Negotiating A Balance Between Public Health and Public Angst: Contact Tracing in the Time of Corona

Dr. Michael L. Thomas

USAF Cyber College

Using an app on a personal cellphone seems like a very logical method of tracing and tracking individuals who have been exposed to COVID-19. The main issue hampering more uniform adoption of the technology available to provide an adjunct to traditional methods of contract tracing is one of perceived impacts on data privacy. contact tracing. Contact tracing is an old and established public health strategy, often associated in controlling sexually transmitted infections such as HIV, syphilis, or gonorrhea. Yet, the international scale of COVID-19 poses a significant challenge for contact methodologies as currently practiced manually. Contact tracing strategies adopted for use in Asia have supplemented traditional manual approaches with digital surveillance through smartphone applications.

While countries like China have been quick to mandate digital tracking via cell phones, the US hasn’t adopted digital surveillance as a tool for contact tracing (yet); but some giant tech firms (notably Apple & Google) as well as several European Union (EU) countries (Fingas) along with a variety of independent efforts are developing Bluetooth powered smartphone applications to enable rapid notification of users that they have had a close encounter to individuals infected and diagnosed with medically verified COVID-19. How do digital and manual tracking manual tracing differ? While digital surveillance tracking and tracing has the distinct advantages of scale and speed, can it provide enough of a trade-off with public health benefits to justify adoption given the privacy concerns and potentials for abuse? How do the design choices of cellphone enabled digital contact tracing systems affect public health and privacy? Once adopted for public health, can world governments be trusted to put them back on the shelf, i.e. put the “genie back in the bottle”?

Manual or Digital Tracing?

Two heuristics often employed in software application development state that an application shouldn’t be built implemented unless there is a manual system already in place and that the application will be “better” than said manual system. Most well-designed uses of smartphone technologies can supplement, but not replace, manual tracing and thereby satisfy the first of these heuristics. The most successful implementations begin by massively upscaling existing manual tracing, as the states of Maryland, Massachusetts, and New York have recently done (Faulders, Pecorin, Kim & Rubin, April 2020).

Such digital applications are designed to acquire data on infected individuals more rapidly and are scalable to large populations, thus satisfying the second of the software development heuristics. An argument on increasing the speed of reporting alone can be made. One study published by the New York Times estimates that tens of thousands of deaths might have been avoided had a scheme to implement control measures sooner been adopted (Glanz &Robertson, May 2020).

Figure 1. Possible Benefits of Early Implementation of Control Measures (Glanz &Robertson, NY Times  May2020).

Traditional contact tracing starts with a report to the local health department, which then assesses risk, queries diagnosed patients for known recent contacts, and informs those contacts of potential exposure, via a telephone call or in person (example, NY Pub Health Law §2133). While patients are not typically under obligation to disclose their contacts, and public health officials don’t inform contacts of the informing patient’s name, in some instances, those reported contacts can infer who the index patient is. In contrast, digital tracing methods can quickly notify application users if they have been in close proximity with an individual diagnosed with COVID-19. By design, layers of privacy protection will be built in from the start.

Digital contact tracing can detect proximity but not geo-location, avoiding centralized databases of where smartphone users have traveled. Moreover, downloading and using the smartphone app is a voluntary decision by the smartphone owner. As a result of recent collaborative efforts by Apple and Google, individuals with iOS or Android smartphones would have the option to turn on tracing similar the option to activate location services in other applications. The method used to determine the proximity of a smartphone user with an infected person relies on anonymous signals sent between the smartphones.

The signals don’t contain identifying data, thus providing a safeguard on user privacy. An individual’s COVID-19 diagnosis is not revealed except to the public health authorities (Bond, April 2020). Digital systems could empower smartphone users if public health agencies provide oversight of the systems. Apple and Google plan to authorize the use of their apps only if health authorities provide approval. Health officials would determine medically significant exposure (distance and time) based on estimates of known viral loads, health messages to identified contacts regarding self-isolation, symptom checks, and notification of medical and public health personnel. The public has to be assured and trust that Apple, Google, and public health personnel can’t and won’t use the data for any other purposes.

