Contact-Tracing App Privacy: Apple, Google Refuse to BudgeGermany Changes Tack to Decentralized Model; Some US States Seek More Control
Governments continue to pursue contact-tracing apps to help more quickly alert individuals if they came into contact with someone who later tested positive for COVID-19.
See Also: 2021: A Cybersecurity Odyssey
Some countries are pursuing a centralized approach, wherein they collect and store all data pertaining to app users' identities, location and contacts. But many privacy and security advocates are instead calling for countries to take a more decentralized approach, to avoid unchecked surveillance and minimize the risk posed by data breaches.
Likewise, both Apple and Google, while promising to build new capabilities into their mobile operating systems to help, have refused to accede to demands from some countries that they allow governments to centrally store information about users who adopt such apps.
As a result, the German government on Sunday announced that instead of continuing to pursue a centralized approach, it will shift to a more privacy-preserving, decentralized approach.
"We will promote the use of a consistently decentralized software architecture" for use in Germany's contact-tracing app, says Health Minister Jens Spahn via Twitter.
"This app should be voluntary, meet data protection standards and guarantee a high level of IT security," Spahn and Chancellery Minister Helge Braun say in a joint statement released on Sunday, Reuters reports. "The main epidemiological goal is to recognize and break chains of infection as soon as possible."
Germans can also voluntarily share data with the Robert Koch Institute, which is leading the country's response to COVID-19, "in pseudonymized form for epidemiological research and quality assurance," Spahn says.
Contact-tracing apps are meant to help augment the laborious, manual process of tracking individuals who have tested positive for COVID-19 and then attempting to notify everyone with whom they may have come into contact since they were infected.
Via these apps, users could also self-report symptoms, share their phone number and seek medical advice.
Public health experts say that if adoption of such apps inside a country reaches a certain level - ideally, 60 percent or more - they could help countries to better contain COVID-19. But these apps will only be effective, experts warn, if countries have in place robust blood-testing programs, teams of manual contact tracers and sufficient levels of personal protective equipment for front-line workers, including medical staff.
Such apps remain a work in progress. One technical challenge is that Bluetooth signals easily pass through walls, and the standard wasn't designed to be used to track the location or distance of one user from another. As a result, apps could experience a high rate of false positives, for example, for users who live in apartment buildings.
Another challenge is duration of contact. Researchers say epidemiologists have been requesting that apps not record a single interaction, but rather an interaction of a specific duration, such as 10-15 minutes, since that ties to a much greater risk of infection.
Scientists See Surveillance Risks
Allowing governments to centrally collect the contact-tracing data needed to make these apps work, however, risks enabling "unprecedented surveillance of society at large."
So warn more than 500 leading scientists and researchers, from more than 25 countries, in an open letter published last Monday (see: Contact-Tracing Apps Must Respect Privacy, Scientists Warn).
In it, they write that without openness, transparency and allowing users to opt in, such projects risk too few users buying in, and could potentially make the pandemic worse. They also warn that unless these apps minimize data collection, they could be abused, for example, to allow governments and others to see a "social graph" of everyone with whom a user has physically come into contact. Finally, because accessing GPS data involves centralized data, they have said contact-tracing apps should only rely on Bluetooth.
"Everyone accepts that extraordinary times can call for extraordinary measures, but it has to be done transparently, with legal backing and with oversight," cybersecurity expert Alan Woodward, a signatory to the letter, tells Information Security Media Group (see: COVID-19 Contact-Tracing App Must-Haves: Security, Privacy).
"To do otherwise risks what start out as good intentions being misused in future," says Woodward, who's a professor of computer science at the University of Surrey. "Not all governments are benign."
One project for supporting decentralized contact-tracing apps is DP-3T, for "Decentralized Privacy-Preserving Proximity Tracing." The project team has released the source code of its approach to GitHub, and was cited in the open letter as being one of four privacy-preserving, decentralized methods that ascribe to the researchers' best-practice recommendations. The others are TCN Coalition, PACT (MIT) and PACT (UW).
