The Privacy Challenges Of Digital Contact Tracing
Contact tracing has obvious privacy implications. China has created its own contact tracing app, which allows the government to track the names of everyone who has tested positive for the virus, as well as anyone those people may have had contact with. This level of state surveillance is not something people living in other countries would easily accept. Other countries are also developing their own apps including Germany, Australia, and Iceland. These apps mostly rely on local laws governing medical data to maintain user privacy. However, the data itself is quite sensitive and would be a choice prize for future attackers.
The solution jointly proposed by Apple and Google will make use of smartphones for contact tracing while collecting minimal data from users, thus hoping to strike a balance between users’ legitimate privacy concerns and the need to tackle the COVID-19 pandemic.
The protocol, ironically, works like a handshake: when two people meet, their phones exchange anonymous IDs over Bluetooth that change every few minutes. These identifiers are stored locally as “interactions” on the person’s phone. Unfortunately, the protocol is not completely private. For example, many stores use Bluetooth Beacons which track shoppers’ locations. These stores may also share the data that the Bluetooth Beacons collect with advertising companies, who can aggregate data from multiple stores.
To learn more about contact tracing and privacy, you can read the full analysis here on NortonLifeLock Research Group’s blog.