← Back to portfolio

COVID19 Tracking and Human Tracking

Published on
Image credit: Katie Tomkins - Mortuary & Post Mortem Services Manager at West Hertfordshire NHS Trust by Roxana Halls, 2020.

The following arguments are conceived amidst a series of data leaks that exposed COVID19 patients’ private information. In June, South Dakota suffered a data breach in which people's names, addresses and virus status were exposed. More recently in Wales, the information of 18.105 people was leaked. Such incidents are bound to be repeated since cyberattacks to extract data have been on the rise during the pandemic. The recent Verizon Data Breach Investigations Report indicates that out of 474 reported data breaches between March 1, 2020, and June 1, 2020, 36 were COVID19 related.

The situation is pretty straightforward. COVID19 patient tracking requires sensitive data. Elaborate systems have been put into place to track the location history of people to track the virus and control the contagion chain. At the very least, positively tested patients are asked to provide the history of their activities in the past days or weeks if this is not done through their mobile devices. Governments engage in human tracking with the intention of achieving virus tracking. There are dozens of centralized government operated apps that track humans and have been commissioned for that purpose. These new apps often exhibit security and functionality flaws, are expensive to make, have more privacy intrusion than necessary, and are hardly justified in the first place.

Take for example Australia’s COVIDSafe which had a budget of 2 million to make and the government has spent much more to advertise it. It has been developed and released in two weeks. It had vulnerabilities that allowed anyone with bluetooth to crash the app on all nearby phones. More importantly, it did not serve the purpose intended. In Australia, 6 million people downloaded the app and some regions have not registered a single contact alert. Out of two million downloads of a similar app in France, only 14 people have been notified of possible exposure. In some apps, bluetooth contact tracing works only 25% of the time because it only registers when the screen is unlocked.

Moreover, the single application of human tracking to trace the virus is a non sequitur. The premise is that where there were COVID19 carriers, there could be viruses left behind. Consider it as true as “where there was rain, it was wet.” The conclusion of the argument is that the virus is where human carriers went. Yet the conclusion does not follow, as it does not follow that where it is wet, it must have been raining. This does not follow because wetness can come from other sources than rain. Just as the virus can come from other sources than tested, tracked, and controlled individuals. Currently, there is a rising suspicion that cats might be permissive to the SARS-CoV-2 virus infection. WHO makes clear that the virus spreads through objects that are not tested or traced (packages, deliveries, phones, cash). The virus spreads not only through human contact but also through surfaces, objects, and other media, especially in an urban environment.

Because of this, we must have independent virus tracking initiatives. One strategy is developed by Weill Cornell Medicine to track pathogens in public spaces. This approach is called microbial surveillance. It relies on the collection of microbiological information and using AI to look for patterns. Some of those patterns determine the transfer of the virus between areas, others determine which uses of countermeasures (e.g. disinfection) the virus might be or become more resistant to. Researchers build machine learning algorithms that learn from the pathogen data collected in various public spaces. Their project - “MetaSUB” - aims to create a forensic genetic map and identify resistance markers in the urban environment. They have other projects to track and predict pathogens on phones, in the air, and similar environments. They also investigate the presence of SARS-CoV-2 and other coronaviruses in domestic cats.

Such projects show an additional way to understand the spread of COVID19. Currently, all data that is used to represent the spread is based on human tracking. It has to be supplemented. Direct virus tracking activities (e.g. microbial surveillance) do not use personal data. This allows us to gather as much data as needed and apply AI to make predictions. Yet some form of human tracking is necessary, and health is not to be sacrificed for privacy. Health is a priority and human tracking works. It is an acceptable trade-off. But the cost of the trade-off really depends on how it is implemented. Currently, the implementation is the problem.

An alternative to centralized government apps is a decentralized approach. The goal of decentralization is to reduce the loss of privacy, by exchanging anonymous keys that do not include identifiable information. Governments often keep IDs of humans they are tracking (as confirmed in recent breaches), however this is not justified. Anonymized or pseudonymised data is perfectly sufficient to keep people aware of their contacts and exposure rate. Decentralized solutions already exist and they do not have to be developed. The majority of devices used are either iOS or Android and Apple and Google have developed their own Exposure Notifications System that uses advanced cryptography to preserve privacy. It works through Bluetooth Low Energy technology and all data is localized on a user’s phone, it is also encrypted, and part of the OS itself, so there is no need to download an app. This dramatically increases the viability and security of the solution, without additional costs and privacy concerns. The saved costs on making faulty apps could very well be invested in microbial surveillance and AI applications that do not rely on personal data to make predictions.