Contact tracing: an aid for humanity or a Trojan horse of surveillance?

By Sophie Letschert (smwletschert@outlook.com), Caroline Stanislawczyk (claarecaro@gmail.com) and Karlygash Nurdilda (k.nurdilda@gmail.com)

Introduction

Can contact tracing apps become the ultimate flooding gates for private data to flow into the hands of the third parties, bringing out health surveillance en masse? The novel coronavirus has sped up all processes of digitization and what we are seeing now is how ‘security and privacy of information are rapidly becoming the new economy and technology of control’, what Geert Lovink talked about in 2008. It is no longer about the potential of privacy infringement, that is already a reality, albeit disguised in the veil of a greater public good, contact tracing apps are being churned out everywhere. Some got rolled out almost immediately, like the Health Code System put in place in China, others took longer, like the Dutch CoronaMelder app that has started working less than two weeks ago. Definitely, all apps infringe on our privacy, but some do so more than others, that is why we chose three different examples of contact tracing apps. Is Covid-19 fertile ground for abuse of trust, especially since laws and regulations are substantially lagging behind technological developments? 

Using the low-level and high-level affordances as an approach will enable us to examine countries’ adaptation of the contact tracing applications and what possibilities, as well as constraints they possess. We shed a light on what data is required and how it affects both the efficacy of the application and the user, in cases where it is attainable. Contrasting three applications allows distinguishing the conditions of their use. We also take into consideration the levels and circumstances of the society’s responsibilities, data surveillance, and socio-technical consequences through textual and visual components of the apps. 

CoronaMelder 

The Dutch application to help stop the rapid spread of the coronavirus is: CoronaMelder. The idea of this application is that you receive a notification when you have been near someone, for at least 15 minutes within 1.5 meters, who is infected or later diagnosed with the virus. The app keeps track of this by means of Bluetooth signals. The closer you are to someone, the stronger the signal between the devices. By using Bluetooth the CoronaMelder does not need to use GPS or location data, which in turn helps to safeguard the privacy of users. ‘The app does not know where you are or who you are’ (coronamelder.nl, 2020). The aim of the app is to fasten and support the contact and source research of the GGD. The GGD is: ‘the municipal health organization for preventive health care in the Netherlands’ (hollandexpatcenter.nl, 2020). 

How is CoronaMelder established and developed? 

The minister of public health, Hugo de Jonge, organized an ‘appeton’ where he invited app developers from all over the world. A number of organizations applied to this appeton and through a live stream everyone who was curious could follow those pitches (Radio, 2020). These applications did not meet the Dutch requirements, so de Jonge created an independent team of young talented developers. According to de Winter (2020) de Jonge also invited critics to participate in the privacy issue of the application (p.33). The application was developed and created in a transparent environment and to this day everyone can still look into the source code of the application (NOS, 2020). CoronaMelder was first tested in a few GGD-areas, because the corresponding law did not get through Parliament and the Senate yet. In addition, the test capacity had to increase as well. The app went live on the 10th of October 2020 and since then 2.65 million people downloaded it (Huijbregts,2020). 

What are the (low) affordances of CoronaMelder and how does the app operate? 

CoronaMelder can be downloaded in Apple’s App Store (Appstore) or Google’s Play Store (Play Store). CoronaMelder keeps track of your distance to other people through Bluetooth Low Energy. The application uses technologies built by Apple and Google, which provide all mobile devices with the operating systems iOS or Android to share information with each other. If you are close to another person that installed the CoronaMelder, for a longer period of time, the application saves an arbitrary code. If the other user later specifies in the app that he is infected with the virus, you will get a notification (CoronaMelder.nl, 2020). 

After downloading CoronaMelder in the App- or Play Store, you don’t have to fill in any data to get started. If you open the app you will be taken directly to the main screen. The main screen contains a typical Dutch animation of people outside and once in a while someone on a bike crosses your screen. Besides the animation there are several features such as: Questions about the app, inviting people for the app, what kind of notifications can I get, requesting a Corona test and frequently asked questions. 

