Contact Tracing App: tracking movements for the public healthcare
23 April 2020 | Written by Gaetano Fabiano
What questions should be asked for this necessary technology to be developed ethically?
Health authorities around the planet, including the Italian ones, are joining forces to find solutions to the pandemic derived from the new Coronavirus in order to allow a return to a normal lifestyle. Keeping track of travel, together with social containment, is currently one of the few weapons humanity has to overcome the challenge. As many know, it takes some time for the virus to show its first symptoms. It is therefore necessary, once the diagnosis has been made, to reconstruct the movements that the patient has made as an asymptomatic infected. The goal is to keep track of contacts (contact tracing) and therefore intervene promptly on all those with whom the infected patient has come into contact.
Sharing data in the ongoing pandemic poses ethical questions about how it is right to share personal information for a superior good that can be that of health. The question does not simply concern whether it is good to do it, but above all who should do it, how it should be done and what to do with the data collected once the emergency is over.
Big-Tech rival companies that join forces. In a note released on April 3, the two US technology giants competing companies Apple and Google, have announced that they will work together to release a technology useful to keep track of the movements for the containment of the Covid-19 pandemic. Certainly, companies of this caliber possess the necessary technological infrastructures and knowledge, but the States, or in any case the health authorities, will have to equip themselves because it would be worrying if it remained a technology exclusively reserved for private companies. The goal is to allow the use of Bluetooth technology to help governments and health authorities to contain the infections, in full respect of users’ security and privacy.
“Privacy and protection of personal data are two things closely linked but not to be confused: in this context, both play an important role”
As specified by Paolo Benanti, Professor of Moral Theology and Ethics of Technologies.
The fact that, in such a short time, the two companies manage to get to a usable solution clearly says that the basic enabling technology for this type of analysis exists and is already in our pockets but it is necessary to legitimize an end.
Use and reuse of data. In recent years there has been much discussion about the fact that data is the oil of the future. But there is a profound difference: oil cannot be burned twice, it is used once and only once. Data, on the other hand, can be reused an infinite number of times to extract huge quantities of information useful for building knowledge or training automatic systems.
What to do with positive patient contact data once the emergency is over?
A choice in this direction is a dilemma between different values. On the one hand we could demand the total cancellation of such data, on the other the risk is that of a massive use for other purposes. Halfway we could glimpse an approach that will reuse the data, where possible, in an aggregate way and always and in any case in anonymized form. A necessary reuse for research and study, which could allow to create useful models to prevent future emergencies.
The PEPP-PT, DP-3T and ROBERT consortium. The virus has spread rapidly and knows no political boundaries, to keep it under control it is necessary to act in the same way: quickly. Speed of decisions and international cooperation are essential to protect the whole of humanity. For these reasons, the Pan-European Privacy-Preserving Proximity Tracing was born, a non-profit consortium based in Switzerland created to provide technical support to the health crisis in full compliance with European laws and principles regarding privacy and data protection. The goal of the organization is to make the necessary technological standards available to developers around the world in the fastest and easiest way possible.
The PEPP-PT team, which as of March 31 had over 130 members in eight European countries, includes scientists, technologists, companies, developers and experts from well-known national and international research institutes and companies. The members have experience in the fields of telecommunications engineering, computer science, epidemiology, proximity tracking, security, privacy, cryptography, data protection, software application development, big data, scalable systems, super computing infrastructures and artificial intelligence. The PEPP-PT was created to support national initiatives, providing ready-to-use, well-tested and adequately assessed mechanisms and standards, as well as support for interoperability, awareness raising and operation when needed.
There is also another proposal, put forward by a group of researchers, which suggests using a federated server infrastructure and temporary anonymous identifiers to guarantee security and privacy: this is the ROBERT (ROBust and privacy-presERving proximity Tracing protocol) collaborative project of which, however, as for the PEPP-PT consortium, source codes are not yet visible.
Last, but not least, Professor Carmela Troncoso (École polytechnique fédérale de Lausanne) leads another project, the only one so far, of which the source codes (open source) are visible, which has had its distinctive feature in being decentralized. The project known as DP-3T, Decentralized Privacy-Preserving Proximity Tracing has also brought implications to Italy where a community of independent and independent developers, not linked to companies or consortia, is developing an opensource technology based precisely on the DP-3T project.
The approach that contact tracing can use to guarantee privacy and protect data. All the proposed mechanisms provide for the use of bluetooth but not that of GPS, they do not use the user’s identity or data but only anonymous codes in accordance with privacy laws.
The operation of the proposed mechanism is as follows: the technology is able to communicate with the devices with which we are in proximity and stores anonymously all the people with whom we have been in contact in the last 14 days. If we are diagnosed with the new coronavirus, by updating the application status, the technology automatically warns all the people we have been in contact with and are invited to go into self-isolation.
However, the identification of the contacts of the infected can be done in two ways, one centralized and one decentralized. In a centralized system all the data (anonymised in the form of a code) are loaded in a single point (server or federation of servers) and then analyzed: this is where the system will understand if there have been contacts with a positive patient. In a decentralized system, only data from positive people are loaded while all other data remains on the user’s device. It will then be the single device to search the server if the owner has met, in the previous days, a positive user, alerting him.
There is also a profound ethical difference between the two approaches: in a centralized system, health authorities will have not only the data of the infected but also the data of the contacts between healthy and infected people. In a decentralized system, only the owner of the device, and not the entire system, will know if he has been in contact with a positive person and can therefore communicate it to those in duty. In a centralized system there would be more control but more reuse of data and more post-analysis will be possible.
The decentralized approach is the one proposed by Apple-Google and DP-3T, while the centralized one seems to be falling under the indications of the PEPP-PT consortium and the ROBERT project, even though the European Parliament has also expressed its desire to follow the path of decentralized approach.
The official development of the Italian system was entrusted to the Bending Spoons company which announced, but has not yet done so, to release the code in open source mode. When this occurs, the publication of the source code will make it possible to monitor its correct functioning and above all it will give the opportunity to receive contributions from the community of developers, accelerating and improving their development.
The Italian Innovation Minister, Paola Pisano, also spoke on the topic and in a note said that:
“The contact tracing system must be finalized taking into account the evolution of international contact tracing systems, still not fully defined today (PEPP-PT, DP-3T, ROBERT), and in particular the evolution of the model announced by Apple and Google. The source code of the contact tracing system will be released with Open Source MPL 2.0 license and therefore as free and open software.”
The adoption of contact tracing technologies if used correctly will be able to manage the pandemic and will probably be fundamental for the resolution of the planetary health emergency, for a gradual return to normal.
Its development, if done ethically, will also irrefutably affect the approach to the development of technologies designed exclusively for the public good and collective well-being.
In order for this to happen, it would be necessary to ask whether an adoption at a national level makes sense or it would be right to think of a single adoption at an international level: the virus knows no political boundaries. Would it be correct to also be able to think about other uses and re-use of data for research purposes other than the immediate solution of the pandemic? Can we also rely on fast and efficient but proprietary solutions or is it always preferable for this kind of technology to release in an open, free and transparent way so that anyone with the skills can supervise and verify their correct internal functioning?
Is it good to think that it is only the States and the health authorities, without direct economic interests, to equip themselves from a technical and technological point of view for adoption, and to ask that implementation does not become the prerogative of private companies?
From the answers that the implementation of this technology will give we will understand if this pandemic will also positively influence the ethical approach to technological development and perhaps after this occasion we will learn to rebuild also a technological world that always puts the good of humanity at its center.