Privacy Should Come First When Developing COVID-19 Contact Tracing Technology

One tool that could be used during the COVID-19 pandemic that is getting a lot of global attention in the past weeks is contact tracing applications. These applications send notifications to users if they have been in contact with a person diagnosed with COVID-19 and might have caught the disease.

Google and Apple have reported the effort to develop contact-tracing technology for Android and iOS gadgets and by the middle of May, they will give APIs to public health institutions to permit the development of contact tracing apps on their platforms.

The contact-tracing feature will be made available by means of Bluetooth technology. If somebody using the contact-tracing app happens to be within a specific distance of someone else who has opted in, a special code will be traded between the devices of the users. In case one of the users got diagnosed with COVID-19 later on, a generated notification will be sent to the app of other users, and to other persons that have been within a pre-programmed distance of the infected individual – 6 feet for instance.

There are undoubtedly added benefits to the applications, however, to be able to accomplish their objectives, a big percentage of the society has to get the applications onto their mobile phones, and those persons will then have to go into self-isolation if they’re at risk of catching COVID-19.

One main issue with applications is privacy. In case an app is to be used for tracking big numbers of persons, there is significant potential that the user data will be used for other intentions. To obtain the number of individuals using the applications to make them useful, people should be certain that their information will be safe and they will additionally need to have confidence in the app developer and not use the personal information for reasons besides contact tracing to manage the passing on of COVID-19.

The privacy issues related to the applications have been brought up by over 300 of the world’s top researchers in an open letter. The researchers acknowledge that the applications are essential in combat against COVID-19, however, the privacy risks could not be overlooked. Some ‘solutions’ to the problems may lead to systems that would permit unparalleled surveillance of society. To minimize risk, the researchers recommend four principles that should be followed by apps developers.

  1. The apps must solely be employed for supporting public health activities to manage COVID-19. The applications must only gather the minimum required data to accomplish that purpose. They must not gather, process, or send out any other information.
  2. All apps should be entirely transparent and all methodologies, factors, and sub-factors must be accessible to public analysis. It should be clarified what information is gathered, processed, and kept, and the time frame for retaining the data.
  3. In case there are several options offered to use a part or feature, the most privacy-preserving alternative must be picked, except if another option should be implemented to enable the application to accomplish its purpose more efficiently. In such instances, the decision should be plainly rationalized with sunset provisions.
  4. Using the application should be voluntary and there must be clear and specific permission obtained from end-users. Additionally, when the COVID-19 crisis ends, all information gathered via the apps should be erased.

The researchers also advise against using GPS for identifying the location of people and point out that Bluetooth should be used. GPS lacks precision and GPS data is routed to a central site that could put the privacy of users in danger.