Tech-savvy individuals and firms have been eager to apply their skills to the coronavirus pandemic, as they should be. Some of them are working with governments who have flexed their "special powers" and public health muscles, as governments should do.
Much of this tech effort, from all sides, has been put into contact tracing, which aims to find out who might have been exposed to the virus from an infectious person.
Contact tracing is already a routine process in most developed nations for battling things like meningococcal disease, tuberculosis, and sexually transmitted infections (STIs), including HIV.
Normally, this "painstaking and quick detective work" is labour-intensive and involves lots of phone calls and text messages. The new technologies that are being developed intend to improve that.
Australia's plan toadoptTraceTogether, the COVID-19 contract tracing app from Singapore, is one obvious example.
The remarkable partnership between Apple and Google to roll out APIs to enable contact tracing apps is another.
But how many of these players are thinking about the long-term implications?
TraceTogether's creators seem to have made a solid effort to protect users' privacy from each other. The co-called "Central Authority" server generates temporary IDs which are periodically refreshed, for example.
The data log only contains relative distance between users, as determined by the Bluetooth signal strength, not the exact location where the users came in close contact.
But a detailed analysis by researchers from the University of Melbourne and Macquarie University highlights a range of privacy flaws.
One key problem is that users must trust the Central Authority -- in Singapore, that's a Ministry of Health server -- to do the right thing.
"Even though the data logs are only sent to the Central Authority following user's consent, there is no check to ensure that the request from Central Authority is genuine or not, i.e., whether that user was in proximity of an infected user," the researchers wrote.
"Thus, a curious Central Authority might be able to obtain and decrypt data logs from a large number of users yielding to [a] potential mass-surveillance threat."
While the data logs held locally on users devices are deleted after 21 days, there's no guarantee that the data logs decrypted at the authority server would also be deleted.
As well as tweaks to provide more protection from the Central Authority, and less centralisation, the researchers also recommend that any future use of anonymised data logs "must be restricted".
"An important aspect of data gathered by the server is future use by epidemiologists and policymakers," they wrote.
"Although the information seems innocuous, it can be very sensitive and reveal a lot about the users."
The privacy of medical information is particularly important.
As the Australasian Contact Tracing Guidelines remind us, any disclosure that individuals have tested for, or are living with, such as HIV/AIDS or other STIs, can invite social stigma and discrimination.
"People may be reluctant to seek medical attention if they fear their information could be disclosed to others. This 'chilling effect' could have implications for the future prevention, treatment and study of medical conditions."
These risks are also present with COVID-19. Australia is already seeing racist vandalism and physical and verbal abuse. If specific individuals are ever identified, their situation would only get worse.
For this reason, the researchers say that the data shouldn't be made public, even if anonymised.
"A large percentage of the people might share their data. Even the contact graph, without locations, timestamps, phone numbers or explicit identities, can be linked to other data sources enabling user re-identification."
In fact, another University of Melbourne team found such a vulnerability with a supposedly anonymised public dataset in 2016 and had re-identified seven prominent Australiansin 2017.
The government didn't really fix the problem, however. They just tried to make data matching illegal. The legislation lapsed before the federal election in May 2019.
Digital Rights Watch Australia (DRW) has called for more transparency about the planned use of TraceTogether, along with "unimpeachable guarantees" that the data won't be used for anything else.
"They certainly need to do better than suggesting that privacy implications will be examined by the Attorney-General," said DRW chair Lizzie O'Shea on Wednesday.
"Everything about this needs to be transparent. The code must be independently audited. There needs to be a clear benchmark for when data will no longer be collected and the app deactivated."
O'Shea noted, as others have, that there's a real risk of false positivesand a need to preserve human rights even in the face of a pandemic.
"The existence of encryption-breaking laws like the government's own Assistance and Access [Act] undermines our capacity to keep such systems secure," she said.
"Such technological tools need a social licence to operate effectively, and the government has a long way to go before it comes close to earning it."