User Controlled vs Centralized Nation State

Two contrasting approaches to digital contact tracing have emerged: a more centralized approach favored by governments in China, South Korea, Taiwan, and elsewhere and a decentralized, user-centric approach supported by the joint Apple-Google system and endorsed by some, but not all, European countries (see Table 1).

China, for example, combines government surveillance of the location history for an individual to create an infection risk scoring system for the individual, and now requires Chinese nationals to score “green” to enter public locations, workspaces, or travel. South Korea’s digital surveillance uses law enforcement and fines to sanction individuals who violate mandated quarantine or social distancing requirements.

Taiwan added digital contact & location tracking via smartphones to detect and sanction quarantine violations. Israel initially used national security legal authority for the Ministry of Health (MoH) to implement digital tracking, but this was found by the Israeli High Court of Justice that the surveillance, conducted under the authority of an executive order and without Knesset approval, had no adequate legal basis to able to continue.(Park, Choi, & Ko, April 2020), (Klimburg, Faesen, & Verhage, April 2020), & (Bandel, April 2020).

Israel’s High Court essentially said that for implementation of such surveillance technology the Knesset would have to pass new laws addressing the issues (Ye, Feng, Xue).  Coincidentally, every successful implementation of results in negotiating a balance between public health concerns and public angst.


Approach Data Source



Linking databases and geofencing Mixed, mostly Provider Based
South Korea Testing first, geofencing and linking databases



Singapore Public data release, case tracking


Ostensibly mostly User Based


China Linking databases, enforced compliance, restriction of resources

Mostly Provider based




Geofencing and linking databases


Purely provider based


TABLE 1. National Implementations Contrasted (reproduced from Klimburg, et al)

Divisions have emerged in Europe over the design of automated tracing systems. Countries agree that digital systems are required to automatically identify social contacts of infected individuals but disagree about how much personal information public health authorities should receive without individual consent. Some governments (France and the UK, for example) favor more centralization in which public health departments immediately receive personal information about identified contacts.

Others (Germany, and Switzerland for example) prefer a decentralized approach following a design from a group of European academics whereby contacts receive notification of their proximity to infected people, but health authorities are only notified if the individual allows them to be so informed. Nonetheless, European mobile carriers, including Deutsche Telekom (T-Mobile), Orange, and Vodafone (Fingas), have agreed to share location data to track COVID spread in the general population following the “local” government model. The designs from Apple, Google, and MIT align with and implement the decentralized approach. The US federal government has yet to announce a national policy on large scale digital contact tracing.


Figure 2. Singapore COVID-19 Tracker Output (Klimburg, et al)

As of Jun 12, 2020, the COVID-19 Digital Rights Tracker Website has documented 47 contact tracing apps used in 28 different countries with more in the pipeline as the pandemic continues. A summary of their findings is provided in Table 2. As these surveillance apps are implemented on a national basis in the tabulated countries, what ensures they will be “sunsetted” once the current crisis is over?


Table 2. Key findings from Digital Rights Tracker as of June 12, 2020.


Optimum Design: Negotiating the Balance Between Health and Privacy – “Creative Tensions”

Despite scientific uncertainty, digital systems could significantly contribute to curtailing the spread of COVID infection if adopted widely and integrated into comprehensive public health strategies even on individual state levels. Ultimately, there will be trade-offs between public health efficacy and privacy-enhancing features. Digital tracing should augment traditional public health strategies but can’t replace them. Primary public health strategies, when implemented, include widescale population testing, manual tracing, isolation, and quarantine.

