Coronavirus tracing apps don’t have to kill privacy to be effective

Decentralised tracing apps that use Bluetooth can stop people’s personal information being abused – here’s how
Getty Images / WIRED

Privacy and public health are colliding – again. Contact-tracing apps are being suggested as one way to reduce the spread of Covid-19, in particular once lockdown rules soften, by letting people know if they’ve recently been near a person who has shown signs of infection. In the UK, NHSX is developing its own version of such an app using an algorithm developed by researchers at the University of Oxford. Other countries around the world are also creating their own apps. Now the race is on the make sure they protect user privacy, while still being useful to officials.

Naturally, tracking the locations of people and reporting their health status has raised privacy concerns, though some have suggested privacy should give way to public health. “We’ve seen a lot of people say we should give up on privacy as it’s not really important right now,” says Imperial College’s Yves-Alexandre de Montjoye, who with colleagues published a list of questions developers should consider with such apps. “But from a technical perspective, we have no reason to believe that you need to pause anything. We are convinced that there are tools and techniques to build a contact-tracing app that would be privacy preserving.”

The EU agrees. It has laid out a set of recommendations to help protect privacy and encourage transparency with such apps, including minimising data collection, a preference for the least intrusive methods of location tracking, and deleting data once the pandemic has abated.

That raises questions about whether location tracking using GPS or Bluetooth is used, if phone numbers are collected, if data is encrypted, and if identifiers are truly anonymous, but it also includes how information is shared, even to other users. “How do you protect who potentially infected me?” de Montjoye asks. “How do you make sure that you let me know I’m at risk without telling me or me being able to find out who infected me.”

One project trying to answer such questions is Decentralised Privacy-Preserving Proximity Tracing (DP3T), which proposes a decentralised system that uses temporary identification tags. Users are tracked via Bluetooth, broadcasting a temporary random identifying code. If they’re found to be infected with the coronavirus, the locations they visited over the past few days will be reconstructed with those codes, with warnings send to anyone else who was nearby, letting them know to isolate in case of infection.

The system limits the data that’s collected, with no names or other demographic data collected, and only uploads location details of people who have been infected, preventing tracking of those who aren’t. “As the different entities in the system receive the minimum amount of information tailored to their requirements, none of them can abuse the data for other purposes, nor can they be coerced or subpoenaed to make other data available,” the researchers note in a white paper.

One key aspect is to use temporary identification markers, rather than a phone number, name or even specific Bluetooth data, which sticks to your device. “Any project that does not use random, temporary identifiers is junk,” says Phil Booth, coordinator at MedConfidential.

By building in a decentralised structure, instead of all the data being collected by one party, it’s held in a distributed manner so no single organisation has complete control. Not only does that avoid future abuses of the data, but it forces privacy to the centre of design, as the use of a truly anonymous ID is necessary as anyone can see the data. “It’s a design constraint that actually forces you to be better,” Booth says, adding that well-meaning developers often start with privacy in mind, but it gives way in the face of practical challenges. “They start off wanting to be privacy preserving, but the minute they get to a problem, if it’s centralised, they’ll come up with a kludge and things fall apart.”

Other groups of researchers are also coming up with privacy-protecting designs, notably the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT), which is working on a Europe-wide, opt-in app. The group isn’t wedded to the idea of a decentralised design, but like DP3T argues in favour of an anonymous identifier paired with Bluetooth for proximity tracing. In a rare move, both Apple and Google have announced they will work together to create APIs that work across both Android and iOS to allow contact tracing, the move potentially makes it easier for those building apps to do so.

While the technical details and engineering decisions are important, so too is policy. A well-engineered contact-tracing app could still prove problematic if the data isn’t secure, if the design and use of the data isn’t transparent, and if function creep is allowed – and the latter may already be happening with the NHSX contact tracing app, with suggestions such apps could have multiple purposes, including tracking compliance with social distancing and lockdown rules.

We’re in a pandemic, so people are confused and scared – they’re not going to want to install and use an app that’s confusing and scary. “There are 5G conspiracy theories flying around and all sorts of things in this environment,” says Booth. “You have to be able to say, and it has to actually be true, that you’re not gathering anyone’s information.” And take-up is key: estimates suggest such apps require as much as 60 per cent of the population to use them before they can make a difference.

Even if people still download and use a multi-purpose version, contract-tracing apps work best if you have your phone on you all the time. But if you leave it at home in order to avoid being caught out driving to a beach or meeting friends in the park, key data points will be lost — and you won’t get warned if that’s when you got exposed to the virus.

And that’s at the heart of contract-tracing apps: if done well, they could be one tool in an arsenal, not the only one — washing your hands and social distancing will always be more important. Booth says health secretary Matt Hancock is “a classic tech solutions fanboy”. Apps and other tracking tools can be helpful, but only if designed with privacy in mind, he adds. “Do we want to be Great Britain, as we understand her? Or do we want to be China,” he asks. “If you go down certain tech routes, it will inevitably carry you a certain way.”


Digital Society is a digital magazine exploring how technology is changing society. It’s produced as a publishing partnership with Vontobel, but all content is editorially independent. Visit Vontobel Impact for more stories on how technology is shaping the future of society.


Coronavirus coverage from WIRED

😓 How did coronavirus start and what happens next?

❓ The UK's job retention furlough scheme, explained

💲 Can Universal Basic Income help fight coronavirus?

🎲 Best video and board games for self-isolating couples

👉 Follow WIRED on Twitter, Instagram, Facebook and LinkedIn

This article was originally published by WIRED UK