Both the Austrian and Swiss health systems have already announced that they're working with DP-3T. The project team has said it now welcomes the German government's shift to a decentralized approach to contact-tracing apps.
Centralized Approach: Multiple Backers
So far, at least 30 governments have launched programs designed to track individuals who have contracted COVID-19, or to enforce quarantines ordered by health officials, reports Medium's OneZero technology and science news site.
By not all of them are taking a decentralized approach to collecting and processing contact-tracing app data, which is what many scientists and researchers have recommended as the best way to ensure maximum trust in - and adoption of - such systems.
Australia - which released its app Sunday - France, Singapore the United Kingdom as well as numerous U.S. states back a centralized approach. This would enable governments to track individuals, including their location, as well as who they came into contact with and for how long.
Israel's supreme court, meanwhile, recently banned its security service from continuing to track anyone in this manner, as it was allowed to do via emergency powers introduced in March. For such tracking to resume, the court ruled that the legislature must pass new laws.
In the U.S., contact-tracing app efforts are already underway, including in North and South Dakota, which are testing the Care19 app, as well as in Utah, with its Healthy Together app. Both of those apps don't just use Bluetooth; they also use GPS data to track and record a user's precise location at the time any interaction occurs, Reuters reports.
"What Utah wanted to understand is not just who is spreading [the virus] to whom but also location zones," Jared Allgood, chief strategy officer for startup firm Twenty, tells Reuters.
"Is it happening in a park, a Costco or a Walmart? They are trying to make policy decisions that move our economy from a broad-based 'everything is shut down' to a more targeted approach," says Allgood, whose firm built the app for the Utah state government at an initial cost of $1.75 million
Apple and Google Prep Changes
Apple and Google have promised to release tools for their respective iOS and Android mobile operating systems to make it easier for public health officials to design interoperable apps that individuals can use to self-report symptoms. While the firms predicted doing this by May, both now expect to ship this functionality by the end of April.
Soon after, Apple and Google have promised, they will build into their platforms capabilities designed to support decentralized contact-tracing apps. One of the most significant will be the ability of users to opt into having their phone trade anonymized identifiers with other phones that come into a specified range, for a specified duration. Such "handshakes" would occur without users always having to keep their phone unlocked or contact-tracing app active.
On Sunday, the Australian government released its COVIDSafe app, and by Monday, more than 1.9 million Australians had downloaded it. But users must leave the app running whenever they leave home. Some technology experts have warned that it's not clear how much the app, with its constant use of Bluetooth, might rapidly drain smartphone batteries.
In contrast, the capabilities to be rolled out by Apple and Google would ensure that if users activate contact-tracing capabilities, then their devices would continue to gather the data regardless.
Not Promised: GPS Data
Beyond promising to facilitate opt-in contact-tracing apps based on Bluetooth that take a decentralized approach, however, Google and Apple have stopped short of promising to record with GPS coordinates the location where individuals came into contact, as is being requested by North and South Dakota as well as Utah.
The developers of the Care19 app, which has 40,000 North and South Dakotan users, want both the GPS and Bluetooth location data to be collected to help manual contact-tracing teams identify precise locations where an individual infected with COVID-19 may have been, so teams can telephone those locations to try to better trace outbreaks. Developers say Bluetooth alone won't facilitate that; they also want GPS coordinates to be stored by Apple and Google and shared with the states - potentially when users self-report having COVID-19 symptoms or a positive diagnosis - so they can contact physical locations, such as bars and restaurants.
Of Apple and Google's approach, "I would encourage them to go for the 'and' and not the 'or' solution," North Dakota Gov. Doug Burgum tells Reuters. A former technology executive, Burgum sold ERP software maker Great Plains Software to Microsoft for $1.1 billion in 2001, then became head of Microsoft Business Solutions.
"During this new normal, there is a place for having solutions that protect privacy and enable more efficient contact tracing," Burgum says.