Not All COVID-19 Tracking Apps Respect Privacy, But Some Pass the Test

New apps can work as surveillance techniques for the government. They can also serve as anonymous health tools for people hoping to return to normal life.


Last week, Virginia launched a COVID-19-tracking app that allows users to discover if they've come into contact with people who have tested positive for the virus and to anonymously report their own status if they become infected. Importantly, Virginia's COVIDWISE is the first app to fully implement specifications put forward by Apple and Google that are intended not only to help slow the spread of sickness, but also to preserve privacy.

That's a lot more than you can say for many of the other tracking technologies that have been rolled out around the world in the name of public health.

"Dozens of countries, including the United States, have been using mobile phone tools and data sources for COVID-19 surveillance activities," the RAND Corporation notes in a recent research brief. But the potential benefits of these programs "are also accompanied by potential for harm. There are significant risks to citizens from the collection of sensitive data, including personal health, location, and contact data."

The brief's authors are very diplomatic in their language, describing the balance of potential benefits and pitfalls in tracking technology as "an opportunity for the federal government to promote a national culture of consumer data privacy" and urging state and local governments to "consult with community stakeholders to ensure that programs are meeting local needs while being sensitive to privacy." There's a polite pretense built into the brief that privacy incursions are accidental, and that officialdom is committed to doing the right thing.

Unfortunately, the truth is closer to the Electronic Frontier Foundation (EFF) warning that "governments around the world are demanding extraordinary new surveillance powers that many hope will contain the virus' spread. But many of these powers would invade our privacy, inhibit our free speech, and disparately burden vulnerable groups of people."

"We cannot allow the COVID-19 pandemic to serve as an excuse for indiscriminate mass surveillance," Human Rights Watch cautions in even blunter language.

The classic example of deliberate invasion of personal privacy is China, where the regime casually implements surveillance-state techniques over which officials elsewhere can only salivate. Intrusive tracking apps there that rate people's perceived health status, and that access personal data including medical records, are being turned into permanent features of the country's high-tech panopticon.

To steer officials and users away from the surveillance-state approach, RAND researchers offer a scorecard for tracking tracing apps, using 20 criteria divided into six categories: Transparency, Purpose, Anonymity, Informed Consent, Temporal Limitations, and Data Management.

High points of the specific criteria include ensuring that users know what data is being collected and encrypting that data so that it's not available for the picking. These apps should have a clear health-related purpose and not become an intelligence-gathering tool for law enforcement. Users should be able to anonymously adopt the app and quit it without being penalized. And the app should have a specific purpose and limited lifespan so that it doesn't become a permanent feature of life.

As examples that not all pandemic programs are created equal, the authors point out that "Australia's COVIDSafe contact tracing program fully met 16 of the 20 scorecard criteria and partially met two other criteria. By contrast, South Korea's contact tracing program fully or partially met only six criteria and did not meet nine; the remaining five criteria were either unclear or not applicable."

The full report on which the brief is based goes into much more detail, including comparisons of multiple programs around the world in Appendix B. You probably won't be terribly surprised by who earns some of the lowest scores.

Meanwhile, the specifications developed by Apple and Google are specifically called out in the brief (and the larger report) as an effort to design a technological approach that protects anonymity and respects privacy. That leaves implementation in the hands of whoever develops the final apps based on that protocol, of course. Getting people to buy-in to the end products requires some level of demonstrated trustworthiness by the likes of the Virginia Department of Health.

For their part, Virginia health officials promise:

"The app is built on Apple and Google's Exposure Notification system that allows smartphones to exchange anonymous keys over Bluetooth. These anonymous keys change daily to protect your identity. Each phone shares its own daily anonymous key and stores the anonymous keys of nearby devices locally (i.e. on the user's phone) for 14 days."

Informing the COVIDWISE program of an infection is presented as a matter of choice:

When a person tests positive for COVID-19, the laboratory that conducts their test will submit those results to VDH. VDH will contact this individual to discuss recommended next steps. During that contact, VDH will provide the user a personal identification number (PIN), which is required to submit a positive test result in COVIDWISE to prevent false reporting.

The individual now can choose to use this PIN to report their test result in COVIDWISE. In such cases, the app will send all of this user's daily anonymous keys from the past 14 days to a server after the infected user has given their consent to share that data.

On its face, this looks like a good faith attempt to implement a privacy-respecting  technological means of allowing people to warn others of their infected status, and to receive alerts about their contacts with anybody who has tested positive. If competently and honestly done, tools like this have the potential to reduce transmission risk and break down arguments against letting people return to some semblance of normal life.

Implementing this technology properly and honestly are necessary hurdles for convincing people to voluntarily adopt their use. "We understand that the success of this approach depends on people feeling confident that their private information is protected," Google and Apple acknowledge.

Tracking apps can be a valuable addition to the arsenal of tools for fighting the pandemic. That is, if public officials can resist their snoopy impulses and avoid screwing this up.