Getty Images
ACLU, Scientists Urge Privacy Focus for COVID-19 Tracing Technology
Following the Google and Apple announcement of their partnership on COVID-19 contact tracing technology, the ACLU and 200 scientists are highlighting potential privacy risks.
As Google, Apple, and others work to develop COVID-19 contact tracing technology, the American Civil Liberties Union and a group of 200 scientists are warning of potential privacy risks posed by these technologies and are urging developers to ensure these apps do not overreach.
Last week, the tech giants made the announcement that they were partnering on the development of a contract tracing app using Bluetooth Low Energy, which would let individuals know if they’ve come into contact with someone who has COVID-19.
The proposed tech would rely on location or proximity data from mobile phones and deliver alerts to users on potential exposures. Google provided its planned privacy policies, which does include a requirement for explicit user consent.
The app will also not collect personally identifiable information or user location data, and the list of people with whom the user has been in contact does not leave the phone. And those people who’ve tested positive will not be identified to other users, Google, or Apple.
While the contact tracing tools would provide actionable medical data, the ACLU is concerned the tech could raise unnecessary and significant privacy risks without guardrails.
In response, the group released a white paper that outlines the necessary principles public health groups, patients, developers, and policymakers should take to ensure privacy remains in focus.
“If such systems are to work, they must be widely adopted. But that won’t happen if they do not enjoy strong trust within the population,” the ACLU wrote. “Second, it is vital to recognize that on its own, a TACT (technology-assisted contact-tracing) scheme does nothing to help stem the spread of COVID. It is useful only if those who learn of possible exposures to COVID are able to do something about it.”
“But it is useless if those services are unavailable or unaffordable. And advice that encourages self-isolation is implausible if the user of the TACT system or their family cannot afford to do so,” they added. “The lack of adequate and equitable social and public health support systems would limit the effectiveness of any TACT system —potentially risking people’s privacy without bringing them benefit.”
To combat these issues, ACLU explained that any TACT system must incorporate key principles that include incorporating non-technical measures and ensuring the tech is voluntary, non-discriminatory, and non-punitive.
Further, the development must be done in partnership with public health professionals, while preserving privacy, minimally relying on central authorities, and narrowly tailoring the data to target a specific epidemic. Security must also be in focus, in addition to ensuring there’s an exit strategy.
Calling some TACT proposals “distinctly dangerous,” ACLU warns some of these apps would routinely supply data from everyone within a population to a central authority.
“The location data typically generated by cell phones is not precise enough to identify epidemiologically relevant contacts, i.e. such as those within the requisite distance or with the relevant type of exposure,” ACLU explained. “We reject these privacy-unfriendly TACT proposals outright because they do not strike the right balance between effectiveness, necessity, and intrusion.”
“Any contact-tracing scheme, tech-assisted or otherwise, does risk exposing an infected person’s medical condition (which is sensitive health data) to their potential contacts,” they added. “But more privacy-friendly schemes do exist.” And that includes the Google-Apple partnership.
Mirroring similar concerns, the group of global scientists also stressed the importance of contact tracing tools in tackling the pandemic. In the past, the process has been done manually, but the time-consuming process would not be effective for COVID-19.
Noting the effectiveness of TACT apps can be controversial, the real concern for the scientists is the privacy risk posed to individuals as the data could be “otherwise repurposed to enable unwarranted discrimination and surveillance.”
The group also called into question the accuracy of geolocation data and instead recommended the use of Bluetooth-enabled solutions that would automatically trace contact when available.
“Some of the Bluetooth-based proposals respect the individual's right to privacy, whilst others would enable (via mission creep) a form of government or private sector surveillance that would catastrophically hamper trust in and acceptance of such an application by society at large,” the scientists wrote.
“It’s crucial that citizens trust the applications in order to produce sufficient uptake to make a difference in tackling the crisis,” they added. “It’s vital that, in coming out of the current crisis, we do not create a tool that enables large scale data collection on the population, either now or at a later time.”
As a result, these solutions should not allow for reconstructing invasive data on population, such as “social graphs” that outline who someone has physically met over a specified period of time. The scientists warn that this data could be used by bad actors to spy on individuals in real-time.
The scientists agree that the proposed Google-Apple technology using Bluetooth tech could accomplish the required data needs with the necessary privacy protections. But they warn the tech giants should avoid collecting privacy data from users, as “some who seek to build centralized systems are pressuring Google and Apple to open up their systems to enable them to capture more data.”
The key is for the TACT tech to be decentralized, using only data needed to support public health measures meant to contain the spread of COVID-19. Any tech used in this manner must also be fully transparent, including protocols and any sub-components provided by the companies must be made public. Use of the tech must also be voluntary.
“When multiple possible options to implement a certain component or functionality of the app exist, then the most privacy-preserving option must be chosen,” the scientists wrote. “Deviations from this principle are only permissible if this is necessary to achieve the purpose of the app more effectively and must be clearly justified with sunset provisions.”
As noted last year by the Department of Health and Human Services, third-party apps chosen by patients are not covered by HIPAA. As a result, it's crucial policymakers and Congress ensure privacy protections when it comes to these apps.