What are the critiques on CoronaMelder? 

Van Gemert-Pijnen (2020) researched if the CoronaMelder could be used by all different kinds of population groups. She used different test groups varying from young to old, higher, and lower educated, and so on. The results of the test showed several critiques. The most common critiques were: Doubts about the usefulness, privacy (not sure about how anonymous the app is), doubts whether everyone would know how to use the app, and the use of Bluetooth is considered as taxing on the battery life (2020, p.32). 

The launch of the app caused a lot of discussion about privacy aspects. Are the users of the app as anonymous as they promised (NOS, 2020)? The Dutch authority of personal data (AP) questions the independence of the techniques used by Apple and Google. Chavannes (NOS, 2020) argues that if you make clear agreements with big companies like this and make clear that they cannot abuse the personal data which is gathered by the app, this problem will be gone. 

Besides the privacy critiques Bonten and Chavannes (2020) argue that the app will have a minimum contribution in lowering corona cases due to the fact that source and contact research does not influence the reduction of the coronavirus much. This is because there are too many infections. Source and contact research only work if there are not so many infections. Chavannes (2020) argues that it is not a silver bullet, but that every small contribution will help the larger cause. Furthermore, research from the University of Oxford shows that if ten to fifteen percent of the population download the app it will contribute to the reduction of Corona (Dieleman, 2020). Another critical note of Chavannes is that the arrival of the app will challenge the test capacity of the GGD even more, which is already a problem in the Netherlands (NOS, 2020). In addition, both argue that the app will only work if a minimum number of people download it. Chavannes adds to this argument that he thinks that ‘super spreaders’, who are less careful and don’t comply with the measures, will not be the people who download the app. While it is especially helpful if those people will download it (NOS, 2020). 

ProteGO

Launched in April 2020 in cooperation with the GovTech, the Ministry of Digital Affairs developed a contact tracing application ProteGO. It bears a few similarities to CoronaMelder in terms of privacy and its operational features. As of October, it has been downloaded by over one million Polish citizens (Gov.pl). It is available on smartphones and operates on the Exposure Notification System (ENS), an API provided by Apple and Google with the Bluetooth Low Battery mode. 

What are the low-level affordances?

Downloading the app is voluntary and free and so is providing any data. It consists of two modules. Health diary allows you to verify whether you are in the group of risk by following questionnaire guidelines of the World Health Organization. The second, triage module scans the surroundings and notifies in case of potential contact with the virus. 

In each instance, it is possible to opt-out from disclosing full information before and during an assessment. From the government’s portal to the textual contents in the application, the user is continuously encouraged to be systematic and responsible to improve the efficacy and accuracy of ProteGO. The responsibility of citizens and active participation is stressed as necessary for the application to work effectively with the accompanying byline ‘Everything is in your hands’ (ProteGO). What continuously highlights the voluntariness across the app is the ubiquity of the ‘skip’ button. 

How does it function and what are the legal components?

The new version of the application operates on the API by Apple and Google. Despite the need for the app to run in the background, The Exposure Notification System uses only Bluetooth beaconing to detect proximity (Apple and Google 8). The device continuously transmits the TemporaryExposureKey, previously retrieved from the generated user key pool, which changes after a certain period of time (GitHub). The General Sanitary Inspectorate receives and verifies identifiers and analyzes them if necessary (GitHub). The generated Diagnostic Key on potential contact with other devices is kept for fourteen days, then deleted. In the privacy policy of the application, respectively from the Par.3 point 5 to point 12, the ProteGO user receives an insight into what, how, and by who the data is kept or processed (ProteGO). The user can withdraw from using the application at any point. He has, therefore, the possibility to manually delete any personal data that he provided the application with, be it health data or delete the application itself, in an instance of which all information is irretrievably removed. 

To give or not to give? Dat(a) is the question.

