Coronavirus Tracing Apps Conflict With Privacy

Smartphone apps designed to trace people at risk of Covid-19 infection have attracting criticism in Europe and the US for their potential as surveillance and spying tools to be used by governments.  

Scientists and researchers from more than 25 countries have published an open letter urging governments not to abuse such technology to spy on their people and warning of risks in an approach championed by Germany.

More than a hundreds of the British researchers and scientists have expressed concern over privacy and security resulting from 'mission creep' as the UK's government plans for using smartphones to trace and combat coronavirus slowly get going.

Much of our pre-coronavirus lives may be reclaimable with some modifications around how we work, socialise and travel, however in one crucial way the post-pandemic landscape will be very different as an individual’s autonomy and data privacy may be lost as mobile telephones are used for surveillance.

This will have important consequences for the relationship not just between citizens and governments, but also between consumers and businesses.

The risk of the coming end of privacy is attributable to the success of virus tracing apps in South Korea and Taiwan which have both been effective in flattening the Covid-19 curve by digitally tracking infected persons. No government was using dispersed databases as extensively to fight the spread of the disease as South Korea. Before an explosive outbreak in its worker dormitories, Singapore earned praise for TraceTogether, which claims to be the first Bluetooth contact-tracing app covering an entire nation. The 1.4 million users represent roughly a fourth of the island’s population.

Governments want access to phones, with or without informed consent and turning the clock back will be difficult, if not impossible. Where boundaries between private and public are thin to begin with, a pandemic can make them disappear. 

There have been assurances from various governments, including those in France, India and Singapore, that tracing  Apps will go away once the outbreak is contained, but no legal guarantees.  

  • The Singaporean app records physical proximity in an anonymised form on smartphones. Minimal data is stored on servers. The national TraceTogether’s App building blocks are in the public domain although he source code of  is yet to be disclosed.
  • As India reopens after a 43-day lockdown, it’s mandatory, first for public-sector employees and now for private-sector workers and company bosses are liable to ensure their workers download the app, though nobody is accountable for misuse of data.  The Indian government recently denied a French security researcher’s claim that the privacy of ninety million Indians is at stake. 

An analysis of China’s Alipay Health Code software, which uses various data sources of data to categorise a person’s health status with a colour code, found that some information is shared with the police.

One consequence of Covid-19 will be to erode privacy in the name of public health. European data protection laws will try to ensure that the emergency collection and processing of personal information is legally accountable and for a limited purpose but the British parliament’s human rights committee says it isn’t convinced that the National Health Service’s tracing App protects privacy.

Where they exist, robust institutions could will offer resistance to surveillance but  in many places the individual’s autonomy has already become a virus casualty. Poorer countries where consumers have only recently started going online will see states insist on devices that come with pre-loaded tracking apps. 

Whether sensitive data will be kept safely on devices or stored on a central server in a way that might allow a bad actor to reconstruct a person’s social activity, keeping a record of where they have been and when and who they meet. will become an urgent question as efforts to control the Coronavirus extend around the world.  

Bloomberg:      ZDNet:     SCMP:       LA Times:   

You Might Also Read: 

Incompatible: Privacy & The Internet of Things:

Coronavirus Track & Trace Apps On A Deadline:

 

« Hacked Vehicle Owner Database For Sale
Vehicle Cyber Crime Attacks Double »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

Tendo Solutions

Tendo Solutions

Tendo Solutions provides intelligence, security, forensics and risk solutions to clients across different sectors and jurisdictions.

e2e-assure

e2e-assure

e2e Protective Monitoring and Security Operations Centre (SOC) Service is a complete cyber defence service to protect your critical assets from cyber attacks and GDPR breaches.

Infosec (T) Ltd

Infosec (T) Ltd

Infosec (T) Limited is an independent Tanzania based consultancy specializing in IT governance, information security and IT audit.

GlobalPlatform

GlobalPlatform

GlobalPlatform’s specifications are highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

FraudWatch International

FraudWatch International

FraudWatch has been protecting client brands around the world since 2003, and are the leaders in online brand protection from phishing, malware, social media and mobile apps impersonation.

Qrator Labs

Qrator Labs

Qrator Labs is a leader in DDoS attack mitigation, helping organizations protect their websites from the most harmful, sophisticated DDoS attacks.

L3Harris Technologies

L3Harris Technologies

L3Harris Technologies is a global aerospace and defense technology innovator, delivering solutions to meet mission-critical needs across air, land, sea, space and cyber domains.

StateRAMP

StateRAMP

StateRAMP reduces risk from unsecure cloud solutions and protects data by providing State and local governments a standardized approach for verifying and monitoring security postures.

Bright Data

Bright Data

Bright Data Inc is the world’s #1 web data platform, enabling organizations to research, monitor, analyze data, and make better decisions.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.

CYBRI

CYBRI

CYBRI is a cybersecurity company helping businesses detect and remediate mission-critical vulnerabilities before they get exploited by hackers.

CyberMaxx

CyberMaxx

At CyberMaxx, our approach to cybersecurity provides end-to-end coverage for our customers – we use offense to fuel defense.

SPIE Switzerland

SPIE Switzerland

SPIE Switzerland AG, a subsidiary of the SPIE Group, is a Swiss full-service provider of ICT, multi-technical and integral facility services.

Paramount Defenses

Paramount Defenses

Paramount Defenses have unrivaled capability in two of the most critical areas in cyber security today – Active Directory Security and Privileged Access.