Skip to NavigationSkip to content

How Big Brother is helping to fight COVID-19

Published on 01/06/20 at 12:55pm

Following the unprecedented disruption created by COVID-19, many governments are increasingly looking at using data from contact-tracing apps to help their populations return to some semblance of normality. Conor Kavanagh looks at the benefits of using data to fight this pandemic, but also the privacy concerns and problems this brings.

The coronavirus pandemic has caused economic and societal gridlock around the globe. Contact-tracing apps are one of the ways in which a number of governments have chosen to begin tackling the problem, and these have already been used in South Korea and Taiwan to effectively find infected people and isolate them from the rest of the population. It has also allowed these countries to ease the lockdowns in certain regions, as the app will warn people if they have come into contact with an infected person.

These apps require the participation of the government, civilians and businesses and use various types of personal data to track people. Europe is looking to replicate these types of apps, but certain laws will make it far more difficult to implement.  

The success of contact tracing in Asian democracies

Most of the countries and regions that have effectively combatted COVID-19 lie in Asia, and nearly all have implemented a form of contact tracing based on personal data. China, South Korea, Taiwan, Singapore and Japan have all seen their governments work with private tech companies to develop apps and technology to implement their contact-tracing strategies. 

South Korea and Taiwan are two countries that the West may seek to copy because they are similar democracies. More authoritarian countries like China already had an advanced surveillance state in place to monitor its citizens prior to the emergence of the coronavirus, whereas South Korea and Taiwan have had to coordinate with the public and private sectors to create a new type of contact-tracing technology.

South Korea is the standout candidate to be replicated, and has been able to learn its lesson from its approach to the 2015 MERS outbreak, where a breakdown in communication and data sharing meant Koreans did not know who had been infected or which hospitals were treating cases. The South Korean government’s contact-tracing strategy has seen the monitor of phone location data, credit card records and surveillance camera video footage. This collection of data is shared via a central website, which allows the government to see the movement patterns of infected patients. However, private companies have also joined the effort to map individuals’ movements to help with contact tracing. 

One of the most popular apps during the initial outbreak was Corona 100m, which was downloaded over a million times in the weeks following its release on 11 February. The app alerts users if they are within a 100 metre radius of a COVID-19 patient and shares their diagnosis data, nationality, age, gender and previous locations they have travelled to recently. The second most popular contact-tracing app was CoronaMap, which similarly plots locations of diagnosed patients to help people avoid areas where anyone infected has travelled. Lee Jun-young, the developer of the app, and a former Android software engineer, said he made the app because he found the government data hard to understand.

These apps have been combined with further steps taken by the government. A separate government app tracks the location of all new visitors to the country, while those who have violated quarantine have to wear location-tracking bracelets. The wristbands would instantly alert authorities if attempts were made to tamper with them. The government has taken a step back on this specific measure due to human rights groups’ complaints, so the bracelet will only be worn if the patient voluntarily submits to wearing one. The government is also utilising the smart city technology it had previously implemented to track traffic and pollution, and adapting it to use contact-tracing app data to monitor COVID-19. Combining these technologies, it is estimated that it would take just 10 minutes to find out where a coronavirus patient had travelled across the span of a day. 

This tech approach is just one element of South Korea’s response to the pandemic, and at the time of writing it only has 256 deaths and 35 new cases. Contact tracing has clearly been a success in this region. 

It seems that exposure to previous epidemics has left Asian countries prepared to fight this current virus far better than the rest of the world. Taiwan is another democratic region like South Korea, that has successfully reduced its number of cases. It was one of the hardest hit places in the world during the 2003 SARS epidemic. In 2004, Taiwan launched the National Health Command Center, which unified the separate bodies of Central Epidemic Command Center, the Biological Pathogen Disaster Command Center, the Counter-Bioterrorism Command Center, and the Central Medical Emergency Operations Center. 

At the start of the COVID-19 outbreak, these institutions coordinated and integrated infected patients’ past 14-day travel history with their identification data, which then facilitated mobile tracking. This was then followed by the launch of the Entry Quarantine System that sought to expedite entry by providing passengers with a health declaration pass via SMS text, with all pharmacies, hospitals and clinics gaining access to their patients’ travel history shortly after. 