As Kolfschooten noted, granting access to citizens to information on their data processing in this instance is not harmful ‘to the protection of public health’ (487) as it could be in a case of national security issue, where ‘the privacy of individuals is limited for the purpose of the protection of a greater part of the population’ (479). Designed under the protection of the user’s privacy by default and attempts to limit the processing of information about the user (Ministry of Digital Affairs), the source code is publicly open and all personal data resides locally on the device. All in all, providing personal data is optional on all levels and stages within ProteGO. This, however, significantly determines the application’s optimal functionalities. And as a study by Barrat shows, adaptation to the app could significantly ‘suppress outbreaks’ and the spread of the epidemic (13). Moreover, when used accordingly, digital contact tracing applications could also act as complementary to manual contact tracing, thus minimizing the spread of COVID-19 (11). 

Although government efforts in limiting data processing are transparent, public communication and clarity of these goals behind ProteGO are just as important in tackling and deflating any uncertainties stemming from it, consequently gaining desired efficacy of the app (Kahn 73) since the amount of information and terms of rules seems overbearing. While solutions to data and privacy issues have been successfully addressed and carried out so far, the efficiency of the app is yet another point of debate.

Chinese Health Code System

The System was first deployed by the Chinese government (Hangzhou Public Security) and developed by Alipay (a wallet app from Alibaba Group Holding Ltd) in February 2020 and proudly introduced to the public in just 7 days (Xinhua News Agency). A mini-application (as it is called in China) is now downloadable on Alipay and Tencent Holdings Ltd’s WeChat (a social networking platform). As an application, the Health Code System affords for fast contact-tracing and efficient isolation of potentially infected people from the healthy population. 

What are the low-level affordances of the Chinese Health Code System?

The mechanisms are simple, yet highly penetrative into the privacy of users. Before registering the user has to comply with an obscure privacy policy and oblige to disclose their real name, disclose their ID number, contact details, travel, medical history, self-report any symptoms associated with COVID-19, allow the system to access their location (through a GPS signal) and grant access to the camera. Then, the system assigns a unique QR code to the user along with a status: Green, Yellow or Red, depending on their degree of possible contagion, all based on the information given and their current location. Green means the person is free to move around the city, Yellow means the person has to self-isolate for 7 days, Red – 14-day quarantine. The exact instructions may vary depending on the region, each region has its own Health Code mini-app. 

How does the mini-app work in everyday life?

Every citizen has to disclose their status when entering a public space; one is also obliged to scan a QR code of the location, be it a metro station, restaurant, shop, hotel, and other establishments to keep track of their movement. The status is updated daily at midnight. It is worth mentioning that by the end of February 90% of Zhejiang Province (where the mini-app was first developed) had downloaded the Health Code System on their Alipay, of which 98.2% were Green (Mozur et al 2020), which is why the application is deemed as a success (since at the start of its use the infection rates were low to begin with). Now the system is in use nationwide, even though the download is voluntary, it is impossible to move around without it. Therefore, more code systems are now in ‘the market’, depending on the region, but the requirements for them have already been standardized (Liang 2020).

Albeit nationwide usage, to this day the exact mechanisms on which the System works and how it determines the statuses are unclear. In their study, O’Neill and colleagues (2020) have identified that the app seems to be using largely location data and data mining technologies with the help of AI. But the mini-app sources more than it seems on the surface for example, the ‘Health Code adopts user networks and online transactions to evaluate whether people had contacted potential carriers of COVID-19’ (Liang 2020). Moreover, the collected data is relayed to the local police according to the New York Times analysis (Mozur et al 2020) for further reinforcement. The people behind Alipay’s Health Code System have been also transparent about authorizing the government full access to the data. (Goh 2020) This would be an unthinkable practice in Poland and The Netherlands. The fact that users have never been fully informed about what exactly happens with their data and end up having to rely on an app that determines their mobility is already very problematic. What happens as the result, be it because of pure desire to stop transmission of COVID-19 or an alternative agenda, citizens’ privacy is being slowly chipped away from away, making them more visible through datafication of everyday movements (Liang 2020).

