Can COVID-19 Contact-tracing Apps Really Guarantee Data Privacy?

Publié dans Coder stories

12 mai 2020


Can COVID-19 Contact-tracing Apps Really Guarantee Data Privacy?
Sooraj Shah

Freelance tech journalist

When the news broke that Apple and Google were teaming up to develop technology that will alert users when they have come into contact with people found to be infected with coronavirus, the first reaction by many was likely to have been shock, followed by excitement.

Shock, because Apple and Google are fierce rivals in the smartphone operating system market, as well as with regards to a host of other electronic devices, such as smart watches, laptops, and tablets. The excitement, meanwhile, would have been because two of the biggest companies in the world were going to be working together to help in the fight against coronavirus.

But shock and excitement would not have been the only reactions to the news. Prior to the announcement, there had been skepticism about governments around the world creating their own contact-tracing apps, so for privacy campaigners and data-protection advocates, the Apple-Google partnership immediately set alarm bells ringing.

Considering they provide the software for the vast majority of smartphones in use, these two organizations are hoping that, in the long term, they won’t need dedicated apps for contact-tracing. Instead, the ability to use smartphones’ Bluetooth signals will be built into the operating system framework, meaning that the companies will gain better traction with citizens, as users won’t have to download and open apps in order for contact-tracing to be detected. The signal will determine whether a user has recently been in proximity to someone with COVID-19 for a long enough period of time to have been at risk of catching the virus, and if the user later tests positive for the virus, a warning will be sent to the original handset owner. The tech giants are first going to build an API that can be used by existing contact-tracing apps, and will then release updates to their operating systems.

“This can all be done anonymously, which is an interesting form of privacy protection, but it is not perfect,” says Gaël Duval, a data-protection specialist who has created his own privacy-focused mobile operating system, called /e/.

In their joint statement, Apple and Google said: “Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders.” According to them, no GPS location data or personal information will be collected. The system, which will also be opt-in and decentralized, was given public support by almost 300 academics from 26 countries in a letter published on Monday, April 20. In it, they assert that contact-tracing apps that use Bluetooth tracing are more privacy conscious than those that collect location data in a central repository, and if public-health bodies, such as the NHS in the UK, build centralized contact-tracing apps, they will struggle to win the trust of enough people to ensure their apps’ success.

However, Duval, who also created the Linux distribution Mandrake in 1998, believes that there could be issues with both types of app. “The problem with this technology is that it’s not 100% safe. Some governments could use it for any purpose and maybe they won’t tell their citizens, and some organizations may use it for their own purposes, while cybercriminals [who hack into the apps or systems] could use the data for any purpose. Anything is possible,” he says, adding that it’s different for companies such as Apple and Google, who already have an enormous amount of data for users all of the time.

For the Apple-Google initiative, the records of the IDs involved will be stored on cloud servers and anonymized, meaning it will not be possible to figure out someone’s identity. This will be more secure because the matching process of IDs in the same proximity would take place on phones rather than cloud servers. However, Duval feels that, despite this, there may still be a need for data to be centralized in order to get the right statistics. “It’s not impossible, then, to track people and know where they’ve been,” he says.

In addition, he believes sensors on beacons—owned by tech companies or governments—could also be used to detect Bluetooth IDs, although there are ways to mitigate the risk of anonymous data being de-anonymized, such as by ensuring the Bluetooth ID numbers are encrypted and continually changing the ID numbers associated with a user.

Fighting for freedom

According to Duval, if governments force people to install these apps, or update their operating systems to ensure they have the necessary features being implemented by Apple and Google, then it could have a real impact on citizens’ freedom and democracy. “If we accept this now, we are not sure we’ll go back. The companies and governments might keep using it, which could be problematic,” he says.

Of course, organizations could put measures in place to ensure that once the pandemic is over, there would be no further use, but Duval’s concern is that it will be too tempting for these companies to continue to use these technologies. “If we get to a point where this feature is a default in all operating systems for Apple and Google, I would be very surprised if they remove it,” he adds.
The worst-case scenario is where this kind of technology is used to create a surveillance state. “People would be tracked all of the time for any reason—a bit like what’s happening already in China. While people already seem to accept this in China, my fear is that we could move to a new world where everyone is tracked—a non-free world,” says Duval.

Complying with standards and legislation

Duval believes there will be a big focus from developers on building the necessary security layers around the apps that will use Apple and Google’s API, and for those that don’t. Like every app, though, there is no such thing as completely secure, and so there’s a risk of cybercriminals being able to get access to certain parts of the data for data breaches, and for misuse thereafter.

And then there’s the legal side. “If you look at the GDPR, it clearly requires that any user has to opt in specifically to this new kind of technology, so there is a disparity between what seems to be happening [with all of these different apps] and the law regulation, so I’m not sure how they’re going to solve this point,” says Duval.

The European Data Protection Supervisor has said the Apple-Google initiative will be assessed thoroughly but that, on the surface, it seems to tick the right boxes with regards to user choice, data protection by design, and pan-European interoperability.

Apple and Google’s approach is for users to use the contact-tracing element voluntarily and anonymously. The same may not be said for other apps being created by governments and third parties. The European Union has already called on Apple and Google to remove contact-tracing apps that violate users’ privacy from the App Store and Google Play.

However, at the start of April, Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) was announced—an initiative involving more than 130 technology experts and scientists who are trying to develop their own privacy-conscious contact-tracing application.

No proof of success

What has surprised Duval most, though, is the hype surrounding contract-tracing apps. This is because, firstly, there is no concrete proof that if everyone were to use them, they would definitely help governments. However, the joint letter signed by hundreds of academics did highlight contact tracing’s potential to help prevent second waves of COVID-19 occurring as countries come out of lockdown.

Duval is also surprised because these apps’ success depends on a large portion of people using them—about 80% to 90%. This has been made clear by the one used in Singapore, which was launched in March and whose use was voluntary but, by the start of April, only 12% of the population had done so. He also thinks that it would be hard to convince people to use the apps if there is evidence of organizations tracking their every move. “In general, people don’t like to be tracked by their governments. When they know how they’re tracked by Google, for example, they’re very frightened,” he says.

He believes these apps have had so much attention because there is still a lack of light at the end of a very dark tunnel. “I think everyone wants to do this because, at the moment, there is no solution to the crisis and everyone is trying to bring one,” he says. But hope at a time of uncertainty should not mean that people waive their rights to privacy, freedom, and democracy. Citizens, privacy campaigners, technology organizations, legislators, and governments all need to come together to ensure that contract-tracing is only used for helping to overcome the pandemic and nothing else.

This article is part of Behind the Code, the media for developers, by developers. Discover more articles and videos by visiting Behind the Code!

Want to contribute? Get published!

Follow us on Twitter to stay tuned!

Illustration by Blok

Les thématiques abordées