5 data protection concerns you should have on contact-tracing apps
The trend of having a contact tracing app to monitor and limit the spread of Covid-19 has never been so high. Countries and now Tech Giants such as Google and Apple want to have one. But what’s behind the sudden will of having one? What’s in there for them? Imagine if everyone has this app installed on his phone, what will be the improper usages we could encounter?
Centralised or Decentralised, everyone wants an app.
Those contact-tracing app are designed to warn everyone exposed to the virus. Once the app is activated and your phone has Bluetooth activated, every time you may be exposed to the virus, the app will alert you. But there is a catch with Bluetooth.
Bluetooth was not built for proximity test. If 2 people located on either side of a wall, the app can conclude that they were in contact.
In a decentralised scheme, when 2 phones encounter, they will exchange a key. If one user will update his status then the key will be shared on his consent to a database. The other phones will regularly check is there is an update for the encountered key. This system can provide more or less privacy and is supported by the tech giants such as Google and Apple.
In a centralised scheme, the data center is doing everything. All the information is sent to a data center which allow to monitor closely the spread of the disease. This system is supported by the NHS for instance. That’s the reason why the NHS rejected the Google/Apple app
On the other hand, and while developper are running after time to deliver something viable, the French Data Protection Authority (CNIL) release an extensive statement about developing such an app. Their main concern is this race against Covid-19 and to release an app at any cost instead of the app being part of a whole system to stop the disease. If you are French, I invite you to read it.
But having such an app can lead to improper usage as I will demonstrate now.
1. Data are not anonymous.
In both systems a database with pseudonymised data exists with either a list of people that could be infected (decentralised) or a list of sick people (centralised). In theory, you can’t identify anyone in this database.
But in this case you can de-anonymized by combining other elements in the database such as the identifiers of other people in contact, or outside the database from a bluetooth antenna for instance or an ip address.
2. Spying will become so easy
The so-called tracing app is sending an alert as soon as one of the encountered person is infected. If you use one dedicated phone per person you met, it’s easy to spy on her. You’ll be able to keep track on this person sickness status.
For instance, a not recommendable banker is meeting you for a loan. In his office, he switches on a dedicated phone with the contact-tracing app installed on it. He activates it seconds before your meeting starts. The app will only be user on this occasion. Once bluetooth is disconnected and if you get infected, the banker will receive a notification on this phone. Therefore, he’ll know it’s you and could had this in his “personal file”.
Sadly this scenario is applicable to other fields such as human resources and the interviewer is using the same set up to track candidates for a director position for instance.
3. Spreading fear with a false alarm
Another interesting scenario that can be applied to interfere with the course of events.
A nuclear submarine is about to go offshore in a couple of days. Its deployment is critical. A spy wants to avoid the submarine departure. He hires a person who has some symptoms and ask her to visit all the pubs and restaurants where the submariners could hang out. The day after, this person is now getting tested… positive, of course… and 5 submariners receive a notification. As a consequence, the submarine stay alongside the quay.
You can apply this to our sport rivals, a key-person in a negotiation, or even yourself. You can fake the fact that you encounter an infected person in order to avoid a scary deadline !
4. Bluetooth is not safe
Either for decentralised or centralized model, Bluetooth can work through walls or at least can’t make the difference if a wall is in between 2 people.
That said, the simple fact of activating Bluetooth on your phone is raising some security and privacy issues. Its simple usage can reveal bugs or security breaches from the phone Bluetooth system. In 2017, the Blueborne attack (watch the video below) revealed that all devices equipped with Bluetooth can be taken over. Moreover no internet connection or human interaction is needed.
So if some phones has been updated since 2017, there is still a potential risk.
In addition, the Bluetooth signal can be used to track users. How easy it is to search for Bluetooth devices with only your phone ! You can identify who has it activated. Therefore, you can easily conclude if someone’s home or not.
Imagine a thug wants to rob a house. He is scanning for Bluetooth signals. If he can see any, the road to robbing this house is wide open. On the contrary, he can see who’s home and who is not in the whole neighborhood !
Some brands are currently using it to push messages to customers when they are coming close to a beacon in malls or shops. Read more here on the New York Times on how it works.
If everybody has it activated, we can easily imagine how it can be used for other type of tracing.
5. Tomorrow, How this Data Will Be Used?
When all this sensitive data will be out there, the question is how it ‘s going to be used? Obviously, this volume of data won’t be left alone.
Despite all the safeties and protocols adopted, those far-fetched scenarios could happen more than once. Even if those apps are not tracing the patients, it’s still possible to use those app signals to do so.
For instance third-party apps. While we need to wait officials apps to be released, we will soon see other apps, that may be less reluctant to protect your privacy. Imagine an app that on top of the official will add geo-tracing. For a non-experimented user, making the difference is impossible and he will download the app. The geo-tracing app will tell him where a patient has been detected and he will avoid this place at all cost.
Once the data collection done, some companies will may be interested in having such a database. I mean, why Google and Apple are working on it? Can we believe that those giant are doing it for the sake of humanity and to avoid the disease to spread? I am letting your errand thoughts to draw a conclusion.
But do you remember Cambridge Analytica? This scandal won’t make illegal data collection stop. If there is a demand, an offer will emerge. Insurance companies or high-level recruitment consultants could be interested of having such a list. We don’t know for sure now but having been affected by the COVID-19 will may show sequelae. And a person affected by this coronavirus will see its premiums increase for example.
Yes an app but we must be watchful.
While COVID-19 seems to be unstoppable, using technology as a weapon to fight the virus is a good idea. However, as the CNIL (French Data Protection Authority) suggests, it has to be integrated in a larger plan and not a stand alone solution.
For now, we are observing our first concerns. Indeed the UK’s Coronavirus app may ask you your location. In addition with a centralised, worst thing could happen in a short and long term. If the system is adopted by a large number of users, the biggest concern remains. What this data will become when the pandemic will be over?