Why is this a problem?

In China there are already talks around expanding the affordances of the Health Code System, to allow people to add their health habits like smoking, alcohol intake as well as sleeping, and how many steps they take daily and use this new information to generate a health score for each user (Daugelaite 2020). The mere existence of the opportunity to expand functionalities poses a great risk for misuse, as stressed by Seda Gurses (Gurses 2020). Indeed, these kinds of affordances in health-related applications are a norm for health-tracking apps. But, when it is a contract tracing app that already tracks users’ location, knows their ID numbers we should take these expansions with a grain of salt. Realistically, apps such as the Chinese provide a window of opportunity ‘for the state to further roll-out and normalize surveillance technologies and there is little sense that the tracking implemented there will be rolled-back post-crisis” (Kitchin 2020). 

Comparing the Dutch, Polish and Chinese application

In comparison to the Dutch and Polish apps, the Chinese Code System is the most opaque and intrusive that makes every end-user visible to the government, which is very far from the reality in the other two countries. Both CoronaMelder and ProteGO allow for retrieval of accumulated information on the user on-demand and have options for sharing personal information, which is not the case with the Chinese Health Code mini-app. 

But even the apps that allow for such retrievals pose a threat to the privacy of individuals, as in the words of Rob Kitchin there has not been ‘sufficient consideration of their consequences for civil liberties, biopolitics or surveillance capitalism and whether the supposed benefits outweigh any commensurate negative effects, or whether the public health ambitions can be realized while protecting civil liberties.’ (2020) 

Conclusion

What is this all for? It is still very early to tell if any of these applications have had a significant result. Contact tracing applications are a set of complex, conditioned, and intertwining issues from data mining to user’s responsibilities and efficacy of those systems and applications. Indeed, in the case of the Chinese Health Code, it did seem to have contributed to the overall slowing down of the outbreak, however, this could be mostly down to points highlighted by Rob Kitchin, that such contact tracing applications ‘will be ineffectual without mass testing (not self-diagnosis), it ideally needed to be introduced when the number of infections was very low, and it requires a 60% opt-in rate which is unlikely to be achieved.’ (2020) Ideal contact tracing applications should simultaneously offer transparency of user’s data, work alongside health researchers to improve ‘accuracy, precision, functionality, confidence of estimates, sources of error’ (Kahn 46-47). Combating the virus with those applications as a complementary aid might prove more advantageous if all sides partaking will hold each other accountable.

Bibliography

Apple. ‘Privacy-Preserving Contact Tracing – Apple and Google’. Apple, https://www.apple.com/covid19/contacttracing. Accessed 8 Oct. 2020.

Barrat, Alain, et al. ‘Effect of Manual and Digital Contact Tracing on COVID-19 Outbreaks: A Study on Empirical Contact Data’. MedRxiv, July 2020, p. 2020.07.24.20159947, doi:10.1101/2020.07.24.20159947.

CoronaMelder. 2020. Rijksoverheid. 8 October 2020. < https://coronamelder.nl/nl >.

Daugelaite, Tautvile. ‘China’s Health Code System Shows the Cost of Controlling 

Coronavirus’. Wired UK, July 2020, https://www.wired.co.uk/article/china-coronavirus-health-code-qr.

De Winter, Pierre. ‘De schaarste te lijf.’ Skipr 4. 2020: 27 – 33.

Dieleman, Christel. ‘De Winter kan niks met kritiek op CoronaMelder.’ computable.nl.      2020. 19 October 2020. <https://www.computable.nl/artikel/nieuws/zorg/7075371/250449/de-winter-kan-niks-met-kritiek-op-coronamelder.html>. 

‘Digitaliseringsepedemie: De CoronaMelder.’ RADIO. 8 October 2020.              <https://soundcloud.com/radioverheid/digitaliseringsepidemie-de-coronamelder >.

