, can spearhead more trust in those cryptographic methods).
Thanks for a positive example…and I like the open source approach to health data. Reminds me of @opencare discussions.
Find the writeup and subsequent discussion at the link below. Closing this topic.