The U.S. government is in talks with Facebook, Google, and others to use location data to track the spread of the coronavirus.
Public-health experts are interested in the possibility that private-sector companies could compile the data in anonymous, aggregated form, which they could then use to map the spread of the infection, according to three people familiar with the effort, who requested anonymity because the project is in its early stages.
On the surface, it’s for good intentions (They always seem good on the surface). But we know that in certain situations, data can be de-anonymized. Some questions: How will they use this data? How effective would this be? Will the government keep the database afterward? My initial thought is that I have no problem with medical experts and scientists doing this. But I have no faith in this current administration, or faith in companies like Facebook and Google. What if they created an app to collect this data? That way it’s optional. And please password–protect the server.
Check It Out: U.S. Government Wants to Track Coronavirus Spread With Location Data
How would they know if someone has the virus or not?
Good question.
Lee:
There are several options. An obvious one, more of a convenience sampling frame, would be to consent people who are tested for the virus at the point of care and testing.
Under states of emergency, governments often suspend the need for consent, and could simply require reporting from the testing site that would then enter the data from all tested people. A similar process has been underway in state health departments in the USA for ‘reportable diseases’, however not with tracking, but with very limited anonymised data.
Under more controlled epidemiological or clinical investigations, enrollees would likely have to be consented to have their data entered, and could then be tagged as positive or negative and tracked accordingly.
These are just a few of several options.
Thanks Doctor. So the person would have to voluntarily participate. I am sure that medical facilities are reporting cases, but this would probably be faster to share among agencies.
Now what we need is for the Apple Watch to analyze the wearer’s perspiration for COVID-19 and other conditions including blood sugar. Presumptive tests not to be relied upon as a guarantee that one is infected or not.
Seriously though as senior citizens my wife and I have gone into laager as per Governor Newsome’s request. I am well stocked with long shelf life supplies, and mid term such as potatoes and onions, but will soon need fresh produce and fruit. We also have cut rations so as not exceed our caloric burn. I do go out early in the morning for a brisk walk, but it is now 30 minutes instead of an hour; I rarely encounter anyone at 5:00 AM.
Andrew:
There are two components to this issue, both of which are relevant to your concerns about potential abuse; both have to do with security. The first is a public health emergency in the context of national security, and the second is the protection of the individual, also in the context of national security.
Regarding the first, Covid-19 represents an as yet insufficiently quantified threat to the health and safety of the public. We do not have a reliable denominator, which would tell us the true case fatality rate (what percentage of infected persons die). We do not know how wide spread the virus is. We do not know the prevalence of mild to sub clinical infection. We have an incomplete picture of transmission. We know nothing of seasonality, the likelihood of reinfection, whether there is one or multiple circulating strains, whether or not the virus is capable of mutation and how it interacts with other pathogens to potentially increase lethality. These are all things that we need to know in order to have a coherent and effective disease control strategy, with or without effective therapeutics and a vaccine, but especially in their absence.
An inexplicably and appallingly absent piece of this puzzle at present is population-based surveillance that would inform us of the prevalence (how wide-spread), the true incidence or attack rate (how rapidly it is spreading), and what percentage of people (and who they are) have silent infection that nonetheless is capable of transmission. Being able to track the spread of infection at the individual level would provide a realtime map of coronavirus epidemiology, and give us a leg up on the pandemic, bringing us one step closer to control. There can be little disagreement with this objective. The concern is the one you rightly raise, could this capability of granular tracking be abused, and could the data be de-anonymised. We address this issue by addressing the second question raised above, the protection of individual data and its relationship to greater national security.
Currently, any company can request and require individual data as the price of entry for using the company’s services, even when those services are fee based. In other words, we are doubly charged. Personal data are not simply the new oil, they are more valuable than all fossil fuels combined. They can be monetised to benefit the private and public sectors. They can be weaponised to benefit or harm and even destroy governments, national assets and financial systems. They can be bartered for goods and services. They can be mobilised to move persons (slaves) and materiel (weapons, illicit goods) under the radar of embargo by rogue states and stateless actors. The list is long and expanding. An asset this precious should never be let to any dilettante who wishes to dabble in its trade. When the US dollar was based on gold reserves, those reserves were guarded in a fortress. A nation’s oil reserves are guarded by their military. Personal data can be obtained and traded by any start up company with no plan or capability of secure storage. This is lunacy bordering on the suicidal. Our personal data should only be obtained and stored by an insured, industry standard banking system, just like our money.
This should be, like the banking system, private and competitive, but regulated and accountable, undergoing regular audits of its use and the security protocols for its protection. Breaches of protocol and security should be stiffly penalised. The companies that obtain those data should have to qualify for the privilege of acquiring and storing our data, and it should be left to the individual to decide which service they choose to manage their data, just as they would their money, savings and other investments. To be sure, the tech giants, including Apple, are well positioned to assume that role, but they require regulation. No company that does not qualify should be able to acquire and store your personal data.
How would this work? Simple. If I store my data with Apple, some of that data sharing with other entities is as simple as Apple sign in. Many of these companies simply need verification of my identity. In other cases, like airlines and hotels, they too have a need for personal data, but they should not be allowed to independently acquire and store it. How would they obtain it? From my data banker, in this case Apple. The individual should be capable of securely authorising that company to access the data they require (via a Secure Enclave – face or finger). The company then, as we do with aggregated scientific data today, would, via their account with Apple, be permitted to view my data, and even using a data aggregator, be able to collate data from a number of clients across multiple data bankers, into a single virtual database where they could see those data, but not be able to manipulate them, nor download and store them on their own servers. Those data, though shared with authorised parties, are never transferred, but remain behind a state of the art security system, and can only be used for the purpose, and importantly, for the duration, stated in their application for those data. This relieves individual companies from the burden, and us from the fiasco, of having these companies, each with different levels of incompetence, of storing and ‘protecting’ our data, however poorly and with no consequence for failure.
That done, with our consent and knowledge, we could begin to flood new and emerging industries and imperatives, like epidemiological investigations of global pandemics, with our data, secure in the knowledge that they can be used solely for the purposes that we have consented, the excess of which would exact a penalty and possible prison time for the offending party.
We are about to enter the third decade of the 21st Century. There is no reason why some version of this has not already happened, apart from a failure of imagination and leadership.
Thank you for that comment!