Dr. Craig Spencer was treating Ebola patients in Guinea two weeks ago. He now is in isolation at Bellevue Hospital Center in Manhattan after showing symptoms of the disease himself. Health officials are telling New Yorkers not to worry, and that Ebola is a difficult virus to contract – requiring contact with body fluids from an infected person while they are showing symptoms, including fever and diarrhea.
All the same, those officials are continuing to retrace Spencer’s steps through the city to see who might have been exposed to the virus. They have Spencer’s own account as a starting point, but they’re being helped by the multiple electronic checkpoints of life in the city.
From our commute on the subway, to buying our morning coffee with a credit card, to that Uber ride and of course Facebook updates, we are all leaving a digital wake as we move through the physical world.
“There’s a whole field of digital epidemiology harnessing these new digital data streams like digital exhaust for purposes of public health,” says John Brownstein, associate professor at Harvard Medical School.
Spencer took an Uber to the Gutter bowling alley in Brooklyn, for example.
“You can get access to the driver, distance [and] location that driver went to, the other passengers of that vehicle,” Brownstein says.
Credit card histories are obvious logs of a person’s location. But there are less obvious sources of information as well.
“We’ve looked at people’s access to free wireless networks, and we could tell when two people were close to one another and how they move around the city based on their access to social networks and we can model the spread of disease,” Brownstein says. That information is usually aggregated to study movement of large groups and transmission of disease, but it could also be used to trace individuals.
Smartphones especially leave digital trails far beyond simple call logs or even GPS data.
“That phone is doing a bunch of things for us,” says Gavin Manes, CEO of digital forensics firm Avansic. Not only is it regularly checking with the phone company for texts or voicemail messages, it is interacting with third parties.
“If you work for a business, you are probably have an email account connected to something like Microsoft Exchange,” he says. “Every so often your phone is making sure it still has the connection and reporting to that server what its IP address is and its approximate location.” While a phone company may keep its logs of a user’s location for only a few hours or a few days, the logs on email servers – or Facebook servers or Twitter servers – persist much longer.
Even digital keychains used to lock or unlock a vehicle can send information that can be picked up, says Mane. When you point your keyfob at your car and click to unlock it, that message can be picked up by another car of the same make.
There is one big caveat to using all this data.
“It’s not easy and it’s not automatic,” Manes says.
Take the subway, for example. It’s possible to detect what subway card was swiped at a turnstyle right after a sick person’s. From there, an investigator may have to go to a subway card machine’s records to determine what credit card number was associated with that subway card. From there an investigator will have to connect a name to that credit card number, which will probably involve going through a credit card company.
“There is no computer in someone’s basement that’s automatically tracking that material together,” Manes says. This is because none of these data sources was designed to track people for the sake of tracking people.
“This tracking data, it’s not like these systems were developed for that purpose, it’s a byproduct of the system needing to function,” Manes says. “When we can triangulate someone’s cellphone, it’s not because we designed the cellphone system to be able to do that, it’s a byproduct of the need of the phone company to know where someone is so they can know which cellphone tower for them to talk to.”
The data is big, and so is the city. Sifting through both is a monumental task.