The Conundrum of Privacy Tracing Apps

States in the US and countries around the world are racing to contain the Covid-19 virus. Everyone knows that is a war. We have won or maybe are winning some of the battles in that war, but the war is far from over.

One “weapon” in that war is contact tracing. If we find an infected person, we would like to know who that person came in contact with since they became infected. That way we can test those people and see if they are infected. And so on and so forth.

Some countries, like China, don’t care about people’s privacy.

China is installing video surveillance cameras outside the door of people’s apartment that are under quarantine. You leave your apartment and the authorities will arrest you or, perhaps, you just disappear.

Google and Apple have a strategy and implemented, jointly, software that would trace the contacts of other phones that also had the software on it, but will keep the data local. If you become infected, you can give the government that data. The problem with this is that the government doesn’t get to own a massive database of your location and contact data, which is a problem for them. They like lots of data.

Utah rejected the Google/Apple strategy in favor of some software written by a startup. The company they chose was a social media startup. The company has 50 employees and wrote the app in three weeks with no oversight and no review. What could possibly go wrong? Do you remember the Iowa Caucus software?

The interesting story about the Utah experiment is that only 2% of Utah residents have opted to install the software. Experts say that you need about 60% for the data to have much use.

Other countries, like Singapore, South Korea and Israel are using existing data from credit card transactions, GPS data and surveillance cameras.

The UK’s National Health Service also rejected the Google/Apple solution, but leaked NHS documents show that they have privacy concerns. Part of their concern is that the data is self reported (other than the location itself) and may not even be correct.

Reuters has an article talking about the issues and the competing solutions.

When I started writing this I thought it would be controversial, but now that it is done, I am thinking it is less so.

Everyone has to decide for him or herself whether they trust the government to track them and collect terabytes of data that they will likely keep forever.

While some of these technologies claim that the data is anonymized, think about this. If the data is anonymous, how do they use it to find the infected people? And data scientists have shown, through many examples, that it is virtually impossible to truly anonymize data. If I have datapoints for your house, your work, your church and your gym, for example, I will de-anonymize that data.

I don’t have the answer. In fact, I don’t think there is a right answer. Everyone has to decide what is right for them.

What I think I can say is that it is highly unlikely that apps, written in a couple of weeks under intense pressure and enormous quantities of data collected by governments with very little advance planning will be secure. Even when companies and governments have lots of time and resources, apps and data are not very secure. To confirm this, all you need to do is check the news on a daily basis.

No easy answers. Sorry.

Leave a Reply

Your email address will not be published. Required fields are marked *