Social distancing also remains vital for mitigating the spread and maintaining health system capacities. Opening the economy is important. Any over-reliance on digital tracking alone will undoubtedly result in a resurgence of cases and increased stress on the local hospital system, which in turn will lead to overwhelming that same local hospital systems’ ability to cope with the increased caseload. Digital systems won’t effectively augment traditional methods without widespread user adoption.

A recent simulation suggests the COVID pandemic might be suppressed if 80% of all smartphone users utilize the application, or 56% of the overall population (Ferretti, Wymant, & Kendall, April 2020). A voluntary system with ineffective incentivization isn’t likely to achieve sufficient user adoption, although partial benefits might be possible at lower levels of user adoption. Early on results from Singapore’s voluntary system showed that only 20% of the population had installed the application as of April 21, 2020 (Fernandez, April 2020). The US public is unlikely to accept government mandates to implement digital tracing, even in a health emergency like the one we currently face.

Figure 3 Chinese Alipay Health Pay App (Klimburg) 


Figure 4. Tencent Mapping App (Klimburg)

    Maintaining public trust in government remains a vital component of COVID-19 pandemic control. Because a critical mass of users will not be in any network at the needed time, and some individuals won’t register a COVID-19 diagnosis, digital systems by themselves can’t ensure the health safety of the public at large. Public health officials have to educate the public about the ineffectiveness of voluntary manual tracking systems, or the public could gain a false sense of security, which could encourage increased risk-taking behaviors.

The average user will find it impossible to interpret the data output from the digital app on their smartphone without knowing the size of the population of users or rates of sharing of the technology. While digital tracking has is designed to be implemented as a public health tool, it is going to be necessary to avoid secondary uses, such as in the workplace, law enforcement, or immigration.

For example, employers might ask for results from a user’s smartphone apps as a condition for ‘return to work’. While in the UK, the government drafted a memo that would allow for the National Health Service (NHS) or government ministers to deanonymize mobile data at will (Pegg & Lewis), the World Health Organization (WHO) maintains any technology assistance in fighting COVID-19 will have to protect human rights and privacy (Fingas).


Figure 5. The balance between privacy and public heath will remain an ongoing debate for some time.
Illustration: SCMP


Given the current state of the technology, ensuring adequate legal protections against loss of privacy and unauthorized data use will enhance the user social acceptance of the digital systems. Once an app is in the public domain, it might remain a long-term feature in the smartphone “app store”. However, to avoid long-term uses, so-called “function creep”, especially for nonpublic health purposes, federal and state uses for these digital applications should be tied to the duration of the COVID-19 emergency with an automatic sunset clause in place to turn off unless specifically authorized by the owner of the smartphone. Applications should also be designed to automatically uninstall after a fixed time period with the personal data deleted.


Software Engineering Trade-offs Between Privacy and Public Health

Although it is possible to view public health and civil liberties as mutually synergistic, thee two are often in tension and lead to public angst. To improve user adoption of the technology, governments can mandate or incentivize the use of the technology and permit data uses by employers and businesses. State health departments might seek access to digital data for broader surveillance purposes. Given the current evidence behind digital surveillance methods, it’s premature to mandate its use, and so we have a stand-off between privacy and autonomy for uncertain and undefined public benefits.

Incentives seem more plausible. Widespread employment of the technology can only be justified if pilot projects and modeling offers compelling scientific evidence to assess public health efficacy against a temporary loss of privacy.

Figure 6. Will employers want to maintain digital oversight of workers acquired during the pandemic? (graphic by Bloomberg.)

It may be necessary to impose more social control at least until the pandemic has subsided. In a study reviewed by NBC News, analysis of cell phone data shows that people are ignoring guidelines for reopening safely in many counties in the US. Data used by a marketing company, Cuebiq, reviewed location data from more than 15,000,000 people in the lower 48 and it revealed that in many locales, safe distancing was not being practiced. In many areas, the “closeness” of phones to each other is back to pre-pandemic levels.