In a global context, Dr TJ McIntyre, an associate professor in the Sutherland School of Law at University College Dublin, went further.
"COVID-19 tracing is the most significant technology policy development of this generation -- even more so than the war against end to end cryptography -- and we're watching it happen at breakneck speed," McIntyre said.
"The role of tech firms vs states will be critical."
Genevieve Bell, director of the 3A Institute at the Australian National University wrote that the response to the coronavirus presents a chance to reinvent the way we collect and share personal data while protecting individual privacy.
"The speed of the virus and the response it demands shouldn't seduce us into thinking we need to build solutions that last forever," Bell wrote.
"There's a strong argument that much of what we build for this pandemic should have a sunset clause -- in particular when it comes to the private, intimate, and community data we might collect."
Of course, once governments gain certain powers or access to certain technologies, very rarely do they hand them back with a friendly "Thanks, we don't need that any more".
In fact, the opposite happens. There is always scope creep.
What makes the current situation in Australia even more worrisome is that TraceTogether has been fast-tracked through the review process at a time when Parliament and its various oversight committees have been shut down.
Yes, we need to fight the coronavirus with extraordinary measures, but we also need to have our wits about us.
Updated at 9.34am AEST, 16 April 2020 : Clarified status of lapsed data matching legislation.
View original post here:
Coronavirus tracing tech policy 'more significant' than the war on encryption - ZDNet
- Encryption Software Market Worth $20.1 Billion by 2025 - Exclusive Report by MarketsandMarkets - Yahoo Finance - June 18th, 2020
- Zoom says free users will get end-to-end encryption after all - The Verge - June 18th, 2020
- Zoom To Offer End-To-End Encryption For Video Calls, Trials To Start In July - NDTV - June 18th, 2020
- Encryption Software Market 2020-2025: Types, Services, Cost Structure, Application, Statistics, Emerging Trends And Regional Analysis - Owned - June 18th, 2020
- Zoom to offer end-to-end encryption for all users, trial to begin in July - Reuters India - June 18th, 2020
- Cloud Encryption Market Will Generate Massive Revenue In Future- A Comprehensive Study On Key Players - Surfacing Magazine - June 18th, 2020
- Global Cloud Encryption Gateways Market Research with COVID-19 After Effects - Cole of Duty - June 18th, 2020
- Encryption Software Market 2020 By Trends, Demand, Business Opportunities, Development Factors, Applications, Overview with Competitive landscape... - June 14th, 2020
- IMPACT OF COVID-19 ON Encryption Key Management Software RESEARCH, GROWTH TRENDS AND COMPETITIVE ANALYSIS 2020-2026 - Cole of Duty - June 14th, 2020
- Move over Zoom, this encryption company just released the first fully end to end encrypted conferencing solution #105518 - New Kerala - June 14th, 2020
- Cloud Encryption Software Market to witness high growth in near future - GroundAlerts.com - June 14th, 2020
- Three secure ways to surf the internet - Gadgets Now - June 14th, 2020
- Will Zoom Bring Encryption to the People Who Need It Most? - EFF - June 13th, 2020
- Encryption Software Market Size Scope and Comprehensive Analysis by 2028 - 3rd Watch News - June 13th, 2020
- Federal-grade encryption from the comfort of home - GCN.com - June 13th, 2020
- Hardware-based Full Disk Encryption Market Growth Prospects, Revenue, Key Vendors, Growth Rate and Forecast To 2026 - Jewish Life News - June 13th, 2020
- Congress introduces EARN IT Act, which would end encryption programs but violates the Constitution - NationofChange - June 13th, 2020
- IBM kit wants to keep your data encrypted while in use - ITProPortal - June 13th, 2020
