There have recently been several proposals for pseudonymous COVID-19 contact tracing, including from Apple and Google. The UK’s National Health Service (NHS) is working on just such a system and Ross Anderson, Professor of Security Engineering at the University of Cambridge’s Department of Computer Science and Technology, is one of a group of people being consulted on the system’s privacy and security.
How the proposed system from Apple and Google is designed to work:
Contact tracing in the real world is not quite as many of the academic and industry proposals assume.
First, it isn’t anonymous. Covid-19 is a notifiable disease so a doctor who diagnoses you must inform the public health authorities, and if they have the bandwidth they call you and ask who you’ve been in contact with. They then call your contacts in turn. It’s not about consent or anonymity, so much as being persuasive and having a good bedside manner.
I’m relaxed about doing all this under emergency public-health powers, since this will make it harder for intrusive systems to persist after the pandemic than if they have some privacy theater that can be used to argue that the whizzy new medi-panopticon is legal enough to be kept running…
Anyone who’s worked on abuse will instantly realise that a voluntary app operated by anonymous actors is wide open to trolling. The performance art people will tie a phone to a dog and let it run around the park; the Russians will use the app to run service-denial attacks and spread panic; and little Johnny will self-report symptoms to get the whole school sent home…
On Friday, when I was coming back from walking the dogs, I stopped to chat for ten minutes to a neighbour. She stood halfway between her gate and her front door, so we were about 3 metres apart, and the wind was blowing from the side. The risk that either of us would infect the other was negligible. If we’d been carrying bluetooth apps, we’d have been flagged as mutual contacts. It would be quite intolerable for the government to prohibit such social interactions, or to deploy technology that would punish them via false alarms. And how will things work with an orderly supermarket queue, where law-abiding people stand patiently six feet apart?
Bluetooth also goes through plasterboard… The bluetooth app will flag up not just the others in the room but people in the next room too…
I recognise the overwhelming force of the public-health arguments for a centralised system, but I also have 25 years’ experience of the NHS being incompetent at developing systems and repeatedly breaking their privacy promises when they do manage to collect some data of value to somebody else. The Google Deepmind scandal was just the latest of many and by no means the worst. This is why I’m really uneasy about collecting lots of lightly-anonymised data in a system that becomes integrated into a whole-of-government response to the pandemic. We might never get rid of it.
MacDailyNews Take: There is much, much more about potential problems with COVID-19 contact tracing systems in the full post, much of which are similar to concerns we’ve mentioned in our previous takes on this issue:
As long as this UK NHS COVID-19 app can be cleanly deleted and tracking stopped by users at any time, we see no problem with having an app that allows those who want to use it to opt-in. The problem is that if it is made a requirement to be allowed to “work,” there MUST be an end date or the risk of privacy intrusion will be too high a price. — MacDailyNews, April 12, 2020
No location data is truly anonymized. It can be cross-matched with other publicly-available data to identify and track individuals. The idea of any government requiring cellphone tracking to monitor its citizens’ movements, regardless of the reason, is chilling. — MacDailyNews, April 2, 2020
Beware COVID-19 tracking: Emergency powers can outlive their emergencies.
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. — Benjamin Franklin
Lastly, Apple should be careful here. Google has an awful reputation regarding user privacy. Apple must be wary of tarnishing (or destroying) the reputation for user privacy that they’ve carefully built over many years with a system that not only involves Google, of all companies, but that also has a slew of obvious privacy issues.
[Atribution: 9to5Mac. Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]