COVID-19 Contact Tracing Privacy Concerns

Updated: May 7

COVID-19 has shown little to no signs of slowing down as death tolls have been rising and a second wave of the virus has been predicted to occur in the future. In addition to the damage inflicted on global health, lockdown measures and stay-at-home orders enacted by governing bodies in an effort to flatten the curve have continued to wreak destruction on the economy. A more effective way of slowing and monitoring the spread of the virus is desperately needed.


To address both the health and economic impact of COVID-19, institutions and companies have scrambled to develop automatic contact tracing solutions that allow individuals to monitor their exposure to the virus in real-time. These solutions can slow the spread of the virus by taking a proactive rather than reactive approach to self-isolation and testing through identifying interactions with infected individuals. As the spread becomes more contained through the use of these solutions, governing bodies will be more informed and can strategically open up the economy. Despite these benefits, there are concerns that some solutions sacrifice data privacy in order to accomplish their mission. Covidsafe, Aarogya Setu and TraceTogether are examples of such applications.


Covidsafe is a contact tracing app created by the Australian government that stores a log of people you have come into contact with within the user's phone through bluetooth and then uploads the log to a government server if the user tests positive for the virus. Although it has a number of safety measures such as the exchange of anonymised IDs, Covidsafe does reveal personable identifiable information such as name, age range, etc. for each individual in the list of contacts to health officials (https://www.theguardian.com/australia-news/2020/apr/26/australias-coronavirus-tracing-app-set-to-launch-today-despite-lingering-privacy-concerns). This can be concerning as it allows these officials to know exactly who a coronavirus positive user has interacted during a 21 day window.


Aarogya Setu, a contact tracing app developed by India's National Informatics Centre, operates in a similar manner to Covidsafe. While the app is useful in determining whether or not a user has been exposed to an infected individual, it has the ability to upload the user's location data (https://techcrunch.com/2020/05/05/aarogya-setu-app-security-privacy-concerns-india-response/). If the application were to consistently upload this location data, the government could have unprecedented awareness of the user's movements. Aside from the risk that Aarogya Setu imposes on public data privacy, it's adoption and functionality will be limited as Apple and Google issued a ban on the use of location tracking in conjunction with their new contract tracing system (https://www.firstpost.com/tech/news-analysis/apple-google-ban-use-of-location-tracking-in-contact-tracing-apps-8331491.html).


Singapore's contact tracing app, TraceTogether, operates in a similar manner to other contact tracing applications with one exception. The log of contacts uploaded when a user is infected contains a list of IDs. Unlike other applications that anonymize the IDs so that they can not be explicitly linked to individuals, TraceTogether's IDs are linked to a phone number stored in government servers (https://tracetogether.zendesk.com/hc/en-sg/articles/360043735693-What-data-is-collected-Are-you-able-to-see-my-personal-data-). Thus, those with access to the server can easily connect real-life identities to each contact found in an infected individual's log.


Although solutions such as Covidsafe, Aarogyu Setu and TraceTogether are a step in the right direction when it comes to slowing the spread of COVID-19, the way in which they accomplish this task is cause for concern. Contact tracing should be implemented with individual data privacy in mind, not at the expense of it.

79 views

Recent Posts

See All

Counterparty Data Semantics

Blockchains provide a computer network with the ability to establish consensus between computer executions and data state transitions in a trust-less way. This works very well for when actions of comp

The Personal Data Service

The Personal Data Service (PDS) is an abstract concept for an isolated piece of digital real estate fully owned by an individual. It aims to grant a user with dynamic functionality of their data, allo

USA

Cambridge Blockchain Inc
1 Broadway - 14th Floor
Cambridge, MA  02142

© 2020 Cambridge Blockchain.  All rights reserved.

  • mail
  • @c_blockchain
  • CB LinkedIn