Not All COVID-19 Tracking Apps Respect Privacy, But Some Pass the Test

New apps can work as surveillance techniques for the government. They can also serve as anonymous health tools for people hoping to return to normal life.


Last week, Virginia launched a COVID-19-tracking app that allows users to discover if they've come into contact with people who have tested positive for the virus and to anonymously report their own status if they become infected. Importantly, Virginia's COVIDWISE is the first app to fully implement specifications put forward by Apple and Google that are intended not only to help slow the spread of sickness, but also to preserve privacy.

That's a lot more than you can say for many of the other tracking technologies that have been rolled out around the world in the name of public health.

"Dozens of countries, including the United States, have been using mobile phone tools and data sources for COVID-19 surveillance activities," the RAND Corporation notes in a recent research brief. But the potential benefits of these programs "are also accompanied by potential for harm. There are significant risks to citizens from the collection of sensitive data, including personal health, location, and contact data."

The brief's authors are very diplomatic in their language, describing the balance of potential benefits and pitfalls in tracking technology as "an opportunity for the federal government to promote a national culture of consumer data privacy" and urging state and local governments to "consult with community stakeholders to ensure that programs are meeting local needs while being sensitive to privacy." There's a polite pretense built into the brief that privacy incursions are accidental, and that officialdom is committed to doing the right thing.

Unfortunately, the truth is closer to the Electronic Frontier Foundation (EFF) warning that "governments around the world are demanding extraordinary new surveillance powers that many hope will contain the virus' spread. But many of these powers would invade our privacy, inhibit our free speech, and disparately burden vulnerable groups of people."

"We cannot allow the COVID-19 pandemic to serve as an excuse for indiscriminate mass surveillance," Human Rights Watch cautions in even blunter language.

The classic example of deliberate invasion of personal privacy is China, where the regime casually implements surveillance-state techniques over which officials elsewhere can only salivate. Intrusive tracking apps there that rate people's perceived health status, and that access personal data including medical records, are being turned into permanent features of the country's high-tech panopticon.

To steer officials and users away from the surveillance-state approach, RAND researchers offer a scorecard for tracking tracing apps, using 20 criteria divided into six categories: Transparency, Purpose, Anonymity, Informed Consent, Temporal Limitations, and Data Management.

High points of the specific criteria include ensuring that users know what data is being collected and encrypting that data so that it's not available for the picking. These apps should have a clear health-related purpose and not become an intelligence-gathering tool for law enforcement. Users should be able to anonymously adopt the app and quit it without being penalized. And the app should have a specific purpose and limited lifespan so that it doesn't become a permanent feature of life.

As examples that not all pandemic programs are created equal, the authors point out that "Australia's COVIDSafe contact tracing program fully met 16 of the 20 scorecard criteria and partially met two other criteria. By contrast, South Korea's contact tracing program fully or partially met only six criteria and did not meet nine; the remaining five criteria were either unclear or not applicable."

The full report on which the brief is based goes into much more detail, including comparisons of multiple programs around the world in Appendix B. You probably won't be terribly surprised by who earns some of the lowest scores.

Meanwhile, the specifications developed by Apple and Google are specifically called out in the brief (and the larger report) as an effort to design a technological approach that protects anonymity and respects privacy. That leaves implementation in the hands of whoever develops the final apps based on that protocol, of course. Getting people to buy-in to the end products requires some level of demonstrated trustworthiness by the likes of the Virginia Department of Health.

For their part, Virginia health officials promise:

"The app is built on Apple and Google's Exposure Notification system that allows smartphones to exchange anonymous keys over Bluetooth. These anonymous keys change daily to protect your identity. Each phone shares its own daily anonymous key and stores the anonymous keys of nearby devices locally (i.e. on the user's phone) for 14 days."

Informing the COVIDWISE program of an infection is presented as a matter of choice:

When a person tests positive for COVID-19, the laboratory that conducts their test will submit those results to VDH. VDH will contact this individual to discuss recommended next steps. During that contact, VDH will provide the user a personal identification number (PIN), which is required to submit a positive test result in COVIDWISE to prevent false reporting.

The individual now can choose to use this PIN to report their test result in COVIDWISE. In such cases, the app will send all of this user's daily anonymous keys from the past 14 days to a server after the infected user has given their consent to share that data.

On its face, this looks like a good faith attempt to implement a privacy-respecting  technological means of allowing people to warn others of their infected status, and to receive alerts about their contacts with anybody who has tested positive. If competently and honestly done, tools like this have the potential to reduce transmission risk and break down arguments against letting people return to some semblance of normal life.

Implementing this technology properly and honestly are necessary hurdles for convincing people to voluntarily adopt their use. "We understand that the success of this approach depends on people feeling confident that their private information is protected," Google and Apple acknowledge.

Tracking apps can be a valuable addition to the arsenal of tools for fighting the pandemic. That is, if public officials can resist their snoopy impulses and avoid screwing this up.

NEXT: Brickbat: Dress for Success

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I don’t think indulging the fantasies of hypochondriacs will work out any better than indulging the fantasies of the gender dysphoric.

    1. Making money online more than $15k just by doing simple work from home. I have received $18376 last month. Its an easy and simple job to do and its earnings are much better than regular office job and even a little child can do this and earns money. Everybody must try this job by just use the info on this page.  ….. Read more  

    2. Start getting paid every month online from home more than $15k just by doing very simple and easy job from home. Last month i have earned $17954 from this online job just by giving this 2 hrs a day using my laptop. I am now a good online earner. Get this job you guys also and start earning money online right now by follow details
      Here══════❥❥❥❥❥   Read more

  2. We’ve been forced to accept license plate scanners, interception of cell phone calls and metadata, facial recognition, an insane number of cameras recording everything, showing ID nearly everywhere to rent or purchase something, availability of our financial information to the authorities (and many others), restrictions on travel, distancing in violation of the bill of rights, and now electronic tracking due to the flu. And this is for people with no prior arrests or convictions.

