Contact tracing apps have become critical tools for managing the global spread of the COVID-19 pandemic — but are we trading-off data privacy to battle the virus?
How does contact tracing work?
Contact tracing apps share identifiers between mobile devices that come close enough to each other to establish a connection via Bluetooth. These identifiers flag users who have tested positive for COVID-19 and alert others through notifications based on proximity.
For these contact tracing activities, personal information is collected regularly. Making use of this information through a mobile app undeniably has its benefits as it increases the speed and volume of contact tracing activities. In addition, this also offers the ability to gain valuable insights for a public health response.
However, with the amount of sensitive personal and health-related information collected through such an app, governments need to consider privacy and cybersecurity concerns. The risk of misuse or re-identification of contact tracing data can lead to serious privacy violations as well as the loss of public trust.
Infographic Source: CBC News
Mandated privacy requirements for contact tracing
Early on during the pandemic, the Privacy Commissioner of Canada issued guidance in anticipation of a contact tracing app, and outlined the privacy principles any government-developed app should include:
- Consent and trust: The use of the app must be through voluntary, opt-in consent.
- Purpose limitation: Personal information must only be used for its intended public health purpose, and that purpose only.
- Time limitation: Any personal information collected for contact tracing should be destroyed when the pandemic ends.
- Accountability: Governments should ensure public consultation and transparency throughout the development process. Individuals must be fully informed about what personal information is collected and how it will be used.
- Security safeguards: Strong technical safeguards to preserve the privacy of personal information must be built into the app from the start.
The Canadian model proposes the highest standards for privacy and cybersecurity in contact tracing apps. Residents of Ontario are expected to soon get their own contact tracing app, the first to be deployed in the country. It was built upon the Apple and Google model, which used the Privacy Commissioner’s contact tracing principles to guide development. This upcoming contact tracing app is designed to:
- Focus on individual consent, trust, and clarity
- Be easy to use, accessible, and have a focused feature set
- Avoid false positives by optimizing for test result certainty over self-reporting
- Be as unobtrusive as possible in people's lives by requiring minimal interaction
- Request only the permissions necessary for exposure notification to work
- Give users only as much information as they need to make good decisions
- Delete all data 21 days after capture and decommission the app as soon as it is no longer useful
- Deliver openly and transparently so all interested users can explore the code
Ensuring data privacy to gain public trust
To preserve the privacy of any contact tracing app, it’s important to consider technical safeguards from the initial phase that can address possible data attacks. The most important privacy requirements for digital contact tracing include:
- Collect minimal data: Only collect the necessary data for the purpose of alerting other people at risk. For example, there is no need to collect the names and ID numbers of users for sending alerts.
- Delete data regularly: Collected data should be deleted after a certain period to minimize the attack surface for possible threats on the stored data. This is why it’s important to implement a data retention feature within these apps.
- Mask personal data: It’s important to implement masking and de-identification to reduce the attack surface in case a malicious user wants to figure out a way for accessing stored data.
Data accuracy in contact tracing
Apart from privacy concerns, there have been discussions about the accuracy of these contact tracing apps.
Contact tracing apps usually send signals if someone was within a few meters of an infected person in the past thirty minutes — although distance and time can vary for different viruses or based on new medical research.
Due to the high possibility of location data exposure using GPS, these apps mostly use Bluetooth. However, Bluetooth can work through glass, windows, and sometimes even walls. This can lead to apps sending alerts even though the infected person is behind them and can cause false alarms.
Over time, these false positives may create a “boy who cried wolf” response to alerts that can lead to users ignoring them altogether.
Ongoing risks and challenges
Bluetooth-based apps are not risk-free because there is always a risk of identifying people through the interception and monitoring of signals.
Spoofing and duping are other possible attacks that attackers can use to modify signals to show a person in different locations at the same time. Even more, the voluntary opt-in model of the Canadian contact tracing app requires a high usage and participation rate for the app to be most effective.
Though we are yet to see any significant impact from contact tracing apps globally, we will have to ensure data privacy to increase adoption.
If you want to gain insights into mandatory contact tracing and its impact, read our next blog.