I’ve seen a number of posts of people freaking out on social media telling everyone to disable COVID-19 notifications. I want to encourage you instead to make sure they are turned on. I also want to encourage you to download the tracing app once available. I even want to encourage states to make one. The main concern people have is privacy and I also have a similar concern. However, cryptographers at Google and Apple figured out a way that protects that. On the other hand, we have ethical obligations to minimally invasive things to protect ourselves and others.
The Verge notes, “In order to lift social distancing measures like school closures and “stay home” orders, public health agencies will have to start aggressively contact tracing and at a much higher level than they were a few months ago.” It later explains, “Contact tracing is based on an obvious idea: people in close contact with someone who has COVID-19 are at risk of getting sick.”
But obviously, most of us don’t want our location constantly given to some big database. So, what do they do?
Lots of Big Random Numbers
The method they use is a little complicated and we can get lost in technical details. All that these apps can do is listen for other large random numbers while sending out its own every 5 minutes. This is done via Bluetooth, so only those pretty close. The phones are given no information about each other except what random number the other gave off. Every so often, maybe a few times a day, your phone connects to a central database to download the random numbers those just diagnosed sent from their phones while infected. If you are infected, health care workers simply add the random numbers you’ve sent in the past few days to the central database. Your phone also automatically deletes all the numbers after two weeks or when you tell it to.
As another Verge article mentioned, “There is no centrally accessible master list of which phones have matched, contagious or otherwise. That’s because the phones themselves are performing the cryptographic calculations required to protect privacy. The central servers only maintain the database of shared keys, rather than the interactions between those keys.”
State by State Apps
The setting on your phone is not tracking you. It is not even doing anything unless you download an app. Google explicitly says: “To use the system, you need to download your public health authority’s app.”
Gizmodo later confirmed this. Google later explains the process:
When you turn on Exposure Notifications within an app from your region’s government public health authority, your phone shares random IDs with other nearby phones that also have turned on the Exposure Notifications System.
Throughout the day, your phone and the phones around you exchange random IDs. When your phone detects a random ID from another device, it records and stores the ID.
If someone reports having COVID-19 and their ID is stored on your phone, the app will notify you of next steps to take.
The setting just enables what in technical terms is an API. APIs are just ways other programs can interact with a system. Like for instance Twitter does not have a way to schedule tweets but has an API letting others post Tweets. So Buffer lets me write a tweet now and post it in a few hours. In a few hours, Buffer uses that API to post that tweet from their server.
They made an API for health authorities to use. One journalist contacted all 50 health departments on May 20 when this API rolled out. 4 replied they were working on using it, while many others replied they were looking into all options or didn’t reply. It seems like some others have more positive attitudes towards it now than then.
The Ethical Concerns
I do have significant ethical concerns already about phones. I’m concerned about what Google, Apple, Facebook, Amazon, etc. know about us from constantly tracking so much about us. I turn off all voice-activated commands on my phone as I don’t want it constantly listening.
There is a possibility of discovering who was infected when they are added to the database by calling people you knew you were with, but that same method could be using by any form of contact tracing to try to discover who you were in contact with once a health department official calls you. In fact, this is more private than that as your friend doesn’t need to share their contact book with the health department. It also manages to be broader so if you were in line in front of the person 10 minutes at the Chinese take-out, you know that you were likely exposed even though you can’t name the person.
Obviously, this is based on cryptography beyond my understanding. I don’t know how to generate so many random numbers while avoiding duplicates. Generating truly random – not just pseudorandom – numbers is far more difficult than you might think in computers when you re dealing with so many numbers and you don’t want copies. I only got so far as the basic random command on Basic or C/C++ which is not really random but based off the state of the computer at the instant.
I think such a system that is mainly kept on individual phones would be hard to hack.
We have a strong obligation to protect our health and the health of those around us. Obviously this obligation is in proportion to other concerns. Catholic ethicists widely agree that some means at end of life are not needed (called extraordinary or disproportionate depending on the bioethicist). The smaller the effort for the greater improvement in our own health, the greater the obligation. For an extreme example, not drinking known poison has a strong obligation as completely non-invasive and significantly improves health. On the other hand, if a person late in cancer is told that another round of chemo might prolong their life a few weeks but cause them immense pain for that whole time, they are under no obligation. Most things we think of fall somewhere in the middle.
For others, we are obliged sometimes to avoiding doing things – like don’t fly when you have the flu to avoid infecting others. We are also obliged to drive safely for the safety of others on the road. This obligation is not as strong as our own health, and it is stronger for those close to us: spouses should encourage each other to eat healthily but the same obligation does not apply to your cousin you see twice a year. However, this is supported strongly by charity. It is charitable to help other health by donating blood or calling a group of friends you were with the night before you came down with the flu symptoms to tell them they might want to stay home.
Now, where does this fall? Let’s examine both sides. First of all, this tracing is minimally burdensome. The only definite cost is that your phone battery will drain slightly faster. There is a slight issue of privacy but revealing info via hacking is unlikely and your phone already sends way more info to Google or Apple. Secondly, it seems like this is unlikely to protect you as it just informs when someone has been close to another with COVID. However, it seems like a big step in protecting those around as if you are informed and quarantine yourself, you stop a lot of spread. COVID has relatively high transmission and mortality rates if someone is out in public, so it is valuable to slow or stop that spread.
It is definitely an act of charity to others to install such an app if available. Unless the system is shown to not provide the privacy it should, I see no significant reason not to download this app. If a state or business requires it installed, that seems like a just law / rule, so should be obeyed. If not legally required, I am not sure if it would be an absolute moral requirement.
I really hope that more states will sign on to increase tracing, reduce the disease, and open more. I feel for all those Catholics who want to return to Mass and confession, return to Bible study groups, and groups serving the needy. Enabling an anonymous tracing method like this is probably one of the biggest steps to get back to close to old-normal (still probably with masks and no handshakes). Let’s encourage small actions we can each take to help stop the spread.
Note: Please support me on Patreon so I can write more about the ethics of privacy form a Catholic perspective.