• United States



Can privacy be respected when using mobile phones for Ebola contact tracing?

Oct 21, 20146 mins
Data and Information SecurityMicrosoftMobile Security

At the Ebola Open Data Jam, “privacy and anonymity” were among the identified “needs” of using mobile phones in the fight against the Ebola virus. It was also suggested that wireless carriers could hand over historical GPS location info and contact data for contact tracing.

Along with Microsoft’s Azure cloud announcements, Microsoft CEO Satya Nadella mentioned that academic institutions can apply for free Microsoft Azure cloud computing resources for Ebola research. “We have some tools that Microsoft researchers built to be able to do vaccine discovery, so we want to take all of that and make it available for the research community,” Nadella said. Microsoft Research lists the Microsoft Azure Award for Ebola Research application instructions.

The CDC provided an overview of “Ebola contact tracing” in the U.S. Basically, contact tracing involves tracing all individuals who came into contact with an Ebola-infected person and then monitoring those contacts for 21 days after exposure. Contact tracing has been called (pdf) the way to “stop Ebola in its tracks.” But in West Africa, where the virus is raging, there are “critical gaps” in contact tracing.

“Life-saving spam” sent via the Trilogy Emergency Relief Application (TERA) was cited as one way the International Federation of Red Cross and Red Crescent Societies (IFRC) used technology to fight Ebola. IFRC wants to expand the use of a text message-based system to send messages about Ebola to every activated handset in seven additional West African countries. No phone numbers are disclosed to human operators, as TERA’s software “consults an operator’s systems about which handsets are connected to cell towers in a selected area and sends them a text.”

But first IFRC must convince the nations to install the necessary equipment. Ken Banks, an SMS expert who advises the UK’s Department for International Development, told the BBC, “The thing operators might have a problem with is that they are basically being asked to spam millions of their customers, and people often object to that.”

Using mobile phones to collect and disseminate data from the field was one topic discussed at the Ebola Open Data Jam in New York City over the weekend. Thirty or so engineers, software developers, and computer scientists met “to gather, publish, map, and visualize the Ebola outbreak in Africa, and create an inventory of available open data sources that will help to inform health care workers, aid workers, and governments responding to the Ebola outbreak, so everyone can find this information and use it to discover new insights about the spread of this deadly disease.”

According to TechPresident, three unnamed IBM engineers said they “could apply their skills contact tracing asteroids in space to Ebola, where one victim can generate a dizzying number of possible exposures.” The engineers added that “suspected Ebola carriers can be tracked using location information emitted by cellphones, especially since developing countries now have mobile phone penetration rates of 96%.”

The difficulty in tapping current phone data, however, is getting local governments to release it. To assuage concerns about surveillance and invasion of privacy, the IBM engineers suggested designing a platform with multiple layers of security that correspond with the granularity of the data. The finer and more specific it gets, the higher the clearance required. They hope that taking such precautions would encourage governments to ask telecommunication companies to release the data.

“Privacy and anonymity” were among the identified “needs” of using mobile phones in the fight against the Ebola virus. But so was the idea of mobile carriers and governments “automatically” collecting migration data from phones. “People leaving a village because of an outbreak” was cited as an example of that migration data.

Using phones was also mentioned as a means for contact tracing. If there are 20 million people with cellphones in an affected area, how could those phones be used for contact tracing? Do you remember everyone with whom you came in contact over the last 21 days? It could be mind-boggling trying to figure it out. If you stepped into an elevator, do you know all those people’s names and/or contact info? The same thing could be said if you go to the grocery store, mall, department store, take a flight or a cruise. Now, imagine that scenario once the holiday shopping season kicks in and it might give you a migraine. That might not be the case in Africa, but it would be all too common of problem in the U.S.

A different Ebola Open Data Jam paper suggested that because mobile phones are ubiquitous, then they could be used for contact tracing. “If you can get GPS and smartphone data, the telephone company could then give corresponding cellphones that were nearby, as well as people that person regularly calls. A way to gather historical GPS cellphone data would be really important.”

If contact tracing is truly the way to “stop Ebola in its tracks,” and location information from mobile phones is a key to tracing back everyone with whom an infected individual may have had contact, then it’s hard to see how “privacy and anonymity” could be applied to that data. If you have any great ideas on how that could be accomplished, then please pitch in.

The final reports from each Ebola Data Jam team were posted on Dropbox. The image below was one of the Ebola visualization maps included in the report. The Ebola Open Data Portal currently has seven data sets, such as all known flights worldwide and incident data.

But there’s good news in Nigeria as the World Health Organization declared, “The virus is gone for now.” Two incubation periods of 21 days passed and there were no new cases, so WHO announced, “The outbreak in Nigeria has been defeated.” Drinking gallons of “nasty-tasting” water – “water laced with salt and sugar” – was cited as one way infected people survived the Ebola virus in Nigeria.

Lastly, there’s a push by some companies and politicians to call the Ebola situation a “matter of national security” for the U.S. Careful now; yes it’s scary and there’s plenty of FUD, but is it really national security? After the government announced Ebola screening measures at U.S. airports, the ACLU suggested that Ebola should be treated as a public health issue and not a national security matter.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.