Australia’s contact tracing app bugs and privacy issues. Should you be worried?

Covid-19 is affecting every aspect of life. As governments scramble to get this pandemic under control, they have enlisted the help of tech giants, including Apple, Google, and Microsoft, to create contact tracing apps. 

However, many privacy advocates are sounding the alarm out of fear that in an attempt to track the Covid-19 virus, governments and tech companies could violate the cyber security and privacy rights of individuals.

Covid-19 tracing apps are a good initiative with a potentially dangerous outcome

The goal is to minimize contagion, protect public health, and get businesses opened again so that the economy can flourish. Contact tracing app initiatives seem to be a key tool in accomplishing this by tracking new infections and minimizing exposure.

This potentially good initiative has been propelled forward by tech giants and public health authorities around the world. The goal is to create application programming interfaces and apps to support a project that has taken on a global scale. Within the United States, some states have released their own version of contact tracing apps or APIs. The partnership between Microsoft and the University of Washington seems promising and will probably produce an app that can be used by public health agencies.

However, it is the partnership between Apple and Google that is catching most people’s eyes. This is because both Apple and Google have a less than stellar history with privacy issues. One of the biggest concerns is that these two tech giants are contemplating using Bluetooth Low Energy tech to alert people when they have been exposed to a person who might have Covid-19. This is all done without relying on third party cloud storage providers, which can pose a privacy concern based on where their servers are physically located.

One major concern with this method is that it could lead to discrimination. Or it could lead to individuals who have been diagnosed with Covid-19 being forced to have information about them shared with others in a non-voluntary way. Additionally, there seems to be no strategy for sun setting any data that is gathered during the pandemic. The fear is that a person who was diagnosed with Covid-19 might have that diagnosis linked to their name even after the pandemic has ended.

How tech giants are responding to privacy concerns

Apple and Google have responded to these concerns by discussing their transparency processes and their plane to disconnect contact tracing services once the pandemic has come to an end. Still, in view of their history with privacy issues, many people are concerned about using a contact tracing system backed by these tech giants, the government, or a different agency.

This leads to another issue in that the only way that contact tracing apps will be successful is if an enormous part of the population participates. The challenge that the government and tech giants must overcome is ensuring individuals that any data collected will only be used for the duration of the pandemic and that this information will be destroyed once the fight against Covid-19 has been won.

Recent high profile cyber security breaches and privacy violations have changed how customers interact with businesses that collect data. Customer’s expectations for public and private entities that collect data have changed. Some of the trust that they had years ago in these entities has deteriorated.

Heed the words of Adelaide-based network security analyst William Ellis, who says that “There are several ways that you can protect your personal data, starting with installing a VPN from a reputable company. With an increased risk of cyber attacks especially during and after the pandemic, in order to secure your devices, you need to take some extra steps that could protect you from potential data leaks and hacking attempts.”

Informing the public of the pros and cons of contact tracing apps

Contact tracing apps that rely on Bluetooth are in reality a blunt tool for identifying individuals who have Covid-19 or identifying potential exposure. Individuals who allow their data to be gathered by contact tracing apps should know full well what they are giving up when they take part in this program and its potential benefits.
For example, the apps used could allow others to identify the individual who has Covid-19 because both the app and the user rely on GPS. This is especially worrisome for individuals who live in sparsely populated areas. Anonymizing the data in a sparsely populated city could be difficult.

Most people are surprised when they learn the amount of personal information they are giving up by allowing an app to use geo location tracking. Geo location tracking gives others keen insight into your everyday activities. It might surprise you when you look at the geo tracking on your phone and see what potentially embarrassing facts geo-locating can lead to.

Some people who know all the privacy risks still feel that with the Covid-19 pandemic, the need of the many outweighs the need of the few. They feel that the clear public health need requires people to participate in contact tracing. At the same time they feel unnerved with the idea of hackers, the government, or private institutions knowing where they go and when they go there.

Contact tracing using Bluetooth is a good idea. But does it really work?

Contact tracing using Bluetooth works because it lets a person know if they are in proximity to someone who has been diagnosed with Covid-19. However, proximity is only one factor in virus exposure, and it may not be as important as other factors, such as whether a person was wearing a face mask.

The other issue with using proximity to determine a person’s risk is that a person cannot 100 percent control who they are around. What happens if a clean proximity record becomes a requirement for a person to go back to work, get life insurance, or go about other daily activities?

For contact tracing to work, information needs to be collected on a massive scale. There is a better chance that these systems, which have been designed to contain Covid 19, will eventually be used as a way of digitally surveilling people. And even though many companies have said that the data collected will be destroyed after the pandemic has reached its end, if we have learned anything from the increased surveillance after 9/11, it’s that once data is collected, there is no guarantee when or if it will ever be destroyed.

Current legislation may require the data to be destroyed at a particular date. When that date arrives, provisions could be put in place to allow the data to be stored for longer and for more collection to take place.