- Commercial Encryption Software Market Growth Prospects, Revenue, Key Vendors, Growth Rate and Forecast To 2026 - Jewish Life News - June 13th, 2020
- Nearly 500,000 say Congress shouldnt kill encryption with the EARN IT Act - The Daily Dot - June 13th, 2020
- COVID-19, Security and WFH: Myths and Misconceptions - Security Boulevard - June 13th, 2020
- Privacy News Online | Weekly Review: June 12th, 2020 - Privacy News Online - June 13th, 2020
- Global Optical encryption Market Insights and Forecast 2020 to 2025 - Jewish Life News - June 13th, 2020
- Hong Kong is number one in Asia for enterprise encryption, with customer personal information the top data protection priority, reports nCipher... - May 27th, 2020
- Are social giants morally obligated to break encryption? - ACS - May 27th, 2020
- Facebook plot to encrypt ALL chats will help child abusers to hide, former police chief warns - The Sun - May 27th, 2020
- Encryption Software Market To Expand At A Robust 14.27% Cagr Of 2020 | Sophos,McAfee,Check Point Software Technologies,Proofpoint,Trend Micro - 3rd... - May 27th, 2020
- Encryption Software Market Forecast Revised in a New Market Expertz Report as COVID-19 Projected to Hold a Massive Impact on Sales in 2020 | Long-term... - May 27th, 2020
- Global Homomorphic Encryption Market Analysis 2020-2025: by Key Players with Countries, Type, Application and Forecast Till 2025 - Cole of Duty - May 27th, 2020
- COVID-19 Impact ON AES Encryption Software Market: Size, Market Analysis, Application, Growth Drivers, Trends, status and Research Report by 2025 -... - May 27th, 2020
- Cloud Encryption Software Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top... - May 27th, 2020
- Global Encryption Key Management Market 2020 Insights, Key Player's Competition, Trends, Sales, Revenue, Supply, Demand, Growth Analysis and Forecast... - May 27th, 2020
- Starting to look at email security. Looking for guidance - Encryption Methods and Programs - BleepingComputer - May 25th, 2020
- Global Cloud Encryption Technology Market Projected to Reach USD XX.XX billion by 2025- Gemalto, Sophos, Symantec, SkyHigh Networks, Netskope etc. -... - May 25th, 2020
- Impact of Covid-19 on Cloud Encryption Technology Market is Expected to Grow at an active CAGR by Forecast to 2025 | Top Players Gemalto, Sophos,... - May 25th, 2020
- Zoom will seek public feedback on plan for stronger encryption - The Indian Express - May 16th, 2020
- Encryption Software Market Research Report 2020 By Size, Share, Trends, Analysis and Forecast to 2026 - Cole of Duty - May 16th, 2020
- Almost half of organisations have been reported to the ICO for a potential data breach - ResponseSource - May 16th, 2020
- VPN Tunnels explained: what are they and how can they keep your internet data secure - TechRadar - May 16th, 2020
- The Week in Ransomware - May 15th 2020 - REvil targets Trump - BleepingComputer - May 16th, 2020
- WhatsApp Video Calls Will Soon Support 50: This Is Why 8s The Limit For Your Security - Forbes - May 16th, 2020
- How to Use Encryption for Defense in Depth in Native and Browser Apps - InfoQ.com - May 14th, 2020
- Analyzing Encrypted RDP Connections - Security Boulevard - May 14th, 2020
- Analysis on Impact of COVID-19-Global Cloud Encryption Software Market 2020-2024| Increasing Use of In-built Cloud Encryption Solutions to Boost... - May 14th, 2020
- Vcrypt ransomware brings along a buddy to do the encryption - Naked Security - May 14th, 2020
- Move over Zoom, this encryption company just released the first fully end to end encrypted conferencing solution - Yahoo Finance - May 14th, 2020
- GovCon Expert Chuck Brooks: Three Steps for Protecting Data in the Public and Private Sectors - GovConWire - May 14th, 2020
- What is the difference between Symmetric and Asymmetric Encryption? - TWCN Tech News - May 14th, 2020
- Encryption Key Management Software Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - Cole of Duty - May 14th, 2020
