World
2020.04.03 11:45 GMT+8

Coronavirus tracking apps are on the rise. But what about privacy?

Updated 2020.04.03 11:45 GMT+8
By Yu Jing

As countries around the world are racing to respond to the coronavirus pandemic, many are considering tapping into the power of data to stem its spread.

In South Korea, when a patient is tested positive, local authorities will send out an alert to residents in the local community informing them of the individual's detailed travel history. Their steps are retraced through such tools such as GPS phone tracking, credit card records, surveillance camera footage.

In China, a color-based system which determines the users' quarantine status based on their travel history and contact history, has been widely adopted. 

The U.S. government is also reportedly in talks with tech companies including Google and Facebook on sharing aggregated user data to analyze the spread of the coronavirus.

The goal behind these coronavirus trackers is to realize data-based contact tracing, and to document the population's health status digitally. According to the World Health Organization, people in close contact with coronavirus patients are at a higher risk of becoming infected and potentially further infecting others. Keeping track of the close contacts will help them get care and treatment, and prevent further transmission of the virus.

A passenger holds up a green pass on their smartphone on a subway train in Wuhan, central China's Hubei Province, April 1, 2020. /AP Image

But the growing appeal of digital contact tracing has caused alarm among privacy advocates. Electronic Frontier Foundation, a leading nonprofit organization defending civil liberties in the digital world, wrote in a piece highlighting the privacy concerns of coronavirus tracking apps, that "New surveillance powers must always be necessary and proportionate."

It added that governments have not yet met the standard of showing those tracking apps are scientifically rigorous, nor even shown that extraordinary location surveillance powers would make a significant contribution to containing COVID-19.

But it is clear that data-based contact tracing is less time-consuming than the one done manually. For traditional contact tracing, hundreds of interviews need to be done to identify the primary contacts of the patient, and if any one of them fell ill, that could trigger a second layer of contact tracing.

According to a South Korean news report, automation has reduced contact-tracing time from 24 hours to ten minutes, which makes early isolation possible at a time when every second counts for survival.

Contact tracing app TraceTogether, released by the Singapore government to curb the spread of the coronavirus, March 25, 2020. /Reuters

As the coronavirus spreads, most countries have now come up with their own versions of coronavirus tracking apps, with data generated from Bluetooth beacons, GPS or cell towers.

But in countries with stringent privacy laws, how the apps can stay in line with privacy protections is what developers are most concerned about. In the European Union where the most stringent data protection laws can be found, location data can only be used by the operator when made anonymous or with the consent of individuals, Wu Shenkuo, assistant dean of the Internet Institute of Beijing Normal University, told CGTN.

When it is not possible to only process anonymous data, the EU allows its member states to introduce legislative measures to safeguard public security, he added, but the measures must be necessary, appropriate and proportionate.

Across the world, aggregating data in a way so that individuals cannot be re-identified is common practice for app developers that seek to protect users' privacy. But privacy experts argue that even anonymous data is not anonymous at all.

City police officers with the help of a drone monitor citizens' movements in Grosseto, central Italy, March 20, 2020. /AP Image

Yves-Alexandre de Montjoye, head of the computational privacy group at Imperial College London, found in his research that almost all people could be personally identified from just four pieces of anonymous mobile phone data.

"Given the amount of information that can be inferred from the mobility data, as well as the potentially large number of simply anonymized mobility datasets available, there is a growing concern," wrote Yves-Alexandre de Montjoye in a paper that detailed the findings published in Scientific Reports.

In the U.S., tech companies can choose to share data with public health authorities on a voluntary basis, but the government is now considering new legislative measures to grant officials broader authority to request such data, said Wu from Beijing Normal University.

If apps share data in a way that wasn't originally specified in terms of service, they may face lawsuits from users, unless federal or local officials pass new legislation that free them of such liabilities.

A woman checks her phone as she walks at the Naviglio Grande canal in Milan, Italy, March 10, 2020. /AP Image

Where the data is stored, which tech companies are often not forthcoming about, also matters when it comes to privacy protection.

Data can be stored locally on the phone or can be sent to central servers. "Local storage is generally considered better for privacy protection, because transferring data to central servers risks data leakage. And servers in the data center may be compromised," said Wu. 

Because of concerns raised by privacy advocates, countries have been trying to find less invasive means. Private Kit, an app developed by researchers at MIT and Harvard, is designed to share location data with encryption; data transmission does not go through a central authority.

Smartphone tracking to fight against coronavirus can be realized in a privacy-preserving way, wrote a team of researchers behind Private Kit in a white paper. "Citizen-centric, privacy-first solutions that are open-source, secure and decentralized represent the next generation of tools for disease containment in a pandemic," they noted.

Copyright © 

RELATED STORIES