Details were released on Monday of this week about a mobile application that alerts users in Portugal that they have been in contact with someone infected with the novel coronavirus. The project, which started in late March, is coordinated by the Institute of Systems and Computer Engineering, Technology and Science (INESC TEC). To be effective in detecting new cases of COVID-19, at least 60% of smartphone users in Portugal will need to have this application installed.
The app, currently undergoing testing, was presented during a visit to the Public Health Institute of the University of Porto (ISPUP), one of the project's partners, to several members of the Government: Manuel Heitor, Minister of Science, Technology and University education; Ana Abrunhosa, Minister for Territorial Cohesion; and Isabel Ferreira, Secretary of State for the Enhancement of the Interior.
Contrary to what the Prime Minister, António Costa, suggested last week, the Portuguese application does not require that the Directorate-General for Health (DGS) have direct access to the Portuguese mobile phones to carry out the screening. As recommended by the European Commission, the application will not store the location of users or reveal the identity of infected people, and will not be mandatory to use.
“What we want is for people to realize the relevance of the application and to decide to install it,” said José Manuel Mendonça, president of INESC TEC, to the PUBLIC. "In practice, no personal data is shared, which removes the phantom fear of privacy." The main objective of the application, he adds, is to save health professionals’ time. "This method is much faster than the current system of asking infected people with whom they have been in contact and talking to them over the phone", stresses Mendonça.
Thus, the app, found at monitorCovid19.pt, will be a platform of voluntary use, and free of charge, which will allow interested users to discover, by themselves, through public information and certified by health authorities, if they entered into contact with someone confirmed as being infected.
Big Brother is here to help, do we really want it though?
Privacy has been a concern of the Portuguese team since the beginning. Therefore, monitorCovid19.pt (developed for Android and iOS) will not ask the user for any type of information to install the application, and the only option available on the interface is a button to "turn on" or "turn off".
The application will work as follows: two users must have it installed on their mobile phones and, if one of them is diagnosed with COVID-19 and authorizes a health professional to share the data generated by the application anonymously, the other who has been nearby will receive a warning message.
The identity of users is never disclosed. For the app to be effective, the INESC TEC team estimates that at least 60% of smartphone users in Portugal have to install it. Users of the mobile Internet access service total around 7.6 million in Portugal, which corresponds to a mobile phone use rate of around 73.6 per 100 inhabitants, according to the latest data from ANACOM, released in May 2019. Also according to this data, 79.5% of mobile phone users in Portugal have a smartphone.
The application depends on Bluetooth, a short-range wireless technology found on virtually all mobile devices (laptops, smartphones, consoles) that allows them to exchange information when they are close. When activated, the application sends anonymous identifiers to nearby mobile phones, while retaining the identities it receives.
Rui Oliveira, INESC TEC administrator, describes these identifiers as “beeps” (signals) that are being permanently sent and received. “What mobile phones with the application will do is send beeps to mobile phones with the application in the area. And receive beeps from those cell phones. These beeps are completely anonymous numbers. Without context, they are like digital ‘trash’ and they don’t make sense”, explains Oliveira. The idea is that if one of the users of the application becomes infected, he can voluntarily share all the beeps sent by his cell phone in the last 14 days with a health professional.
These beeps are then placed on a server, which is consulted daily by mobile phones with the monitorCovid19.pt application installed. If there is a combination of identifiers on the server and identifiers on the mobile phone, the user is alerted.
“The contact detection processing is done on each cell phone. It cannot be done by the DGS, because the DGS will never have access to all the data”, explains Rui Oliveira. “In France, healthcare organizations have a more centralized view, in which data is kept by a specific entity. They want to reconstruct a visual map of citizens' contacts. It is the most useful information, but it can damage the privacy rights of everyone. ”
The advantage of each mobile phone generating and sending several anonymous numbers, instead of a single anonymous number, is to prevent a hacker from discovering the specific number associated with a mobile phone and, in this way, reaching the person's identity.
Currently, the application considers as a “close contact” a cell phone that may have been less than two meters from another one for more than 15 minutes. “We are using what we know about traditional epidemiology,” explains Henrique Barros, public health specialist at ISPUP, who has been involved in the development of the application.
"This is probably an exaggerated distance, but it is used as a guarantee that all contacts made at a certain distance should not be considered."
For researchers, the big barrier will be confidence in using the application, not digital literacy. “The application was designed to be able to be used by anyone, regardless of digital literacy. Whoever has a smartphone, running Android or iOS, can install the application because it requires very little user interaction”, justifies Rui Oliveira.
There is no date yet for the public launch of the monitorCovid19.pt application, but the objective is that it can help the Portuguese as measures of social isolation are lifted. The ethical evaluation of the application is being conducted by ISPUP, while the evaluation on data protection is being carried out by INESC TEC. Later, an independent data protection assessment will also be carried out by the National Cybersecurity Centre. “The question of are you willing to give up your privacy is a false question in our case,” says José Manuel Mendonça. "Orwellian 1984 references to Big Brother only distort information and generate fear” he alleges.