All patients confirmed to have COVID-19 have their location tracked to make sure they do not break quarantine. If the patient ventures too far from their home, they will trigger an alert system and calls and messages from the government are used to ascertain their precise location. Any person found to be breaking their quarantine can be fined up to $33,000. This system has been created in collaboration with the country's five major telecoms companies, and as long as the phone is turned on, they can use cell towers to triangulate the location of an individual. Taiwan has recorded multiple days in a row with no new cases of COVID-19 and has only had seven deaths at the time of writing. 

The use of technology that so drastically infringes on the privacy of every citizen can only be implemented with broad public support; this is something both Taiwan and South Korea share. A poll in February by the Taiwanese Public Opinion Foundation found that on average people rated the government’s response to the pandemic as 84 out of 100.  

Public distrust in the West

While many Western countries are looking at Asian democracies for inspiration in their own contact-tracing strategies, it is clear there are numerous hurdles to implementing something as effective as the South Korean or Taiwanese systems. The worst pandemic in a century has come at a time where the public are increasingly distrustful of handing over their personal mobile phone data to corporations and governments. Many feel that once the government has access to data they will never give up the privilege.

The Western nations involved in the ‘war on terror’ have far more distrust in their government’s potential misuse of their data than countries like South Korea and Taiwan. This is due to various whistleblowers exposing how Western nations created illegal and secretive surveillance programs to aid in potentially catching members of al-Qaeda or the Islamic State. 

In 2013, whistleblower Edward Snowden, an ex-CIA employee, revealed how Western governments had abused legislation like the Patriot Act to create surveillance programs that monitor millions of innocent civilians. In the US, Snowden exposed the fact that the National Security Agency (NSA) had been paying private tech companies for clandestine access to their communications networks. They also ran a program called PRISM which allowed court-approved access to Americans’ Google and Yahoo accounts, and they would secretly collect information from hundreds of millions of account holders worldwide by tapping undersea cables using the MUSCULAR surveillance program. The NSA also had a database called Boundless Informant, where they stored millions of Americans’ daily phone records which Verizon handed them after a secret court order. 

Snowden also exposed a British surveillance program called Tempora which was run by GCHQ. This was a computer system that would buffer internet communications from fibre optic cables, so it could store them in a database to be searched through at a later date. This included recordings of telephone calls, emails, Facebook entries and internet history, and no distinction was made between gathering the general public’s data or potential terror suspects. Snowden also alleged that GCHQ worked with private companies to obtain the data. Snowden’s revelations showed that Western governments went far beyond the law to spy on millions of innocent civilians without any concrete justifications. 

Another scandal, exposed in 2018, also increased the public’s distrust of allowing external access to a person’s data. The Facebook-Cambridge Analytica scandal saw millions of Facebook users’ personal data being harvested to be used in targeting accounts with political advertising to sway the vote of individuals. It was taken advantage of by the 2016 Trump presidential campaign and groups supporting the Leave side of the British EU referendum.

With contact tracing, the world’s governments are asking for voluntary access to their citizens’ data in order to monitor and map every movement they make. Snowden has warned about the increasingly draconian measures implemented during the pandemic, while a group of 177 cyber security experts in the UK signed a letter on 29 April, voicing their concerns on the British contact-tracing app. They fear that these apps will be the basis of a future surveillance program to spy on citizens who the government may label ‘bad actors’.

Jason Kneen, a freelance IOS and Android developer, feels that these events have poisoned the public perception of contact-tracing apps, despite him believing they are not vulnerable to the same risks.  He told Pharmafocus: “We have been indoctrinated into thinking that everything is about capturing our data and tracking us and so we’ll be more wary of installing these apps. In reality, Cambridge Analytica and situations like that come from people playing these Facebook games like ‘what’s your IQ’ or ‘what’s your Jedi name’ — which ask you to share the result, therefore agreeing to share data. This means you’re not only sharing yours but all your friends’ data. 

I think the concept of the contact-tracking app is a good one, it’s just been ruined by us being let down by things like Facebook and situations like Cambridge Analytica.”

However, the public concerns have not fallen upon deaf ears in many of the world’s governing bodies and organisations. The EU, and its associated bodies, has been the most prominent in its warnings. The European Data Protection Board, which oversees the EU’s data protection authorities, published guidelines on the use of contact-tracing software. They advocated for a decentralised model of data storage, as well as having the code used in the development of contact-tracing apps to be checked by experts and scrutinised by the public. It also urged that impact assessments are carried out by national data protection agencies and the results made available to the public. 

This sentiment was shared by the European Commission, which warned against potential privacy infringements. In a 16 April document, the Commission stated that: “Collecting an individual’s movements in the context of contact-tracing apps would violate the principle of data minimisation and would create major security and privacy issues.” It also outlines that adoption of apps should be voluntary and they should be dismantled as soon as they are not needed anymore. 

