 When we give up a little bit of privacy in favor of security, we rarely gain that privacy back. In the wake of 9-11, we got the Patriot Act, which is the largest expansion of our financial surveillance regime since the Bank Secrecy Act in 1970. We don't want to end up looking like mainland China looks. Lockdowns still in effect across the country. Americans are growing restless. But they've taken something and blown it so far out of proportion that it's destroying our country. There's a system that could make reopening possible without increasing the spread of COVID-19. It's called contact tracing and involves tracking down every in-person interaction that infected individuals have had in the preceding days and then testing, isolating, and repeating the process. Several countries are using phone applications that use Bluetooth or GPS to generate a record of who individuals have come into contact with. In Singapore, downloading contact tracing apps is voluntary. China and Israel use them to enforce mandatory quarantines and isolation. Voluntary coronavirus tracing and tracking software for iPhones and androids. In the US, Apple and Google have partnered to create a contact tracking app for iPhones and Android devices. But these technologies are raising serious privacy concerns. It's important that these systems are lawful and voluntary. It's important that these systems minimize to the greatest extent possible the collection of personal information. Allen Butler is a lawyer with the Electronic Privacy Information Center, which has been urging Congress to build privacy protections into any contact tracing system deployed in the United States. Butler says it's also vital that the system be entirely voluntary. Wouldn't making it voluntary limit the amount of data able to be collected and therefore undermine the effectiveness of the system? I think it's likely that a decent percentage of citizens may decide to install that app because if it's actually useful, then they may find it helpful for themselves. But it won't, there will never be universal coverage for this type of system. I think it's and it's never meant to be right. It's not a silver bullet. Butler says like in other countries, these apps would be used in conjunction with manual data collection and he cautions against systems deploying any apps that use GPS to track phones like those being used in China and Israel. That really changes the relationship between the government and the citizens. It's very different to build a system for citizens to receive alerts that actually serve a purpose to them and serve a public health purpose versus a system of direct government enforcement of quarantine orders and the like. Butler says that a better approach is to use a phone's Bluetooth signal to enable virtual handshakes. And those handshakes don't reveal your name to the other phone or the other phone's owner's name to you. They just exchange random and rapidly changing identifying numbers. What is Bitcoin? Bitcoin is the world's first cryptocurrency. Peter van Valkenberg is the director of research at CoinCenter, a non-profit advocacy group for cryptocurrency and decentralized computing technologies. He praises aspects of Singapore's Bluetooth-based Trace Together app which alerts users when they've been in proximity to someone who's recently tested positive for COVID-19 without revealing that person's identity. But he objects to Singapore's decision to store phone numbers in a central database. We're not talking about a system that's truly privacy preserving because there's still this very valuable list of phone numbers that have been near other phone numbers. You could mine that data and if you were sort of malicious and dedicated, you could come up with just about as accurate a portrait of a person's movement throughout their day and all the people they've been in contact with as you'd have from the GPS data. Van Valkenberg says that cryptocurrency developers with their expertise in building privacy-preserving systems could solve that problem. He cites a recent paper from the Zcash Foundation where Van Valkenberg is a board member that describes an anonymous and decentralized system for verifying COVID-19 test results. What's important about that is unless you are found to be sick and you publish your numbers to the central server, no information gets published to the central server about you. And so that's how we keep it private and local. The data is not shared at all unless and in the event that you are sick. He says another application of this technology could be in issuing proof of immunity certificates for individuals who've developed antibodies that protect them from COVID-19. This little QR code is a lot more powerful than it looks. It helps collect data about your travel history, health status and more. And China's using it to track citizens and stop those infected with the coronavirus. In this scenario, health officials would grant digital tokens of immunity to qualified individuals who would then be allowed to engage in otherwise restricted activities like going to restaurants, driving taxis and walking around without a mask. So the normal way of doing digital identity is to just have a big list. The decentralized ledger would not include any personal identifiable information. It would just be these pseudonyms. That's in a nutshell how Bitcoin works. We have this database of who owns which bitcoins, but it's not one company that controls it. It's a blockchain that's shared across many people. And it doesn't reveal a lot of personal information because everyone on that database is pseudonymous. If we were to build a decentralized proof of immunity credentialing system, I would hope that it would at least contemplate using a decentralized identity system rather than trusting one corporation or one government to keep this centralized database, which could be vulnerable to hacking or to abuse. But truly private and decentralized systems are harder to build. And it's not clear what Van Valkenburg envisions could be ready in the near term. Perhaps the system being developed by Apple and Google will have to be good enough. Though the companies didn't respond to our interview requests, according to the initial proposal, their system does rely on Bluetooth handshakes as opposed to GPS to preserve location privacy. The phone identifiers recycle daily and never leave the device unless the user reports a positive case. And the whole system is completely voluntary with users deciding whether to contribute to contact tracing. Apple and Google software would maintain a central record with identifying information from phones of those who test positive, but it would stop there, keeping those who were merely exposed anonymous, even allowing devices to identify each other through Bluetooth is a step towards weaker security that in the past companies wouldn't consider. Google with Android and Apple with iOS have previously prevented apps from doing this kind of Bluetooth handshaking for the very reason that it is extremely violative of people's privacy. So in order to allow these apps to work, Apple and Google need to loosen the restrictive policies on apps ability to use Bluetooth for these purposes. And what's interesting, which is indicative maybe of whether Google and Apple are approaching this in a way that respects our privacy, is that they've refused to loosen some of the ability of apps to access location data when health authorities in some countries have demanded it. How much of a concern is it for you that once we allow this temporary surveillance, it's not going to remain so temporary? When we give up a little bit of privacy in favor of security or to address a crisis, we rarely gain that privacy back. In the wake of 9-11, we got the Patriot Act, the largest expansion of our financial surveillance regime since the Bank Secrecy Act in 1970, and we may now see that rather than in the terrorism context in the pandemic context. And instead of talking about financial surveillance, we're talking about full-on location surveillance. We don't want to end up looking like mainland China looks right now, where sure, we might be able to lock down a city during a pandemic. And you might think that the trade-off is worth it then. But it's important to note they also have the ability to track ethnic minorities and put them in reeducation camps when they don't go to the right places. And so I think it's a noble objective to say, can we do something to stop the spread of the disease but not involve a violation of people's privacy? But that doesn't mean that we must do this. Maybe if it turns out that we can't build a solution that minimizes those privacy risks, we just shouldn't have this. We should just say, look, there are other ways to make this happen. As states begin to contemplate plans to end a lockdown, the Apple Google project is set for release in mid-May. The onus is on all of us to make sure to scrutinize the systems that are put into place, the proposals that are put forward, and to make sure that they are protective of privacy and that we don't adopt some new eternal system of perpetual surveillance. I think none of us want to live in that world.