The Privacy Preserving Anti-Coronavirus app Google can and should build

Many people already trust Google with their location data (unless you proactively turned off location history on your android phone and Google maps, Google knows where you have been and how long you spent there.)  Obviously, all of these people are trusting Google to follow it’s privacy policy and not release this information. [Google is not alone here, the major mobile phone carriers also have all this data, and you can’t turn that location tracking off….]

What happens when you start to cough, get a fever, and (can hopefully) get tested for the Coronavirus? If you have a positive result, the local health department should be asking you who you interacted with in the last 5-10 days, and then contact THOSE people to tell them they should self-isolate and get tested if they come down with symptoms.  Presumably you’ll tell them about everybody you remember interacting with, but you might forget that 3 days ago you paid for gas at the counter of the local 7-11, or not know the name of that guy that traded you his Aldi cart for your virus covered quarter so he wouldn’t have to return it to the cart stand to get his own quarter deposit back.

Here is where Google can help everybody. Once you have received a positive diagnosis, your  local health department sends Google your gmail address (google account name).  Google emails you asking for your permission to share your location history for the last 5-10 days with the Health Department.  If you give permission, Google will share that data with the health department, who now knows that you spent 8:10-8:20am last Friday at the 7-11 and 4:30-5pm at Aldi grocery shopping on Tuesday. Having this location history can potentially help the health department, but what they really need is to be able to contact the people you interacted with.

Google can help with this by cross-checking your location history with the location history of everyone else who uses an Android phone (50-70% of the population). People who may have crossed your path could be sent a proactive email letting them know that “From 8:10-8:20am on Friday a person who has subsequently tested positive for coronavirus visited the same 7-11 that you visited from 8:15-8:25am”.  No need to share your name, just the fact that exposure was possible. Those people could be given the option to share their contact information with the local health department by clicking a link. This would allow the local health department to sort by risk, and they might choose to make a followup phone call to those people who spent a considerable amount of time in the same locations as you. (They probably wouldn’t have the manpower to call everyone that was at the same gas station, but if you forgot about the monthly bookclub meeting where 10 people’s phones spent 2 hours near your phone, this could be incredibly useful information for them to have….)

The key privacy preserving idea is that sharing your location data would be optional.
If you chose to share your location history, Google would anonymously notify those people who may have intersected with your travel history, and then THEY would have the choice to share their contact information (or not) with the health department (not you). Most people (who have not turned off location history) already “trust” google with their location history, so proactively cross-checking to find intersections with anonymous notifications should not be seen as a major a privacy violation.

Obviously, it would be scary to receive an email from Google telling you that you might have used the same gas-pump as somebody infected with the coronavirus, and there would certainly be a LOT of false positives (If the cross-checking algorithm was too aggressive, it might pair up everybody who stopped at the same stoplight at the same time in their commute, for example….).  I trust that the UX (User Experience) people (and lawyers) at Google could write the emails in a suitably non-threatening way “Out of an abundance of caution, we wanted to let you know that there is a small possibility that you shared the same location as a person who later tested positive for the coronavirus.”

I argue that a little bit of scaring would be a net social benefit. If you were receiving a daily email with a list of the times and places you were near an infected person, social distancing would go up immediately. If Google is more worried about scaring away their users than the global good, they could make a website that people would have to deliberately visit to find out if any coronavirus positive intersections were found for their location history, but this would remove significant portions of the benefit.

I’m sure that many smart people inside Google have already come up with this idea and there are internal debates about privacy and public relations going on internally between them and the lawyers. We should tell Google that this is a perfect time to “Not be Evil”.



Singapore has created an application like this, but it requires that everybody install the same application to trade encrypted contact information. So either the government makes it a requirement that you run the application to leave your house, or it is not as effective.

MIT has released an app that can log your location history completely privately, but it does not collect contact information from others, and has no way to cross-correlate with other’s tracking history.

Apple & Google are working together on ways for iPhones and Android devices to work natively with contact tracing applications.

Leave a Reply

Your email address will not be published. Required fields are marked *