Our COVID Contact Tracing Method is Stuck in 2006

An image of the phone I had after college and before the iPhone launched in 2007.

(I was recently elected to represent San Jose District 10 and will take office in January 2021. In the meantime, I started this blog to share what I’m learning about a variety of issues relevant to San Jose and my take on those issues. I deeply appreciate your feedback and questions as I prepare to represent our community. Sign up to have these posts automatically sent to your inbox: https://forms.gle/N9af77JuK2nJFDMo6.)

Dear Neighbor,

Last Tuesday, the Mercury News reported that Santa Clara County has hired just 50 of the 700 contact tracers it estimates it will need to help contain COVID-19 transmission as the shelter-in-place (SIP) order is slowly relaxed. This is concerning news and the County should share more with the public about why hiring has moved slowly and how they plan to accelerate it (please join me in reaching out to your County Supervisor to ask).

But I’m also left wondering if we are approaching the problem correctly. Do we actually need to hire 700 manual contact tracers? Is there a better way? What can we learn from other countries that have extensive experience managing viral respiratory epidemics?

Santa Clara County is focused on manual contact tracing rather than a technology-enabled solution that could give its limited workforce more leverage. With the necessary caveat that I am a (soon-to-be) representative, not a public health expert, this appears to be a lost opportunity, especially here in Silicon Valley where we have the resources and know-how to build better tools and improve how government solves problems.

First, let me explain what contact tracing is and why it’s important. When someone tests positive for COVID-19, a public health best practice is to interview the infected individual to identify other people they had contact with during their contagious incubation period. Potentially exposed contacts are then asked to get tested and self-quarantine until they have results. The goal of this “test-trace-isolate” method is to break chains of viral transmission in the community:

Credit: CFCF and CDC; https://en.wikipedia.org/wiki/Contact_tracing

Contact tracing has been a standard public health practice for a long time. In the 1930s, the practice was used in the United States to contain a syphilis outbreak and more recently in the 2014 Ebola outbreak response. Since the COVID-19 pandemic began, South Korea and a number of other countries have used contact tracing — along with widespread testing and face mask use — to keep their societies relatively open and safe.

In these countries, contact tracing is an increasingly sophisticated endeavor that does not rely on an individual patient’s incomplete memory of where they have been and with whom they have interacted. Moreover, government-initiated text messages quickly let citizens know when they may have been exposed. In contrast, personal phone calls to exposed contacts, as our current approach calls for, is slow, which is not ideal when one unlucky visit to church or a supermarket could result in hundreds of new cases.

The problem with the approach taken by these other countries, however, is that it relies on particularly invasive data collection and reporting practices that I believe violate individuals’ privacy. New technologies have greatly expanded the surveillance capacity of the state, and we would be naive to think these powers could never pose a threat to civil liberties in the U.S.

In this case, however, there may be solutions that avoid the binary choice between efficacy and civil liberties while still improving upon the status quo. In fact, in our own backyard, companies are building smarter and more decentralized contact tracing tools that incorporate strict privacy protections and keep control with the individual (rather than government). Companies like Google and Apple are working on versions of these solutions, but one of the most exciting comes from a resident of Almaden Valley and his colleagues.

Just last week, I had the privilege of speaking with Dino Farinacci, a distinguished network engineer and former Cisco Fellow, who is building such a system with a few peer technologists. Dino has done some of the foundational work on internet protocols that separate personal identity from IP addresses (device identity), which enables scaling, mobility, and security through important privacy protection mechanisms.

The independent team Dino is collaborating with has built a working holistic prototype of a contact tracing platform called “CT-LISP” (stands for Contact Tracing — Locator/ID Separation Protocol) that leverages the power of near-ubiquitous smartphone ownership (the iPhone launched in 2007, hence the title of this post).

Their system is designed to give total control to the individual to ensure privacy is protected without burdening users with mobile app interaction. This is contrary to other solutions — including Google’s and Apple’s unfortunately — where phones are required to store data about other phones, which mandates more advanced cryptography solutions that drain your battery. These solutions also require the user to interact often with the contact tracing application. In contrast, CT-LISP periodically sends a small amount of anonymized encrypted location data so users can determine in minutes if they are in an exposed area.

Rather than design for the needs of a centralized public health department, the CT-LISP platform is built around the value it can provide to an individual user. People who (voluntarily) choose to install the app receive alerts when they have recently come into close contact with someone who has not been tested for COVID or has tested positive for COVID within the last 5 days (i.e. the median incubation period for the virus). The CT-LISP platform can also inform a user when they want to go to a high-density area (e.g. airport, grocery store, place of worship) if it is safe or a place to avoid.

Visualization of CT-LISP automated alert types based on device proximity. Credit: Dino Farinacci

Critically, the app doesn’t store any information about the individual, including name, address, gender, social security number, or any health status. Thus, if compromised, the app doesn’t put one’s personal information at risk. The genius of the system Dino and his colleagues are building is that sensitive information, such as names and test results, remain where they are already held today, which is in the care of the Public Health Department (PHD).

Instead, their system uses a cryptographic hash and password of the user’s phone number to create a unique identifier the PHD uses to store health state data for the owner of that device. This data is used to initiate text alerts to other phones that were in close proximity recently, but does not contain any individual information. The text alert simply gives you a count of non-tested and tested-positive cases in your 10 meter perimeter. The encrypted data that is pulled by the PHD is archived for only 10 days and then degaussed and deleted.

Overview of CT-LISP platform. Credit: Dino Farinacci

While still a prototype, their platform is ready and can be deployed within weeks, assuming it has a (governmental, ideally public health department) partner that is willing to test it. My hope is that our County or another public health department in our region will evaluate and experiment with privacy-first but still technology-enabled solutions like CT-LISP that could help us better manage COVID-19 and exit shelter-in-place (SIP) faster and with less risk.

If you are interested in learning more about CT-LISP or want to help advance the team’s mission, send email to support@lispers.net. If you want to know more about how networking technology is used for CT-LISP, see http://www.lispers.net.

Finally, I want to be clear that my role as your future representative at City Hall is not to evaluate technologies at a deep level and it likely will not involve many public health decisions because that function falls under the purview of the County. Nonetheless, I feel responsible for asking hard questions about the way that our local governments go about solving problems with our tax dollars and I do plan to identify areas of opportunity that I think should be explored in the interest of the community, which is the spirit in which I’m writing this post.

Too often, in my view, governments bias toward doing things the way they have always done them because the status quo is convenient and safe, not because it will deliver the most value to residents. I plan to be a champion for deriving greater community benefit from our government institutions, especially when the stakes are high as they are in this case. I appreciate the work Dino and his team are doing and I truly hope they and other innovators responding to this crisis will have an opportunity to contribute to the solutions we desperately need at this time.

As always, I value your perspective and feedback. Please reach out anytime!



Councilmember-elect, San Jose District 10; matt@mahanforsanjose.com, 408–891–9708

Matt is Councilmember-elect for San Jose District 10, which includes Almaden Valley and Blossom Valley. Matt takes office in January 2021 and uses this blog to share what he’s learning about a variety of local issues and his take on those issues. Matt and his wife, Silvia, are proud to be raising their two young children, Nina and Luke, in District 10. You can subscribe to Matt’s updates here: https://forms.gle/ycvcf3fbKSFU2JfA6

Councilmember, San Jose District 10. Formerly Brigade CEO & Co-founder Brigade, SVLG and Joint Venture Silicon Valley Boards, and SJ Clean Energy Commission