Raimondo outlined her state's plans during a discussion with Washington Post reporter Frances Stead Sellers Wednesday morning, part of the Post's Live interview series on virus recovery efforts. Later, Sellers spoke with Mozilla CEO Mitchell Baker to get her perspectives on the project.
Rhode Island recently entered into a contract with Salesforce to develop an app that would help infected residents share important information, including daily location data, with the state's Department of Health (RIDH). The contract, which is for a six-month period, will allow Salesforce to set up and provide support to the application, which the company is doing for no charge.
"Privacy and data protection are paramount," said Raimondo, explaining the project. "First of all, I believe in them as values and second of all everything is about giving people confidence...we want voluntary compliance. Nobody is going to be forced to do this... Which means I need to give you confidence that if you opt-in your data is safe."
The app would allow residents to schedule COVID-19 testing appointments using their phone, she said. After that, the app will notify the person whether they tested positive or negative. If the person tests positive, the app would then share certain data with the state's Department of Health, while also hopefully providing "options [suggestions] for them to self-isolate," said Raimondo. The app will also query the resident on how they are feeling, checking for symptoms on a semi-regular basis.
The data shared with RIDH would not be shared with any other groups or organizations, would not be sold to private companies and would ultimately be destroyed after the case investigation is ended — a span of "weeks, not months," Raimondo said.
During her interview, Mozilla's Baker complimented the governor's plan for its sensitivity to individual privacy: the fact that the project involves "a voluntary component," has "a very limited access to data," a use limitation on data, and a timeline for data destruction, are all positive policy aspects, Baker said.
That said, there are some areas where officials should be careful, she said.
Making the app open source would be a good idea because it's a way to ensure public trust, Baker said. Ultimately, consumers want to have faith that what the government says its doing is actually what its doing.
"How do citizens know what is actually happening? What data are you collecting, where is it going, how is it used and when and how is it destroyed?" she said.
Similarly, even if an app is opt-in, said Baker, these "optional" applications can quickly become coercive depending on the circumstances. Developing fairly flexible standards for such an application would be important, she added.
"Take any piece of software you use, an app you use — in theory, you have the ability to not opt-in. But in fact, in reality, you can't not opt-in to the terms of your Android phone or your iPhone," she said. "So if you don't opt-in [to the tracing app] can you go into a grocery store? Can you go into a drug store? Can you do any of the other things that you actually need to do? It's very easy for that to become coercive."