Leandra Lopez – Protecting user data and privacy is a high-risk proposition for app developers and user entities, and COVID-19 has only heightened the stakes. As lockdowns are lifted, businesses reopen, and college campuses resume on-campus living, contact tracing could provide an invaluable tool to ensure public health – if decision makers can convince users they won’t be sacrificing their privacy.
Status quo contact tracing apps have been largely ineffective at addressing privacy concerns, as evidenced by their limited use. Released in May, Apple and Google collaborated on Bluetooth-based contact tracing technology to assist governments with efforts to trace positive cases. Latvia and Switzerland have started using the technology, and Virginia is the sole state in the US to integrate it into their state’s contact tracing app. It’s a poor showing for the two tech giants, who can’t seem to shake the perception that they’re just in it for the free data.
Concerns about “big government and “big tech” seem to be at the heart of lackluster participation, and many apps collect more than they need to track positive cases. Absent the social license to operate, contact tracing apps will continue to see limited value. Blockchain technology could provide the indispensable piece missing in the contact tracing puzzle to alleviate these concerns.
Blockchain’s distributed ledger technology (DLT) could be used to create a decentralized and anonymous platform for users to share limited, but vital, information. Blockchain systems store cryptographically secured and verified data points within an interconnected network. Because users can manage their own data and have control over sharing access, user confidence would be improved. For example, users could be given the option to share data only when they’ve contracted coronavirus and limit data to particular periods of time.
Another model could involve tokenized and encrypted verification of infected rolling proximity identifiers (RPIDs) that can be burned after users determine the token is no longer utile. This would resolve concerns that consenting to contact tracing now might result in permanent tracking that could later be used by governments to identify particular users.
Zero-knowledge proofs (ZKPs), developed by MIT researchers in the 1980s, are used to verify information by giving the data owner the ability to reveal a particular attribute about data without releasing the data itself. Integrating ZPKs could give users the ability to share information about whether they have been in contact with a positive person without sharing data about who they have been in contact with. ZPKs could also be used to verify that a user has not violated a quarantine order or travelled to a high-risk state without disclosing their location data.
The anonymity and user-controls fundamental to a blockchain-based platform could address various potential legal pitfalls. As employers begin to require the use of contact tracing apps, there is concern that apps will infringe on the Americans with Disabilities Act (ADA) and Equal Employment Opportunity Commission (EEOC) protections that prohibit employers from collecting certain medical data and require that when sensitive data is collected, it is safely stored to avoid confidentiality issues. Another concern is that some states have regulated how and what data businesses are allowed to collect. For example, businesses need to be mindful of the California Consumer Privacy Act (CCPA), European Union’s General Data Protection Regulation (GDPR), and New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act).
Contact tracing technology hasn’t lived up to the hype and meaningful participation remains to be seen in many communities. Fortunately, because tracing even a fraction of cases can slow the spread of COVID-19, changes to contact tracing apps that encourage participation by highlighting user control over data are worthwhile. Blockchain technology could be the key to creating user buy-in and trust, which would be a win for privacy advocates and public health.
