April 10, 2020
Stanford researchers help develop privacy-focused coronavirus alert app
In late January, Tina White should have been finishing her dissertation, but instead, she found herself lying awake at night, feeling helpless that the COVID-19 outbreak in China might spread worldwide. Her anxiety increased as authorities in China and elsewhere began using cell phone data to track the movements of people infected with the disease.
In mid-February, when White realized that these efforts had few, if any, privacy safeguards, she published an online post outlining how to create a smartphone-based app that would allow people who tested positive for COVID-19 to anonymously alert others whom they might have unwittingly infected.
Her post quickly elicited offers of help from James Petrie, a graduate student in applied mathematics at the University of Waterloo in Canada, and Rhys Fenwick, a science communicator who studied at the University of Wollongong, Australia. The trio co-founded Covid Watch, a bootstrapped, international, nonprofit built around 15 core contributors, and nearly 200 part-time volunteers, with an advisory contribution by Stanford's Julie Parsonnet, the George DeForrest Barnett Professor in Medicine, and professor of health research and policy in epidemiology.
"COVID-19 is the worst public health crisis in a generation, with severe implications for people's health and livelihoods. This is a global crisis that may soon impact all countries," said White, a graduate student in mechanical engineering at Stanford. "We believe that an early warning system using Bluetooth has the potential to simultaneously reduce the spread of infectious diseases like COVID-19 and allow the world to come out of lockdown."
White took time out from her efforts to explain how Covid Watch will work.
The Bluetooth "pairing" built into smartphones forms the app's technological foundation.
The wireless technology that connects smartphones to headsets and other devices is at the heart of Covid Watch. Once a user downloads the app, if their phone approaches within 6 feet of another smartphone that also has the app installed, and maintains that proximity for 15 minutes or more, the two phones share a temporary contact number (TCN) that is stored on each device.
So, no data ever leaves the phone, and the data that is stored locally is anonymous. Covid Watch relies on self-reporting, and the developers assume that no responsible person, knowing they were COVID-positive, would purposefully risk spreading the disease through prolonged contact with others. However, if an app user is later confirmed positive, they can send their anonymous TCN data to a cloud storage repository. The app will then alert other app users who spent 15 minutes or more near the infected person.
"This way, people can choose to follow guidance like calling their public health department, instead of being tracked and contacted directly," White said.
Personal anonymity and community acceptance form the app's behavioral foundation.
Covid Watch is confident its technology works because the centralized COVID-19 tracking apps deployed elsewhere, such as in Singapore, also use a Bluetooth-based approach. But such centralized apps upload Bluetooth proximity data immediately to a secure central database, and the data is associated with a person's identity to help authorities track down others who have crossed paths with them. This so-called contact-tracing approach is both labor and computationally intensive and raises major privacy concerns.
In contrast, Covid Watch encourages voluntary adoption. "Our app is meant to be adopted among communities of users who want to help notify each other and establish early warning systems within their own communities of friends and family and close contacts, and grow from there," White said.
According to the developers, at least 60 percent of the people in a community must adopt the app before it's effective. The software is open source, which means that as other similar apps become available, they can tap into Covid Watch's anonymous notification protocols to increase its usefulness. Covid Watch's Petrie and Zsombor Szabo, a Bluetooth developer from Romania, are working with several other groups to enable future interoperability between different anonymous alert systems.
County and state government cooperation and user beta testing come next.
Covid Watch's reliability will hinge upon assuring users they can trust alerts about potentially infectious contacts. To prevent accidental or malicious false notifications, White has proposed collaborations with government public health officials to assign every COVID-infected person an anonymous number using a public health app. That number could then be shared with Covid Watch without identifying the sick individual. As Covid Watch nears its two-month anniversary, the team is recruiting beta testers who share a shelter-in-place household and own different brands of phones to help test interoperability.
"We're working hard to develop an app that protects both public health and personal privacy," White said.