The COVID-19 pandemic has taken a huge toll worldwide for both
individuals and economies. As a precaution, many countries have
implemented strict lockdown measures such as closing
schools, restaurants and borders, while mask-wearing in public and
social distancing have become a must.
The enforcement of these policies, along with the extensive testing
of populations has helped to minimize infection rates. However, the
pandemic’s effect on each nation’s economy has been brutal.
When an individual is found to be infected with the coronavirus, the
race is on to find those who have come into contact with them, as these
people could be carriers or even be infected. This has led to hundreds
of coronavirus contact-tracing mobile applications
being developed worldwide and backed by various governments and national
health authorities, as well as guidelines
by the EU and special protocols developed by the two major smartphone OS vendors Apple
& Google. In some places, the usage of such applications have been made mandatory for people who want to gain access into public spaces.
While the technology and algorithms differ between applications, the promise of most coronavirus contact tracing apps is the same:
1. The ability to detect close contact between individuals (i.e. within several meters) over a period of time. The parameters differ from one application to another, but as a guideline, the time interval is about 15 minutes. Proximity, in the majority of applications, is measured using either Bluetooth or GPS technology. In the case of Bluetooth, each device broadcasts packets with some unique ID periodically, allowing other devices to monitor them. In the case of GPS, the exact location of the user is logged for at all times.
2. When a person tests positive for coronavirus, they can use the application to advertise either their locations or the Bluetooth identifiers from registered contacts .
3. Applications notify users that have appeared to be in close proximity with an infected person.
The information around contacts made by the users of the applications
is eventually shared with the local health authority, and/or with other
users.
Of course, if such a system is to be effective in breaking infection chains, the application must have high adoption rates.
These observations, naturally, raise many questions around the
privacy of individuals’ data that the app may access, and the potential
abuse of such systems. Here’s our overview of the existing approaches
for contact tracing technologies, and how they deal
with these privacy and security concerns.
Privacy and Security Concerns
Some are concerned that contact-tracing apps are surveillance tools
that invade individual privacy and disclose sensitive information.
Therefore, any such app and tracing system must maintain a delicate
balance between privacy and security, since poor implementation
of security standards may put users’ data at risk.
This comes down to questions on what data is collected, how it is
stored and how it is distributed. For example, is the data encrypted? Is
there a proper authorization/verification process to protect against
abuse? Is user anonymity preserved given that
personal identifiers such as phone number, name and IDs are being
collected?
Another aspect is user consent – does the user submit their data voluntarily, or is the data being collected and uploaded without the user’s knowledge? Let’s look a little closer at how different applications work to try and answer these questions.
Read more on the next page about how the technologies works.