As Governments Pursue Contact Tracing Apps – Privacy Advocates Push Back
Contact tracing apps raise data privacy concerns for security advocates. Many governments are pushing for centralized data collection so they can track COVID-19 effectively and possibly restart their economies. However, some tech giants like Apple and Google are pushing for optional and decentralized contact tracking to help safeguard privacy. There are massive privacy concerns if any government is allowed carte blanch access to the whereabouts of citizens.
Bluetooth contact tracing apps installed on smartphones and other mobile devices are being used to monitor the proximity and duration of contact between devices and, by default, their owners. The contact tracing apps can help identify people who have been exposed to COVID-19 but may not know it. Some countries want to collect and store all data in centralized servers while others are against the idea. Collected data may include location, who you were near, and for how long. Information taken from devices includes identity and contacts. Proximity data is taken from Bluetooth data on the phone. Security professionals, privacy advocates, and scientists are all concerned about handing governments unchecked surveillance access to citizens while also opening up a huge target for hackers.
Google and Apple have both agreed to build contact tracing to help track the spread of COVID -19 and enable healthcare workers to track down who else may be infected. They both support decentralized data collection and have refused to give into requests for mass surveillance using centralized data collection.
An open letter signed by hundreds of scientists around the world, stated “Some of the Bluetooth-based proposals respect the individual’s right to privacy, whilst others would enable (via mission creep) a form of government or private sector surveillance that would catastrophically hamper trust in and acceptance of such an application by society at large.” The letter goes on to call for full transparency with any contact tracing app. All apps should be optional and only collect what data is necessary to support public health measures for the containment of COVID-19.
Contact Tracing Apps
Contact tracing is the concept of identifying sick individuals and then notifying everyone who came in contact with them. It is used to identify and track who a sick person came into contact with so they could be quarantined to reduce further infections. As the COVID-19 pandemic continues to spread, the concept of contact tracing is growing in interest to mitigate the disease and also to reduce the damage to world economies. South Korea uses contact tracking app so only those who are infected or exposed to the infected must quarantine at home. This way, businesses can stay open and people go about their lives normally.
Contact tracing may be accomplished through an interview process often. In person interviews have been a way for governments and health organizations to track smaller outbreaks but are too time consuming for an illness that affects millions of people. With a pandemic spreading globally, contact tracing must involve some sort of automation to effectively track down vulnerable people who have come into contact with infected individuals.
Smartphone contact tracking app can be an effective tool in the fight to stop the spread of COVID-19, help end the quarantine period, and save lives. But the apps only work if they are adopted by a significant portion of the population which raises privacy concerns.
Germany Switches to Decentralized Tracing
Although using Bluetooth tracing apps to detect and register when mobile devices are near each other has benefits, it is security risk. Most of the debate is about where to store this data – with the government, a health agency, or on the device itself.
Germany’s Chancellery Minister Helge Braun and Health Minister Jens Spahn recently said that Berlin is reversing its position and going with a “strongly decentralised” approach to contact tracing. This means their citizens can choose to opt into tracing and sharing symptoms. At first Germany wanted to use Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) which required the cooperation of Apple to change their OS. Apple would not cooperate forcing Germany to change its course.
On iPhones Bluetooth handshakes required for contact tracing can only occur if the phones are unlocked and the tracing app is running on top. This is an inconvenience to the user and a security risk for the device and all of the information on it. Apple and its iPhones will use decentralized tracking protocols like such as DP-3T.
France and Britain’s NHS still back centralization. Switzerland, Austria and Estonia are all going with decentralized DP-3T tracing.
Contact Tracing is Prone to Error
Like any testing and reporting, this is prone to errors too. Most of the contact tracking apps depend on Bluetooth data from smartphones. Bluetooth data is used over GPS location data because it is more accurate. However, Bluetooth can penetrate walls and may confuse one device if is located too close to another device in an office or apartment building.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers