Healthcare, Technology

How Privacy And Security Concerns Are Impacting Coronavirus Contact-tracing

Image by Gerd Altmann from Pixabay

The world expects the telecoms to play a vital role in the control of coronavirus through contact-tracing apps that should be used to mitigate its spread, this is, however, proving to be a tough nut to crack. Contact-tracing, as seen by a lot of people, is fraught with privacy and security issues which may undermine this much-needed avenue of fighting COVID-19.

We need right now to put in everything we have got scientifically into mitigating the spread of coronavirus as a body. We shouldn’t be divided, but is that really possible?  

Without any doubt, telecommunications has a great role to play in contact-tracing especially where we deploy apps that can monitor the spread of the virus. However, this can only be feasible where nations, corporations, and individuals are on the same page.

Incidentally, that is not what we have on the ground now. While we believe that contact-tracing will go a long way in redeeming the situation we have at hand, there are concerns from varying quarters as regards the privacy and security of the people.

Fighting the coronavirus pandemic in Asia 

A vivid example of the use of contact-tracing in the fight against the spread of coronavirus is that of South Korea. The country may be said to have done the most appreciable toward the mitigation on all fronts against the spread of the virus.

Quite unlike a lot of other countries, the Korean government was directly involved in the creation of tracking apps. In conjunction with the Ministry of the Interior and Safety, it went ahead to launch a smartphone app to monitor citizens on lockdown through GPS to ensure they were not breaking quarantine rules. 

Some people may want to see this as taking the whole situation to an extreme level, but we can’t deny the fact that this when added to the rigorous testing campaign the country also embarked on, placed South Korea on another pedestal in mitigating the spread of Covid-19.

Singapore also with its Government Technology Agency (GovTech), the in-house IT agency of the Singapore public service, worked with the Ministry of Health (MOH), to launch the TraceTogether contact-tracing app.

The TraceTogether app is able to exchange short-distance Bluetooth signals between phones to detect users who have been in proximity to one another. The app, however, is said not to collect or use location data, and it does not access a user’s phone contact list or address book. 

It is said to only establish that a contact has been made, but not where this contact was. The problem, however, is that people don’t completely trust these approaches.

We are in a world of big data and any information you release can be used negatively. Another angle to this is that even when governments and corporations have your best interest at heart, how are you sure that any data that has been gathered about you will not eventually fall into the hands of cybercriminals who will capitalize on it to flinch you?

All we have been hearing to a very large extent is heart-warming, contact-tracing apps are being devised in such a way that they enable users who have been in proximity with a user who has tested positive for Covid-19 to take the necessary action sooner, such as monitoring their own health closely for symptoms.

How it is in Europe

But, can we really ensure that in the course of trying to mitigate the spread of COVID-19, we are not altogether creating a bigger problem for the populace? Taking a cue from Europe’s Data Protection Commissioner, Jean-Philippe Walter, there could be possible side effects of digital contact-tracing applications in the prevention of the Covid-19 pandemic. 

There is, therefore, the need for adequate safeguards to be put in place in order to prevent risks to personal data and privacy. Based on this the Council of Europe has advised that if apps are deployed, then this should be for a limited duration only and solely on a voluntary basis. 

They also insisted that such applications should include specificities “by design” to prevent or minimize risks. This could be to ensure that the location of the data of individuals is not used, that no direct identification is possible or that re-identification is prevented.

Germany, in a way to fight the virus has decided to support the Pan-European Privacy-Preserving Proximity Tracing (Pepp-PT) protocol developed by organizations including German health agency the Robert Koch Institute. The Pepp-PT explained that this is a mission that warrants all hands being on the deck in order to arrest the virus which had spread so quickly and has also been able to traverse all political boundaries.

The app is expected to lodge the encrypted proximity history of an anonymous user who has not been tested or tested negative on their phone and this information cannot be viewed or transmitted to any other person. It ensures that only the proximity history that is considered relevant for transmitting the virus is saved, any other history is not important for this cause and is deleted.

The second mode of the app facilitates health authorities contacting a user that has tested positive for coronavirus whereby, they go ahead to provide a transaction authentication number (TAN) code that ensures potential malware cannot inject incorrect infection information into the Pepp-PT system. The user will then go ahead to voluntarily use this TAN code to provide information to the national service that permits the notification of Pepp-PT apps recorded in the proximity history and hence potentially infected.

The problem here is that people do not completely believe that governments will adhere strictly to this and there is the other concern that this large volume of personal information that the authorities wish to gather can fall into the hands of cybercriminals who will then proceed to carry out attacks.  

Tech Giants to the rescue

Based on this distrust, Apple and Google API have decided to wedge into the situation and want to ensure that they would strictly limit the information public health authorities could gather and would not allow health authorities to ask a phone to gather a list of every other phone it has been in contact with. They intend to effect this in two steps all the while, ensuring that any potential user’s privacy is holistically protected.

The companies say that their application programming interfaces (APIs) will enable interoperability between Android and iOS devices using apps from public health authorities. These official apps will be available for users to download via their respective app stores.

Apple and Google added that they would work to enable a broader Bluetooth-based contact-tracing platform by building this functionality into the underlying platforms. The problem, however, is that this is not going down well with some authorities. 

For instance, the NHS initially decided not to buy into the Apple and Google solution for contact tracing but has deemed it necessary to capitulate. The NHS was of the view that if the individual alone is informed it may jeopardize the effort of the health authority in trying to gain a clear picture of the spread of Covid-19 throughout the UK.

Taking the feelings of the public into account 

There is no how we can expect success without considering the feelings of the public. It’s paramount that whatever measure we want to embark on, privacy issues must take the center stage.

This is the reason that made the UK Information Commissioner’s Office (ICO) harp on the need of making the people have trust and confidence in the way personal data is used to respond to the Covid-19 crisis. It’s very true that data has to play a vital role in contact-tracing, but data in the hands of cybercriminals can be a serious source of concern to both the individual and the government.

The world needs this app if we intend to fight COVID-19 to a standstill but without public trust the whole project is as good as dead on arrival. In order for the project to succeed, every effort must be made to increase public confidence in IT, this should also be supported by assurances of real safeguards. 

Authorities should enhance open and ethical data governance. People must also be assured that their personal information will not end up in the hands of miscreants.

Tagged , , , , , , ,

About John Ejiofor

John Ejiofor is a curious life-researcher, whose quest to finding answers to life's pertinent questions has led to founding Nature Torch. This blog aims to debate and explore many questions about our earth -- including those a lot of people are uncomfortable with asking. He has been published on some of the internet's most respected websites, which you can find online.
View all posts by John Ejiofor →

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.