While the data is only sensitive to the level of cell phone location technology, it shows the level at which people changed their behavior pre-pandemic and how has changed back. Since social distancing combined with wearing of masks can stem the spread of COVID-19, these findings are alarming.

Figure 7. Contrast of counties by safe distancing as measured by Cuebiq. (Chiwaya)

    The types of technologies we’ve discussed have very real impacts on individual privacy. They generate reems of personal data which is in fact useful in pandemic control and decreasing reinfection by asymptomatic carriers. Unfortunately, there is a negative impact when it allows for the monitoring of movement, etc. of individuals by repressive governments.

How do we balance the needs of the many vs. the needs of the one, or the few?

Governments, while needing to focus on steps to protect the populations while we are in crisis mode also need to consider policies needing to be codified now that will allow a better “new normal” than the one we currently face after the pandemic is over.


Bandel, Netael. “Israel’s Top Court: No Shin Bet Tracking of Coronavirus Patients Without Knesset Oversight”. Accessed June 12, 2020.

Bond S. “Getting back to normal: big tech’s solution depends on public trust.” Accessed June 10, 2020.

Chiwaya, Nigel, “Analysis: Data from 15 million phones shows some Americans are gathering at pre-pandemic levels.” Accessed June 15, 2020.

“Contact tracing law.” NY Pub Health Law §2133. Accessed June 12, 2020.

COVID-19 Digital Rights Tracker. Accessed June 12, 2020.

Faulders K, Pecorin A, Kim SR, Rubin O. “States race to start coronavirus testing, a monumental task ahead.” Accessed June 12, 2020.

Fernandez E. “Privacy and contact tracing apps—Google and Apple debate with world governments.” Accessed June 10, 2020.

Ferretti L, Wymant C, Kendall M, et al. “Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing.” Science. Accessed June 11, 2020.

Fingas, John, “European mobile carriers will share location data to track COVID-19 spread.” Accessed 12Jun, 2020.

Glanz, James, Robertson, Campbell. “Lockdown Delays Cost at Least 36,000 Lives, Data Show,” Accessed June 12, 2020.

Klimburg A, Faesen L, Verhage P. “Pandemic mitigation in the digital age: digital epidemiological measures to combat the coronavirus pandemic.” Accessed June 10, 2020.

Mosendz, Polly, Melin, Anders. “Bosses Panic-Buy Spy Software to Keep Tabs on Remote Workers”. Accessed June 12, 2020.

Park S, Choi GJ, Ko H. “Information technology–based tracing strategy in response to COVID-19 in South Korea—privacy controversies.” JAMA. Accessed on June 12, 2020.

Pegg, David, Lewis, Paul. “NHS coronavirus app: memo discussed giving ministers power to ‘de-anonymise’ users.” Accessed June 12, 2020.

Watson C, Cicero A, Blumenstock J, Fraser M. “A national plan to enable comprehensive COVID-19 case finding and contact tracing in the US.” Accessed June 12, 2020.

Ye, Josh, Feng Coco, Xue, Yulie. ”Contact tracing – the privacy vs urgency dilemma for governments in the fight against Covid-19”. Accessed June 15, 2020.


Dr. Michael L. Thomas is a Professor of Cyberwarfare at the Air Force Cyber College (AFCC) located at Maxwell AFB, AL. In this capacity he teaches graduate cyberwarfare courses to US and International officers. He is also a visiting Professor at Penn State University teaching in the graduate GeoInt Program. He can be reached at or

4 thoughts on “Negotiating A Balance Between Public Health and Public Angst: Contact Tracing in the Time of Corona

  1. Hello, Neat post. There is a problem along with your site in web explorer, would check this? IE still is the marketplace chief and a large component of people will omit your excellent writing due to this problem.|

  2. I do agree with all of the concepts you have introduced in your post. They’re very convincing and can certainly work. Still, the posts are very quick for novices. May just you please lengthen them a little from next time? Thanks for the post.|

Leave a Reply

Your email address will not be published. Required fields are marked *