Goh, Brenda. ‘China Rolls out Fresh Data Collection Campaign to Combat Coronavirus’. Reuters, 16 Mar. 2020, https://www.reuters.com/article/us-china-health-data-collection-idUSKCN20K0LW.

Huijbregts, Julian. ‘Nederlandse CoronaMelder-app is 2,65 miljoen keer gedownload.’            Tweakers.nl. 2020. 16 October 2020. < https://tweakers.net/nieuws/173232/nederlandse-coronamelder-app-is-2-komma-65-miljoen-keer-gedownload.html>.

 hollandexpatcenter. 2020. 16 October 2020. <https://www.hollandexpatcenter.com/nl/themes/personal—social-needs/health-care/ggd/>.

Kahn, Jeffrey, and Johns Hopkins Project on Ethics and Governance of Digital Contact Tracing Technologies. Project MUSE – Digital Contact Tracing for Pandemic Response. 2020, https://muse.jhu.edu/book/75831.

Kitchin, Rob. ‘Civil Liberties or Public Health, or Civil Liberties and Public Health? Using Surveillance Technologies to Tackle the Spread of COVID-19’. Space and Polity, vol. 0, no. 0, June 2020, pp. 1–20, doi:10.1080/13562576.2020.1770587.

Liang, Fan. ‘COVID-19 and Health Code: How Digital Platforms Tackle the Pandemic in China’: Social Media + Society, Aug. 2020, doi:10.1177/2056305120947657. Sage UK: London, England.

‘Milion Polaków ze STOP COVID – ProteGO Safe – Ministerstwo Cyfryzacji – Portal Gov.pl’. Ministerstwo Cyfryzacji, https://www.gov.pl/web/cyfryzacja/milion-polakow-ze-stop-covid–protego-safe. Accessed 18 Oct. 2020.

Mozur, Paul, et al. In Coronavirus Fight, China Gives Citizens a Color Code, With Red Flags – The New York Times. https://www.nytimes.com/2020/03/01/business/china-coronavirus-surveillance.html. Accessed 12 Oct. 2020. 

NOS. 2020. 6 October 2020. <    https://nos.nl/artikel/2351218-kan-de-corona-app-helpen-deze-deskundigen-denken-van-wel.html>.

NOS. 2020. 10 October 2020. < https://nos.nl/artikel/2351727-coronamelder-vandaag-gelanceerd-maar-app-is-geen-wondermiddel.html>.

O’Neill, Patrick Howell, et al. ‘A Flood of Coronavirus Apps Are Tracking Us. Now It’s Time to Keep Track of Them.’ MIT Technology Review, https://www.technologyreview.com/2020/05/07/1000961/launching-mittr-covid-tracing-tracker/. Accessed 18 Oct. 2020.

ProteGO-Safe/Specs. 2020. STOP COVID – ProteGO Safe, 2020, https://github.com/ProteGO-Safe/specs.

STOP COVID – ProteGO Safe. Computer Software. Apple App Store. Vers. 4.4.0 Ministerstwo Cyfryzacji, 18 September 2020. Web. 9 October 2020

Studium Generale Delft. The Corona App: Solution to Our Problems or a Big Mistake? | Seda Gürses. 2020, https://www.youtube.com/watch?v=sA7brxrhy4c&ab_channel=StudiumGeneraleDelft. 

Van Gemert-Pijnen, Lisette. Eindrapportage gebruikerstesten Corona notificatie app (regio Twente). Twente: University of Twente, 2020. 

van Kolfschooten, Hannah, and Anniek de Ruijter. ‘COVID-19 and Privacy in the European Union: A Legal Perspective on Contact Tracing’. Contemporary Security Policy, vol. 41, no. 3, July 2020, pp. 478–91, doi:10.1080/13523260.2020.1771509.

Xinhua News Agency. 见过凌晨四点的杭州，只为早日“无码”——“健康码”背后的复工记. https://baijiahao.baidu.com/s?id=1659147516916399925&wfr=spider&for=pc. Accessed 18 Oct. 2020.