Can technology take the lead in reducing our risks and exposure to the coronavirus? Could tracing who we have been in contact with alert us to potential exposure? How accurate are the results, and what do we do with the information? Who is collecting and sharing information about you? Is your privacy at risk?
How does contract tracing work? An app is installed on the user’s mobile device. The device will then detect other nearby devices through Bluetooth. Each device will create a temporary pseudonym, no names are exchanged; instead, each of the pseudonyms will be kept in a database. Users can then compare the pseudonyms of their recent contacts to see if there is a match in the database of an infected person.
If a centralized database is used, then whatever data is collected is shared among multiple applications. A centralized database can by subject to attack and breaches, so a decentralized database may be a better option for security and privacy. But how do we know which method is used by the app? Should the database be breached, even if the data is anonymized, it is still possible to track it back to an individual.
Some organizations are taking the privacy-by-design perspective. Data collected can only be shared when necessary. Who decides when it is necessary?
How invasive would a contact tracing app be? In order to be effective, the app would need to gather specific information. It would need to track your location, medical history and contacts. As with any other form of digital record keeping, this database could be subject to attack and used against you.
Once this technology is released there will be no taking it back. Although developed initially solely for the purpose of contact tracing, there are no limits to the way it could be used. Could this become a new surveillance tool? Use by other governments and hackers could unleash unthinkable dangers.
Privacy and security concerns aside, will contact tracing really help to reduce the risks of COVID-19 spreading? Technology is not foolproof. COVID-19 apps could result in a number of false positives and negatives. How dependable is this information? And what do you do with it? Security technologist, Bruce Schneier, has an interesting take on this idea. Read his blog.
Clearly, there are more questions than answers.