Coronavirus Tracing Apps Conflict With Privacy

Smartphone apps designed to trace people at risk of Covid-19 infection have attracting criticism in Europe and the US for their potential as surveillance and spying tools to be used by governments.  

Scientists and researchers from more than 25 countries have published an open letter urging governments not to abuse such technology to spy on their people and warning of risks in an approach championed by Germany.

More than a hundreds of the British researchers and scientists have expressed concern over privacy and security resulting from 'mission creep' as the UK's government plans for using smartphones to trace and combat coronavirus slowly get going.

Much of our pre-coronavirus lives may be reclaimable with some modifications around how we work, socialise and travel, however in one crucial way the post-pandemic landscape will be very different as an individual’s autonomy and data privacy may be lost as mobile telephones are used for surveillance.

This will have important consequences for the relationship not just between citizens and governments, but also between consumers and businesses.

The risk of the coming end of privacy is attributable to the success of virus tracing apps in South Korea and Taiwan which have both been effective in flattening the Covid-19 curve by digitally tracking infected persons. No government was using dispersed databases as extensively to fight the spread of the disease as South Korea. Before an explosive outbreak in its worker dormitories, Singapore earned praise for TraceTogether, which claims to be the first Bluetooth contact-tracing app covering an entire nation. The 1.4 million users represent roughly a fourth of the island’s population.

Governments want access to phones, with or without informed consent and turning the clock back will be difficult, if not impossible. Where boundaries between private and public are thin to begin with, a pandemic can make them disappear. 

There have been assurances from various governments, including those in France, India and Singapore, that tracing  Apps will go away once the outbreak is contained, but no legal guarantees.  

  • The Singaporean app records physical proximity in an anonymised form on smartphones. Minimal data is stored on servers. The national TraceTogether’s App building blocks are in the public domain although he source code of  is yet to be disclosed.
  • As India reopens after a 43-day lockdown, it’s mandatory, first for public-sector employees and now for private-sector workers and company bosses are liable to ensure their workers download the app, though nobody is accountable for misuse of data.  The Indian government recently denied a French security researcher’s claim that the privacy of ninety million Indians is at stake. 

An analysis of China’s Alipay Health Code software, which uses various data sources of data to categorise a person’s health status with a colour code, found that some information is shared with the police.

One consequence of Covid-19 will be to erode privacy in the name of public health. European data protection laws will try to ensure that the emergency collection and processing of personal information is legally accountable and for a limited purpose but the British parliament’s human rights committee says it isn’t convinced that the National Health Service’s tracing App protects privacy.

Where they exist, robust institutions could will offer resistance to surveillance but  in many places the individual’s autonomy has already become a virus casualty. Poorer countries where consumers have only recently started going online will see states insist on devices that come with pre-loaded tracking apps. 

Whether sensitive data will be kept safely on devices or stored on a central server in a way that might allow a bad actor to reconstruct a person’s social activity, keeping a record of where they have been and when and who they meet. will become an urgent question as efforts to control the Coronavirus extend around the world.  

Bloomberg:      ZDNet:     SCMP:       LA Times:   

You Might Also Read: 

Incompatible: Privacy & The Internet of Things:

Coronavirus Track & Trace Apps On A Deadline:

 

« Hacked Vehicle Owner Database For Sale
Vehicle Cyber Crime Attacks Double »

Directory of Suppliers

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 4,000+ specialist service providers.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Tenable Network Security

Tenable Network Security

Tenable Network Security - Don't rely only on CVSS to prioritize. Use machine learning to predict what is most likely to be exploited.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

Thursday, August 20, 2020 - Join SANS and AWS Marketplace to learn the exercise of applying MITRE’s ATT&CK Matrix to the AWS Cloud and how to enhance threat detection and hunting in an AWS environment

ViewDS

ViewDS

ViewDS specializes in cloud identity management solutions, directory services, access and authorization management solutions, and data synchronization tools.

Junglemap

Junglemap

Junglemap provide nanolearning training courses on ransomware, information security and GDPR.

Mobile Crypto

Mobile Crypto

Mobile Crypto is a developer and provider of sophisticated, robust and comprehensive "end to end" strategic encryption solution mainly for Government Agencies and Enterprise End Users.

Swiss Cyber Storm

Swiss Cyber Storm

Swiss Cyber Storm is a non profit organization hosting the international Swiss Cyber Storm Conference and running the Swiss part of the European Cyber Security Challenges.

Daltron PNG

Daltron PNG

Daltron PNG is a leading provider in ICT solutions for businesses in Papua New Guinea.

Trustelem

Trustelem

Trustelem offers European and global companies a ready-to-use access management service that respects the principles of sovereignty, territoriality and privacy.

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

BrandShelter

BrandShelter

BrandShelter specializes in providing online brand protection for companies and trademark owners.