    We may get in Harris one of the most authoritarian VPs in history who will likely become president with a vast array of powers, along with a willing and compliant Congress. I am not amused.

    1. Take comfort in the fact she will only be VP for a few weeks, months at worst.
      Then she will be President For Life.

      1. I quit working at shoprite and now I make $65-85 per/h. How? I’m working online! My work didn’t exactly make me happy so I decided to take a chance on something new… after 4 years it was so hard to quit my day job but now I couldn’t be happier.

        Here’s what I do………► Cash Mony System

    2. At least we can vote without any of those intrusions, right?

  3. Poor unreason staff consider Kungflu a virus that requires any of this COVID19 hysteria nonsense.

    Luckily, more and more Americans are NOT wearing masks, NOT social distancing, and NOT falling for Lefty Wuhanvirus hysteria bullshit.

    1. Way to miss the point, lc1789.

      Regardless of your opinion about COVID19, these “contact tracing” apps are insanely dangerous and tempting to authoritarians in both parties.

      1. ^^^ This is the only argument that matters.

  4. Of course, not downloading the app, like not using social media, is the only effective defense.

    1. How about not carrying your phone everywhere you go. These apps and the trace laws assume everyone has a smart phone and carry it with them at all times.
      Maybe I am getting old but I remember when cell phones where first being deployed back in the 80s and you used them rarely. And then the smart phones came and now people can’t put them down. When I am at work I usually leave my phone in the car…that is why I have an office phone and email.

      1. A cellphone in the 80’s couldn’t be used as a newspaper as I recall, so pretending a cell phone in the 1980’s is the same as a smart phone today is pretty ludicrous.

        It’s tangential to me that my smartphone can be used to make phone calls. To me, and most people, it’s primarily an internet connected device that just so happens to have the ability to make phone calls.

        And at work, it’s an internet connected device that doesn’t have any internet tracking attached to it. Why would I leave such a glorious device in the car?

  5. >>anonymously report their own status if they become infected

    dude. no.

    1. I see no chance whatsoever that some enterprising teenager with a botnet could do some interesting stuff with such a ‘self reported’ application.

      1. terrifying.

  6. Member when reason was against the mass collection of personal data… Pepridge farms members

    1. They see the writing on the wall and have already begun to lube us up for insertion by our Chinese overlords.

  7. I’m not entirely sure how one would make an application specifically designed to track your movements and human interactions ‘respect privacy’ when, at it’s core, the application is designed to violate your privacy.

    As far as I know, none of these ‘tracing applications’ runs in a black box or anything like that.

    1. Read the specs linked in the article above. It’s not impossible.

      Here’s one way:
      – You load the app to your phone. As you install the app, it creates a unique code.
      – As you walk around, your phone broadcasts that unique code.
      – Unless your phone is turned off, it’s constantly broadcasting its device ID to cell towers anyway so broadcasting that code doesn’t change your privacy risk.
      – Ideally, the broadcast of this signal is intentionally weak enough that only someone within a few feet of you will hear it.
      – As you walk around, your phone also records the codes it hears from others with the same app. Your phone stores their numbers in a list. The app stores no other data. In particular, the app does not store location, device ID or any other identifying data about the code it heard.
      – Ideally, the app automatically prunes the list so that it only keeps the latest two weeks worth of codes it heard.
      – You test positive and choose to voluntarily report.
      – You click a button on the app. This causes the app to upload it’s stored list of numbers to the home server. The app sends only the list of codes it heard. It does not send your code or anything about you.
      – The home server appends the list from your app to the list of all other codes it’s received. The home server knows neither you nor the people near you. Note, by the way, that your self-report is the very first time the home server has heard from you.
      – The home server publishes the deduplicated and alphabetized list to a public website.
      – Periodically, your app queries the list on the public to see if your unique code is on the list. If so, it pings to tell you. You only know that your code is on the list. You get no data about who put you there or when or where you were at the time. All you know is that your code is on the list.
      – Any third party looking at the list sees only a list of codes. Without physical access to your phone, there is no way to connect the code to you.

  8. job opportunity for everyone! Work from comfort of your home, on your computer And you cAn work with your own working hours. You cAn work this job As A pArt time or As A full time job. You cAn eArn from 65$ An hour to 1000$ A dAy! There is no limitAtions, it All depends from you And how much you wAnt to eArn eAch dAy…..Click here.

  9. Tracking apps can be a valuable addition to the arsenal of tools for fighting the pandemic. That is, if public officials can resist their snoopy impulses and avoid screwing this up.

    I don’t think there would be the slightest difference between public officials or corporate officials. If the info being tracked has a value, then it will be monetized and it will be gathered/compiled/resold in a way that is basically fraudulent.

    What I find stunning is how effing useless blockchain has become. This is an ideal use case to disintermediate something that is potentially untrustworthy while still tracking and verifying info that has significant value.

    it also surprises me if Virginia is really the first tracking app here. EFF was writing about the challenges of proximity and other tracing apps in early April.

  10. Start making cash online work easily from home.i have received a paycheck of $24K in this month by working online from home.i am a student and i just doing this job in my spare► Click For Full Detail.

Please to post comments

Comments are closed.