Trojan horses and the elephant in the room: what’s the deal with contact tracing apps?
In addition to privacy issues, tracing apps stir up the controversy of relying on the far-too-subjective definition of “greater good”.
One of the first hot topics, perhaps the hottest topic, that emerged within the first weeks of the global CoVid-19 pandemic was the need of a contact tracing App as a tool to trace, contain and possibly prevent transmission.
Governments worldwide immediately began the quest to try and figure out the best possible way to manage this solution. Essential strategic decisions such as whether to opt for a centralised or a decentralised model, and whether to involve or not data and tech giants, had to be made.
The main controversy this entailed was, of course, privacy and data sharing. Eventually, most European countries, including Germany, Estonia, Ireland and Switzerland and UK, are opting for a decentralised approach to data collection for Covid-19 app tracing.
After making the sensational announcement back in April, of an up and coming collaboration for the greater good, on May 20th, Apple and Google officially launched the exposure notification API which ideally will enable public health authorities to release contact tracing apps.
This does not mean that Apple and Google are creating an exposure-notification/contact-tracing app but that they are providing the technology and architecture to make this possible.
Meanwhile, France government decided not to rely on the Apple and Google’s contact-tracing API and arranged its own task force, made up by a group research institutes and private companies to work on a separate solution. The result is a contact-tracing app called StopCovid based on a centralised contact-tracing protocol called ROBERT.
A different story is the case of India’s contact-tracing app Aarogya Setu for Google’s Android smartphones.
On Tuesday, the source code of the app was released for public auditing to boost its security and in order to identify bugs and vulnerabilities. The bulk of India’s roughly 500 million smartphone users have Android devices and the source code for the app’s iOS version will be released in the next two weeks, according to India’s tech Ministry.
Unlike the Apple-Google technology, Aarogya Setu, stores data in a centralised server; an approach which according to privacy experts, could result in leakage of sensitive details if that server was ever compromised.
The seemingly successful case of the Aarogya Setu app takes a somehow unexpected overturn after Promon announced this morning that they found evidence of major vulnerability flaws in almost every version of Android. The bug, nearly undetectable, lets malware StrandHogg 2.0 imitate legitimate apps to steal app passwords and other sensitive data.
The natural follow-up question is what will happen after the emergency has passed?
On Thursday May 14, in the occasion of a plenary sitting to address concerns over the risk that contact-tracing apps could pose to privacy, EU justice commissioner Didier Reynders declared that Covid-19 contact-tracing apps must only be used during the pandemic and will need to be automatically de-activated once the crisis is over.
In China instead, the country where the Covid-19 pandemic erupted first, now that government official statistics suggest that the worst of the epidemic has passed, monitoring apps are shifting into becoming a permanent fixture of everyday life.
According to an official announcement by Zhou Jiangyong, the Communist Party secretary of the eastern tech hub of Hangzhou, the city’s app should now become an “intimate health guardian” for residents.
Authorities have set few limits on how all collected information, including location data, on people in hundreds of cities across China can be used. Officials in some areas, are already loading the apps with new features, hoping the software will live on as more than just an emergency measure.
The most disturbing news in this sense is that in Hangzhou, where the system was pioneered, officials are exploring expanding the health code to rank citizens with a “personal health index” thus, morphing the app into a more general tool.
It is not clear how the ranking would be used but a graphic in the post on an official social media account, shows users receiving a 0-to-100 score based on how much they sleep, how many steps they take, how much they smoke and drink and other unspecified metrics.
In addition to being a brazen violation of privacy, such readily accessible information could enable discrimination; for example: insurers could raise rates for people with red or yellow codes or employers could deny jobs or promotions.
In conclusion, there are several controversial aspects involved in the discussion around tracking apps : scientific, legal, moral and emotional.
The choices governments had to make in advance to set their own strategy will determine the potential evolution of the “after” and as it often happens, some scenarios are proving less reassuring than others, even without having to choose between red pill or blue pill.
If you want to learn more about the current tracing app developments in China, read this article by The New York Times.