A statewide integrated response through data to rapidly respond, test and track Covid-19.
The Czech government had a fast rollout of Smart Quarantine in partnership with a strong tech alliance among Keboola and telco operators (O2, Vodafone, T-Mobile). The beta version of Smart Quarantine rolled out within a week. In the following three weeks, the Czech government underwent change management and training with local health authorities and launched smart quarantine nation wide. Currently the Czech government is preparing a second version for rollout.
What does the work with the map look like? According to the size of the circle on the memory map, it is possible to determine how long the individual person stayed at the location. Only places where the infected person stayed for minimally 10 minutes are displayed.
One of the most important things that must be done is to prove that privacy is being respected, this needs to be done by an independent and trusted body. An Auditor, respected 3rd party organization or university would be an appropriate group to certify that privacy is being respected and to communicate how it is being protected.
The first principle when dealing with mobile applications should be that there can be utility gained for the citizen without sharing any information with the state. The sharing of information should be a choice of the citizen not a barrier that must be overcome. This means that elements such as risk maps and personal risk calculation based on that data should be calculated on the device without requiring the location or other information of the individual to be shared.
The next principle is that for data to be shared it does not need to be personally identifiable. If someone is confirmed as testing positive, see below for how validation can prevent malicious approaches, then all that is required is historical information associated with the device, it does not need to be identifiable back to that device or individual. Clearly technical elements such as IP and MAC addresses will be recorded within certain systems, but it must be that those recordings cannot be traced back to a specific data transfer as part of the normal operation of the solution.
The citizen should be able to select a few key elements when sharing the data:
1. The accuracy they are willing to share at - is it to the metre accurate, or should it be blurred by 10, 50 or 100m? This gives the citizen confidence that their privacy is being protected
2. Confirmation on how long they wish it to be stored - the mobile application should actively inform them of how long their individual submission will be stored for
These two elements help to give a citizen confidence that their privacy is protected and that the data is not traceable to themselves.
The goal of contact tracing is not to find “Typhoid Mary” it is to find aggregated risk and therefore help people identify their own personal risk of infection and whether they should either quarantine or test themselves for SARS-CoV-2. In other words it is not the goal of the central collation to itself identify individuals at risk but areas where people should be considered at risk. That information can then be provided to agencies as well as to mobile applications to enable individuals to be informed. This disconnection from individual identification within the Contact Tracing collation stage is crucial. It also means that submitted information from individuals quickly loses relevance.
A risk assessment for an area is based on whether people who are infected have been there and importantly when they have been there, thus risk has both a location and a time dimension. To ensure the Risk map is fresh and accurate and able to warn people of their current and historical risk therefore the information from individuals needs to be mapped into those dimensions. It is this transformation which drives the privacy of the solution.
With a website a user can anonymously access their history using browser cookie blocking information but this can become tedious. Therefore a mobile application provides a simpler way to inform people of risk: User receives a risk map -> INSIDE the application this is compared on the users location history (on the app) -> History on the app is removed after a user selected period (recommended 10 days) -> As user then moves the risk is constantly updated ->User is alerted if their risk goes above a defined threshold.
No data is ever sent FROM the app to the server to do this, all on the app.This processing on the application leverages the local location data, combined with the published risk map, to educate and inform the user and ensure their personal risk level is known while totally isolating their personal information from being shared.