This guidance is also backed up by the EU’s General Data Protection Regulation (GDPR) which sets out strict limits on the processing of personal data, making it difficult for member states to use smartphone location data. Health data in particular is protected under Article 9 of the law. This means EU members, including the UK until 31 December 2020, must create their contact-tracing apps in accordance with this regulation. 

Although this law allows the collection of data, it does not prohibit data processing activities. It does require a user’s consent, which gives the legal basis for this data processing, providing that it was obtained in accordance with the requirements under the GDPR. This law makes it unlikely that EU member states will be able to set up a contact-tracing system as effective as those found in Taiwan and South Korea. 

Centralised and decentralised approaches

Western democracies are split on what type of contact-tracing app should be utilised. The two main approaches are either a decentralised or a centralised system. A decentralised approach works by the user’s phone locally processing contact tracing and risk based on generating and sharing Bluetooth identifiers. A backend server then pushes this data out to devices in the immediate proximity. 

So when an infected person is diagnosed with COVID-19, a health authority would sanction the upload of one of these Bluetooth identifiers, which would be sent to other devices in the vicinity to warn them of the risk of coming into contact with an infected person. This means that there is no requirement for the data to be pooled in a centralised hub. 

Apple and Google are pursuing decentralised contact-tracing apps to run in the background of their operating systems. Kneen says this would bedone so that they do not have to rely on users to download an app from the app store, which affects the take up of such software. He added: “By building this into the OS, Google and Apple can ensure that the maximum coverage is reached. Also with Apple so into privacy, this will hopefully ensure people can trust this approach. Of course, they’ll allow people to opt out.”

This approach is the one privacy groups are advocating for, as it protects users’ data far more. Most countries are pursuing this decentralised approach, but France and the UK are pursuing a centralised one. Germany was expected to join them, but has since done a U-turn. 

A centralised app operates in a similar manner to its decentralised counterpart, using Bluetooth signals for users to communicate. But this anonymised data is then gathered and uploaded to a central server and matches are made with those who have contracted the virus. Dr Michael Veale, a Lecturer in Digital Rights and Regulation at University College London, told TechCrunch: “One of the major concerns around centralisation is that the system can be expanded, that states can reconstruct a social graph of who-has-been-close-to-who, and may then expand profiling and other provisions on that basis. 

“The data can be co-opted and used by law enforcement and intelligence for non-public health purposes. A decentralised system puts hard technical limits on surveillance abuses from COVID-19 Bluetooth tracking across the world, by ensuring other countries use privacy-protective approaches.”

Countries must choose which method suits their own laws as there are potential pitfalls with either approach, but centralised strategies have the most risk. Citizens must trust their data to a single operator who has constant access to the anonymised IDs. All this data in a central database puts it at greater risk of being hacked or being abused by the government. 

Kneen believes that either approach is necessary in fighting the pandemic, but feels it will be undermined by privacy concerns. He said: “I think the motive behind the app is a good one and if it was installed (or able to be installed) by everyone it would be a good thing. I believe though, that the benefit has been lost in light of privacy concerns and concerns that it wouldn’t run properly in the background (it does) so I can’t see a lot of people using it.”

Kneen also feels the decentralised approach of Apple and Google is the best way to implement contact tracing in Western countries, saying: “I think Apple and Google baking this into the OS is the best way to ensure the most people will use and benefit from it; obviously they can turn it off but I still think an OS-level approach will get a larger footprint of users than an app-based one.”

As the contact-tracing apps are being rolled out across Europe, it is clear they want to replicate the success found in the South Korean and Taiwanese response to the coronavirus pandemic. However, in fighting over what approach to take, public distrust of governments accessing their personal data and data protection laws make this an unrealistic target. While contact-tracing apps and technology seem to be the future of fighting pandemics, the society it will create has left many, like Snowden, worried. It will be hard to convince citizens it is in their best interest to give up so much of their privacy. 

Conor Kavanagh

Mission Statement is a leading portal for the pharmaceutical industry, providing industry professionals with pharma news, pharma events, pharma service company listings and pharma jobs,
Site content is produced by our editorial team exclusively for and our industry newspaper Pharmafocus. Service company profiles and listings are taken from our pharmaceutical industry directory, Pharmafile, and presented in a unique Find and Compare format to ensure the most relevant matches