- IoT Security Solution For Encryption Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - Cole of Duty - May 14th, 2020
- Mobile Encryption Technology Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - Cole of Duty - May 14th, 2020
- Data Encryption Service Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - Cole of Duty - May 14th, 2020
- Congress May Hand Bill Barr the Keys to Your Online Life - The New Republic - May 14th, 2020
- DataLocker Sentry K300 8GB Encrypted Thumb Drive Review - TweakTown - May 14th, 2020
- Hardware Encryption Technology Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - Cole of Duty - May 14th, 2020
- Global Cloud Encryption Software Market SHARE, SIZE 2020| EMERGING RAPIDLY WITH LATEST TRENDS, GROWTH, REVENUE, DEMAND AND FORECAST TO 2026 -... - May 14th, 2020
- Mobile Encryption Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - Cole of Duty - May 14th, 2020
- Hardware Based Encryption Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - Cole of Duty - May 14th, 2020
- Email Encryption Software Market Incredible Possibilities, Growth With Industry Study, Detailed Analysis And Forecast To 2025 - Bulletin Line - May 14th, 2020
- Google Duo is coming to the web via Chrome; features Family mode, end-to-end encryption - Moneycontrol - May 14th, 2020
- Global trade impact of the Coronavirus Commercial Encryption Software Market Applications and Company's Active in the Industry Science Market Reports... - May 2nd, 2020
- Email Encryption Market Growth Opportunities, Challenges, Key Companies, Drivers and Forecast to 2026 Cole Reports - Cole of Duty - May 2nd, 2020
- U.S. Hardware Encryption Market (2019 to 2026) - by Algorithm & Standard, Architecture and Field-Programmable Gate Array, Product, Application,... - May 2nd, 2020
- Innovative Encryption Algorithm Developed in South Korea - BusinessKorea - May 2nd, 2020
- Online course trains students in the bizarre world of quantum computing - Livescience.com - May 2nd, 2020
- Encryption Software Market Growth Opportunities, Challenges, Key Companies, Drivers and Forecast to 2026 Cole Reports - Cole of Duty - May 2nd, 2020
- COVID19 impact: Global Cloud Encryption Software Market Trends (Constraints, Drivers, Opportunities, Threats, Challenges, recommendations and... - May 2nd, 2020
- Review of the iStorage datAshur Pro2, an encrypted thumbdrive for home and work - Neowin - May 2nd, 2020
- Kanguru expands encrypted flash drive range with new 256GB options - Geeky Gadgets - May 2nd, 2020
- Global Encryption Management Solutions Market Size |Incredible Possibilities and Growth Analysis and Forecast To 2026 | Check Point Software... - May 2nd, 2020
- The COVIDSafe app was just one contact tracing option. These alternatives guarantee more privacy - The Conversation AU - May 2nd, 2020
- Data Encryption Service Market Detailed Analysis of Current Industry Figures With Forecasts Growth by 2026| Microsoft, IBM, OneNeck - News Log Book - May 2nd, 2020
- ACLU, EFF still trying to get documents unsealed in Facebook encryption case - CyberScoop - April 29th, 2020
- Advanced Encryption Standard (AES): What It Is and How It Works - Security Boulevard - April 29th, 2020
- How Let's Encrypt changed the web with free, easy encryption - Fast Company - April 29th, 2020
- Group video calls of up to 100 participants, with encryption and noise cancellation - Explica - April 29th, 2020
- Analysis of COVID-19-Encryption Management Solutions Market 2019-2023 | Rising Demand For Digitalization to Boost Growth | Technavio - Yahoo Finance - April 17th, 2020
- Protecting consumers personal data becomes top reason for encryption, global study involving nCipher Security finds - Cambridge Independent - April 17th, 2020
- Signal: Well be eaten alive by EARN IT Acts anti-encryption wolves - Naked Security - April 17th, 2020
- How a former NSA scientist grasped the Holy Grail of encryption and changed the paradigm for safely sharing data - SiliconANGLE - April 17th, 2020