» Go to news main

Ask an Expert: Stan Matwin on privacy and using smartphones to track COVID‑19

Posted by Matt Reeder on April 30, 2020 in Systems, Networks, Security, Research, Faculty, Big Data & Machine Learning
New smartphone apps being developed could help track and trace where people with the virus have been and alert others who might be at risk of coming into contact with it. (Jack Sparrow/Pexel)
New smartphone apps being developed could help track and trace where people with the virus have been and alert others who might be at risk of coming into contact with it. (Jack Sparrow/Pexel)

COVID-19 invaded Canada the same way it did other countries: through infected individuals returning from countries already suffering outbreaks. In those early days of the crisis, the country’s public health officials relied on tracking and tracing the virus’ spread by determining where an infected person had been and who they’d come into contact with following their return.

As community transmission took hold across the country, though, the fast-footed virus proved more challenging to track, prompting provinces to adopt confinement and social-distancing measures to help mitigate its spread. Now, as different jurisdictions across Canada and other countries consider ways to gradually loosen restrictions and re-open economies, new smartphone apps are being designed that could help "track and trace" where people with the virus have been and alert others who might be at risk of coming into contact with it — a development that has raised privacy concerns.

Professor Stan Matwin, director of Dal's Institute for Big Data Analytics, shared his thoughts on how "track and trace" apps work and the challenges they pose for decision-makers grappling to ensure they are both effective and respectful of people’s privacy.  

What is "track and trace" technology and how can it help countries in relaxing restrictions in place due to COVID-19?

Human-performed "track and trace" is not scalable to a pandemic spreading as broadly as COVID-19 with a majority of positive cases being asymptomatic. We must think about a technological solution, and the one that comes to mind uses data from people’s cellphones as they can track human movement using antenna information, geographic positioning systems (GPS) and detect proximity to other people using Bluetooth.

Using "track and trace" will allow an alternative to the confinement that we are experiencing now. Both are meant to prevent spreading of the infections, so that the number of cases remains manageable for the health system. The idea is to test as widely as possible, and for the people who test positive, it is crucial to determine their contacts during the last two weeks and the contacts of these contacts. All these contacts need to self-isolate immediately to limit and prevent spreading.

What technical features could "track and trace" applications include in their designs to help safeguard the privacy of individuals using them?

The number one such feature is ensuring that the data collected from cellphones is anonymized. That means that the identity of a cellphone owner is hidden under a one-time, artificial ID meaningless to anyone except the algorithm that issued it. Anonymization, however, will always have its limits in track-and-trace systems. To meet the needs of public health authorities, a real identity of a contact may have to be disclosed so that they can intervene in cases when people do not self-isolate after they are informed automatically by the system that they were in contact with known positives. Such non-compliance can also be detected by cellphone tracking.

Another primary feature is a guarantee that the personal information collected — such as when and where the phone was at any given time — has a limited lifespan and is erased from people’s phones and any central servers on which track-and-trace put it. It is crucial that such data destruction is guaranteed no later than the time when its utility expires.  

Finally, the entire system needs to have a built-in technical guarantee or sunset clause that it will stop data collection at the time when the public-health system will stop needing the data, such as when the number of new cases drops below a predefined threshold.

How can lawmakers and policy makers regulate the use of new applications to ensure they are both effective and respectful of people’s privacy?


Decisions about the use of the system must be rooted in both technologies and policies. The first capital policy decision will be the one in which our liberty and fundamental privacy will be temporarily put on hold by the authorities for the purpose of track-and-trace by cellphones. It is difficult to imagine such a decision can be taken by a body other than parliament.

Beyond that, many policy decisions fundamental for the design and use of the system should be taken by people who understand the risks and benefits involved. When should the system cease its data collection? What information can be held centrally? Who may have access to de-anonymized data and in what circumstances?  How do we assure data is not copied outside the system?

We need combined policy and technology tools to ensure that the so-called Use Limitation Principle — that the collected data will only ever be used for COVID-19 trace-and-track — is followed without any exceptions throughout the lifespan of the data. If privacy must temporarily play second fiddle to public health, there must be well-defined protocols for ending the state of exception. Rather than giving absolute control to either technology developers or the state, we should convene representatives from the private sector, government, academia, and civil society to form a body trusted with these important decisions.