Surveillance measures have been taken across the world since the outbreak of COVID-19. On one hand, the measures could effectively contain the virus; on the other hand, it could also lead to lasting damage of digital rights. Can there be a system that not only show us specific places that are safe during the pandemic, but also retain our privacy?
What it does
Our project, Autonomy, is an app that provides neighborhood public health forecasts. These forecasts are presented through a numerical score that encapsulates the relative danger of a neighborhood. Autonomy learns from data provided by you, those near you, and verified public sources - every so often, you’ll receive a notification when your neighborhood’s health forecast has changed and requests to share information about how you are doing. Your privacy, along with those in your neighborhood, is always protected.
How does it work
When using Autonomy, you enter a cohort based on your current location. You will occasionally be asked to contribute information about how you are doing. By analyzing your data in conjunction with those of other cohort members and verified public data, Autonomy develops a fuller picture of your neighborhood’s health status and notifies you when that changes.
What about user's privacy
We do not know who you are. You do not register an account in the traditional sense: there are no usernames or passwords. Autonomy will never ask for identifying information such as your name and email address. All data that you provide is encrypted and stored in a personal data vault to which only you have the (digital) key. Members in your neighborhood will be unable to identify your data and vice versa.
Autonomy's pillars of privacy
Supporting privacy is a critical element in Autonomy because health data is personal and intimate. Citizens would be reluctant to share this data if it weren’t private because personally identifiable data could lead to anything from embarrassment to discrimination. Autonomy thus includes three pillars that create privacy in Autonomy:
1. Data Pooling. Autonomy pools data. This is done by grouping citizens into “cohorts” of 450 people who share their data as a group. Thanks to the pooling, no one can access any specific citizen’s data, nor can they identify any specific citizen.
2. Fiduciary Relationships. Each data pool is overseen by a fiduciary, who holds a position of trust and who is legally required to make his best efforts to protect the data.
3. Ubiquitous Encryption. The data that a citizen puts into a pool is encrypted from the second it leaves their device: Autonomy uses end-to-end encryption to protect data in transit and also ensures that the information remains encrypted in its data store.
Challenges we ran into
The biggest challenge with this project was how to integrate feedback from different industries. We consulted experts from different areas to see how our project could work. The medical experts think that there is insufficient knowledge to do this. The computer science experts advised us to consult lawyers because the regulation would be too high to do this. The public health people were interested, but expressed a lot of skepticism.
What we learned
At first, we presented our numerical score without providing any explanation. Because we thought that the most important feature was to provide a simple and immediate access to public health forecasts. Then, we noticed that people might not trust a single COVID-19 project. After that, we enhanced our interface, so that users can not only see how the scores are being calculated, but they can also adjust the calculation formula to suit their personal needs.
What's next for Autonomy
By enabling mass participation in public health, Autonomy can be an early warning system that helps citizens to recognize potential risks at specific locales; it can be a danger assessor that gives government leaders data-driven advice on public health decisions; and it can be an analytic research tool that collects and analyzes local data from around the world.
Next, we will impact the future of healthcare technology: we believe that a new information infrastructure is needed to facilitate direct communication between individuals and institutions without sacrificing privacy and human rights. Nowhere is this more evident than in public health, where the tension between public good and personal data sometimes seems intractable. By designing the right data security models, built upon stout pillars of privacy, Autonomy can provide this infrastructure and shape a new social contract for good.