Q&A: Asst. Prof. Blase Ur on Contact Tracing Tech and Privacy

Scientific experts agree that widespread testing, contract tracing and isolation of infected individuals will be critical for reopening society until a vaccine for coronavirus becomes available. Contact tracing, the determination of who a person diagnosed with COVID-19 encountered while possibly infectious, has attracted the attention of technology companies. Most notably, Apple and Google have partnered to develop a tool that tracks interactions between people with smartphones running their operating systems, so that people who were recently nearby an infected individual will be notified and advised to receive testing.

While potentially a powerful approach to supplement human contact tracers, the technology also raises concerns about sacrificing privacy for public health. UChicago News spoke to Neubauer Family Assistant Professor Blase Ur, a University of Chicago expert on human-computer interaction and user-centered security and privacy, about how this contact tracing system works and whether the privacy fears are valid or outweighed by the benefits.

What is contact tracing and why is it needed?

As you open up during a pandemic, or even while things are closed and people are going about essential business, there's the concern that disease might spread through the population. You want to know how the disease spreads and the people that the disease has spread to, so that you know who needs to get tested. The reason this is particularly hard with COVID-19 is, you can get infected, be asymptomatic for a while, and transmit the virus to other people before you even show symptoms.

The whole idea of contact tracing, on a micro level, is that when someone realizes they have COVID-19, they are able to reach out to other people they’ve come in contact with during the period they're likely to have been able to transmit the virus, to let them know that they should go get tested. On a macro level, it also helps policymakers understand the spread of a virus in a population.

The contact tracing system attracting the most attention was co-designed by Apple and Google: How does it work?

You could imagine very privacy-invasive ways of doing contact tracing. Someone sets up a central database and everyone's phone, every couple of minutes, sends their GPS coordinates to that database along with a personal identifier. That's not at all what's happening.

The Google/Apple system uses Bluetooth Low Energy. Bluetooth is what you use to connect to your wireless speaker or connect your phone to your car stereo; your phone is sending out this little beacon. It's designed to transmit on the order of 10 feet, so it's actually a nice proxy for if you are within 10 feet of someone with COVID-19 for an extended amount of time, when there's a decent likelihood of virus transmission.

But it would not preserve privacy if you always broadcast who you are, or even if you just picked a single random name and always broadcast that. So what these schemes do is, every few minutes, they pick a new identifier. Your phone records every identifier that it has used or encountered for the last couple of weeks. And then, if you're brought into a hospital and they realize that you have COVID-19, you work with a health provider and basically publish the list of all the identifiers that you sent out. That list gets broadcast to everyone else with the app, and anyone who recorded encountering any of these identifiers is told that they probably came in contact with someone who was later diagnosed with COVID-19.

Where are the records of these interactions kept?

If you have not been diagnosed with COVID-19, all of the names you've announced and all the names you've seen are only on your phone. It's only when you're diagnosed with COVID-19 that the names you've announced get sent to everyone else. So there's no centralized database. It's a nice scheme, from a privacy point of view.

Privacy aside, would a location-tracking system work better?

Bluetooth transmits a short distance, and you can determine exactly how close I was to somebody from how strong the signal was and also how long I was that close to them. That's actually better than just keeping track of what locations you were in. If you’re keeping track of locations, then you'd have to keep very detailed timestamps, because you want to know who was in this location at the same time. So actually this scheme is not just more privacy-protected, but realistically, at least as effective, under the assumption that everyone is using the scheme.

Where location would work better is if you have someone who is not participating in a scheme or doesn't even have a cell phone. Then you could say, someone with COVID-19 was in this store at 2:32 p.m. on Friday in the vegetable aisle. That would be useful, but a lot of designers seem to assume that everyone's going to participate in contact tracing, so this location stuff just doesn't matter.

But these apps will likely be opt-in, so will they still be effective if only a fraction of the population choose, or are able, to participate?

Yes, anyone without a smartphone is being left out. Also anyone without a relatively recent smartphone that actually supports Bluetooth Low Energy; there are lots of smartphones that actually don't even have the technology to participate in these protocols. Who doesn't have a smartphone or doesn't have a new expensive smartphone? It tends to be the poor and the elderly, who are also being disproportionately hit hard by COVID-19. So that's a big problem.

