COVID-19 contact tracing apps: 8 privacy questions governments should ask

April 02, 2020

As part of their efforts to slow the outbreak of coronavirus, governments, research institutions and industry are developing contact tracing apps to record interactions between people. The apps warn users if one of the people they have been recorded as being in contact with is later diagnosed with COVID-19 so they can take appropriate steps like self-isolation.

Such apps could prove useful in avoiding long-term confinement measures. However they collect sensitive information like location data, Bluetooth-enabled proximity information, and whether individuals are infected.

Now, a new white paper by Imperial College London's Dr Yves-Alexandre de Montjoye has outlined eight questions that should be asked to understand how protective of privacy an app is.

Dr de Montjoye, of Imperial's Department of Computing, said: "We need to do everything we can to help slow the outbreak. Contact tracing requires handling very sensitive data at scale, and solid and proven techniques exist to help us do it while protecting our fundamental right to privacy. We cannot afford to not use them.

"Our questions are intended for governments and citizens to help evaluate the privacy of apps. They could also for app developers when planning and evaluating their work."

The questions were developed by a team including Imperial PhD students Florimond Houssiau, Andrea Gadotti, and ENS Lyon's Florent Guepin.

The questions

1. How do you limit personal data gathered by the app developers?

Dr de Montjoye (YDM): "Large-scale collection of personal data can quickly lead to mass surveillance. We should ask how much data the app gathers - like the whole disease trajectory and real-life social network of infected users."

2. How do you protect the anonymity of every user?

YDM: "Special measures should be put in place to limit the risk that users can be re-identified by app developers, other users, or external parties. Because location traces are unique, they might easily be linked back to a person."

3. Does the app reveal to its developers the identity of users who are at risk?

YDM: "The goal of contact tracing is to warn people who are at risk, so there's no need for app developers to know who these people are."

4. Could the app be used by users to learn who is infected or at risk, even in their social circle?

YDM: "Personal health data is very sensitive. Digital contact tracing should warn those who are at risk without revealing who might have infected them."

5. Does the app allow users to learn any personal information about other users?

YDM: "Having access to small amounts of information could help users identify who is infected, so apps shouldn't disclose information on a user's location or social networks to other users."

6. Could external parties exploit the app to track users or find out who's infected?

YDM: "Apps should consider the risk of external adversaries, including well-resourced ones. External entities could install Bluetooth trackers to cover a city, or install malicious code on phones, and record the identifiers that they observe in specific locations. This can be avoided by regularly changing and re-anonymising identifiers like location data."

7. Do you put in place additional measures to protect the personal data of infected and at-risk users?

YDM: "The app design may require revealing more personal information about users who are infected or exposed, but these are often the people who are more vulnerable and at risk. It's important to consider what additional measures can be taken to protect their information."

8. How can users verify that the system does what it says?

YDM: "Large-scale contact tracing is too sensitive an issue to rely on blind trust. Technical measures should be used to guarantee public scrutiny on the functioning of the app. Transparency of the system (app code, protocol, what is being broadcast, etc) is fundamental to guarantee privacy. This requires that the app be open source and app versions distributed on mobile app stores be verifiable, enabling developers to confirm that they're running the public, auditable code."

Privacy a 'crucial component' going forward

Contact tracing apps are being developed around the world and some are already available. If they are proven useful, governments, health authorities, and users will have to evaluate the different approaches and decide whether to adopt them. Privacy, say the researchers, is a crucial component in this decision.

Co-author Florimond Houssiau, also from Imperial's Department of Computing, said: "These questions are meant to be a starting point for an informed conversation on privacy in contact tracing apps."

The questions do not cover every potential vulnerability of contact tracing protocols, like security issues. Co-author Andrea Gadotti said: "Our questions focus on privacy, but the security side is equally important. This means, for example, encrypting the apps, evaluating how mobile malware could affect the app's behaviour, and assessing the resilience of the app developer servers against intrusion."

"Evaluating COVID-19 contact tracing apps? Here are 8 privacy questions we think you should ask." by Dr de Montjoye et al., published 2 April 2020.

Imperial College London

Related Privacy Articles from Brightsurf:

Yale team finds way to protect genetic privacy in research
In a new report, a team of Yale scientists has developed a way to protect people's private genetic information while preserving the benefits of a free exchange of functional genomics data between researchers.

Researchers simulate privacy leaks in functional genomics studies
In a study publishing November 12 in the journal Cell, a team of investigators demonstrates that it's possible to de-identify raw functional genomics data to ensure patient privacy.

Some children at higher risk of privacy violations from digital apps
While federal privacy laws prohibit digital platforms from storing and sharing children's personal information, those rules aren't always enforced, researchers find.

COVID-19 symptom tracker ensures privacy during isolation
An online COVID-19 symptom tracking tool developed by researchers at Georgetown University Medical Center ensures a person's confidentiality while being able to actively monitor their symptoms.

New research reveals privacy risks of home security cameras
An international study has used data from a major home Internet Protocol (IP) security camera provider to evaluate potential privacy risks for users.

Researcher develops tool to protect children's online privacy
A University of Texas at Dallas study of 100 mobile apps for kids found that 72 violated a federal law aimed at protecting children's online privacy.

Do COVID-19 apps protect your privacy?
Many mobile apps that track the spread of COVID-19 ask for personal data but don't indicate the information will be secure.

COVID-19 contact tracing apps: 8 privacy questions governments should ask
Imperial experts have posed eight privacy questions governments should consider when developing coronavirus contact tracing apps.

New security system to revolutionise communications privacy
A new uncrackable security system created by researchers at King Abdullah University of Science and Technology (KAUST), the University of St Andrews and the Center for Unconventional Processes of Sciences (CUP Sciences) is set to revolutionize communications privacy.

Mayo Clinic studies patient privacy in MRI research
Though identifying data typically are removed from medical image files before they are shared for research, a Mayo Clinic study finds that this may not be enough to protect patient privacy.

Read More: Privacy News and Privacy Current Events is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to