One of the steps taken by some countries in seeking to slow the spread of the coronavirus is the use of so-called contact tracing apps.
The idea behind these is that, once someone is diagnosed with COVID-19, the app can see everyone who came within Bluetooth range of them during the period they were symptomless but infectious. Those people can then be contacted and tested …
This has been done in China in rather an invasive way. There, people’s phone numbers and citizen ID numbers are used, so the government knows who everyone is. People even get a color-coded QR code they have to show on demand.
A similar app used in South Korea contains even more personal data, as the LA Times revealed.
The level of detail provided by @Seoul_gov for each and every COVID-19 case in the city is astonishing:
- Last name
- Sex
- Birth year
- District of residence
- Profession
- Travel history
- Contact with known cases
- Hospital where they’re being treated
Singapore has also created its own app which it has offered to other countries. With that one, you are asked to consent to your app data being accessed if you are diagnosed positive, and the government then gets the mobile phone numbers of your contacts and sends a text to them.
Contact tracing with full privacy protection
However, it is possible to do it in a way designed to protect people’s privacy. Here’s how:
- Everyone has a unique and anonymous ID which is not linked to their identity
- When you come within Bluetooth range of someone’s phone, your device and theirs exchange IDs and log the fact that you’ve been in contact
- When someone is diagnosed, their app sends an alert to all the logged IDs
- You won’t know the identity of the diagnosed person
- The authorities can then verify you are a confirmed contact, and test you
- The authorities likewise don’t get to see who any of your contacts were
This system doesn’t reveal who has been in contact with who, and also prevents people from being targeted or shunned because they passed on the infection since no-one will know who that is.
But even in a crisis of this magnitude, people may feel wary of trusting governments with this data. TechCrunch’s Jon Evans suggests that it would already be easy for Apple and Google to implement contact-tracing by baking it into iOS and Android updates.
Android and iOS could, and should, add and roll out privacy-preserving, interoperable, TraceTogether-like functionality at the OS level […]
Granted, this means relying on corporate surveillance, which makes all of us feel uneasy. But at least it doesn’t mean creating a whole new surveillance infrastructure. Furthermore, Apple and Google, especially compared to cellular providers, have a strong institutional history and focus on protecting privacy and limiting the remit of their surveillance.
Don’t believe me? Apple’s commitment to privacy has long been a competitive advantage. Google offers a thorough set of tools to let you control your data and privacy settings.
Who would you trust with contact-tracing? Your government? Or an Apple and Google partnership, with Apple certifying that the privacy protections met its standards? You can check one, both or neither.
Please take our poll, and share your thoughts in the comments.
Image: CNA
FTC: We use income earning auto affiliate links. More.
Comments