And then the other place where non-participation comes up is people that have the technology and are either unaware of what's going on, or more commonly will probably just choose not to participate. Why would they choose not to participate? If they're worried about their privacy, or if they don't see the benefit. From a computer security nerd point of view, it's actually a very reasonable privacy-protective scheme for getting the data that's needed. I'm often skeptical of anything with tracking capabilities, but here I think it's actually a nicely designed scheme overall.

One of the things for me that's most interesting is the oversight and the end of life aspects of these protocols. Because there's always a danger where, when you build something for one purpose, it'll be repurposed toward some other end. So in these cases, who decides when we no longer need any contact tracing, and we can turn off this app because the pandemic is over? Because you can easily imagine this being misused for advertising or for government surveillance, once it's established that this technology is widely deployed, and can basically be flipped on at the level of a phone. Where is the oversight going to come from? And are we really going to commit ourselves as a society and as technologists to limiting the scope of this technology?

What are some of the research questions you’re interested in around this technology?

A group of us, including my colleagues David Cash, Nick Feamster, Jonathan Ozik, Jamie Saxon and Yang Wang, have started working out how to measure and understand the degree of non-participation and how it impacts epidemiological modeling. We're also interested in how you communicate to people why they should be participating in contact tracing, and understanding why people are not opting in. If we understand what people's concerns are, and if they're actually misconceptions rather than the actual privacy losses provided by these technologies, then we want to help crack people's misconceptions and hopefully encourage participation.

I'm normally one of the first people to say any technology with data privacy implications is a bad thing. But I'm also a privacy pragmatist, and there's a clear benefit to contact tracing. There are some risks, but I think the benefit of actually tracking COVID-19 as it passes through the population, tracking potential exposures, and maybe being able to go to the Lake again—in this case that might actually outweigh the privacy losses with responsible use of this technology. Whether it will be used responsibly is still a little bit up in the air, but I think there are reasons to believe that despite some privacy concerns, this is a net positive.

So you would opt in?

I would. And then if, at some point, people try to repurpose this for advertising or surveillance, I will have a very loud voice complaining about it.

Related News

More UChicago CS stories from this research area.

Nightshade: Data Poisoning to Fight Generative AI with Ben Zhao

Jan 23, 2024
UChicago CS News

Research Suggests That Privacy and Security Protection Fell To The Wayside During Remote Learning

A qualitative research study conducted by faculty and students at the University of Chicago and University of Maryland revealed key...
Oct 18, 2023
UChicago CS News

Five UChicago CS students named to Siebel Scholars Class of 2024

Oct 02, 2023
UChicago CS News

UChicago Researchers Win Internet Defense Prize and Distinguished Paper Awards at USENIX Security

Sep 05, 2023
UChicago CS News

UChicago Computer Scientists Bring in Generative Neural Networks to Stop Real-Time Video From Lagging

Jun 29, 2023
UChicago CS News

UChicago Team Wins The NIH Long COVID Computational Challenge

Jun 28, 2023
UChicago CS News

UChicago Assistant Professor Raul Castro Fernandez Receives 2023 ACM SIGMOD Test-of-Time Award

Jun 27, 2023
UChicago CS News

Chicago Public Schools Student Chris Deng Pursues Internet Equity with University of Chicago Faculty

May 16, 2023
UChicago CS News

PhD Student Kevin Bryson Receives NSF Graduate Research Fellowship to Create Equitable Algorithmic Data Tools

Apr 14, 2023
UChicago CS News

Computer Science Displays Catch Attention at MSI’s Annual Robot Block Party

Apr 07, 2023
UChicago CS News

UChicago / School of the Art Institute Class Uses Art to Highlight Data Privacy Dangers

Apr 03, 2023
Students posing at competition
UChicago CS News

UChicago Undergrad Team Places Second Overall In Regionals For World’s Largest Programming Competition

Mar 17, 2023
arrow-down-largearrow-left-largearrow-right-large-greyarrow-right-large-yellowarrow-right-largearrow-right-smallbutton-arrowclosedocumentfacebookfacet-arrow-down-whitefacet-arrow-downPage 1CheckedCheckedicon-apple-t5backgroundLayer 1icon-google-t5icon-office365-t5icon-outlook-t5backgroundLayer 1icon-outlookcom-t5backgroundLayer 1icon-yahoo-t5backgroundLayer 1internal-yellowinternalintranetlinkedinlinkoutpauseplaypresentationsearch-bluesearchshareslider-arrow-nextslider-arrow-prevtwittervideoyoutube