Just ask any privacy governance advocate and they’ll tell you the same thing: we’re forever at risk of losing our privacy in this digital world of ours. Web tracking technologies like virtual assistants, browser fingerprinting, canvas fingerprinting, cross-device tracking, and web cookies offer some nifty user-enhancing features. Being able to track and locate stolen devices is pretty handy as well. Even security and privacy-conscious people appreciate user and entity behavior analytics (UEBA) from Google Analytics. And whether you like it or not, it’s virtually impossible to do much of anything without being connected in some way or another.
The salient disputation among tech experts is how technology giants such as Google and others essentially permit third parties to use their products as surveillance software. It goes far beyond conspiracy theories and mythos discussed at events like Conspiracy Con; Google, Facebook, Microsoft, Apple, and a few others have long admitted to disclosing user data to the government “in accordance with the law.”
We’re also supposed to believe that they don’t provide the United States government (or foreign governments for that matter) backdoors to user data even though they participate in the PRISM surveillance program—a program that paid them millions of dollars from the NSA’s Special Source Operations division (SSO)—though they claim no such backdoors exist. Thus, it’s no wonder that many working in IT management, information security, data privacy, and data governance sectors worry about COVID-19 tracking technology.
COVID-19 Tracking Technology: Reasonable Measures or A Trojan Horse
On March 17, Declan Chan arrived in Hong Kong from Zurich after a six-week trip. Hong Kong officials made Chan put on a nondescript white wristband and download a mobile application called “Stay HomeSafe” prior to departing the airport. The officials had instructed him to register on the application as soon as he arrived at his apartment; after registration, a 14-day countdown would commence. Additionally, Chan was required to walk to all corners of his apartment so Stay HomeSafe could obtain the geographical location and peripheries of the apartment. If Chan failed to do so, he would have been paid a visit by the police and health officials.
As countries globally attempt to fight the spread of the COVID-19, a number of governments are employing technology to control and observe quarantines—especially of those arriving from trips overseas. In March, Israel approved the use of mobile phone tracking technology normally utilized for counterterrorism operations to track COVID-19 patients. Thailand adopted a similar idea by giving new arrivals free SIM cards and requiring them to download an application that monitors their whereabouts for 14 days.
A Global Pandemic Means We Should Forgive and Forget?
It goes without saying that there is a growing amount of concern that tracking measures used to contain the pandemic will ultimately open Pandora’s Box allowing for more sweeping governmental surveillance even after the pandemic has subsided. If that wasn’t enough, some tech companies have launched their own online COVID-19 tools for at-risk individuals to seek testing and treatment if they think they have contracted the virus. Project Baseline is one of the most publicized online COVID-19 tools, particularly since President Trump mistakenly lauded Google for launching it.
Project Baseline was actually created and launched by Verily Life Sciences (formerly Google Life Sciences), a subsidiary of Alphabet Incorporated, and is only available in certain counties in California at the time of this being written. According to a blog post published by Verily, “The tool will triage people who are concerned about their COVID-19 risk into testing sites based on guidance from public health officials and test availability.” But what if for some reason one chose not to go to a testing site? Applications could be hacked to send bogus positives, leading to something similar to “swatting” where a prank call is made to emergency services in an attempt to bring about the dispatch of a large number of armed police officers to a particular address.
Back in March, CNN Business published an article entitled In the Battle Against Coronavirus, Personal Privacy is at Risk which stated: “The US government is also in discussions with the tech industry to use Americans’ location data to track the spread of the coronavirus, with Google (GOOGL) and Facebook (FB) confirming they are exploring ways to share aggregated, anonymized data rather than location data of specific users, a point they took great pains to emphasize.” This is after Google’s data breach with over five million users’ data compromised and the Facebook–Cambridge Analytica data scandal with nearly 90 million users’ data harvested by Cambridge Analytica, both of which were found out in 2018.
Too Many “Dubious” COVID-19 Tracking Applications Have Hit the Market
A few of the other technology leaders that have offered to assist the United States government in tracking its citizens include IBM, Amazon, Apple, and numerous smaller, unnamed tech companies—all of which seem really eager to help. As a matter of fact, the third most downloaded application on both the Apple Store and Google Play is called Covid Symptom Tracker developed by Guy’s and St Thomas’ hospitals and King’s College London University in the United Kingdom; they hope to reach over one million downloads.
Professor Tim Spector, the “brains” behind the application, chose to scale Covid Symptom Tracker and release it to the general public so that its data could be handed over to the National Health Service (NHS) “to play around with.” Of course, this inadequately tested application requires users to enter their personal information before they can even use all of its functions—let’s not forget to mention the Covid Symptom Tracker was developed and released in just three days.
Privacy governance expert Pat Walshe from UK-based Privacy Matters told the BBC, “I am concerned by the rash of websites and apps intended to allow people to report of their Covid-19 symptoms. I’ve found it difficult or impossible to determine who is behind a number of them. They do not adopt appropriate standards of compliance with data protection law and I see dubious ethics. Could an app help? Yes, possibly. But I think we need the NHS to coordinate it in order to provide confidence, trust, and protection.”
Why It’s Crucial to Maintain Privacy Governance During a National or Global Crisis
While a global pandemic is definitely something to avert at all costs, sacrificing data security should also be a matter of great concern. As the COVID-19 pandemic becomes more critical, officials are lifting some privacy and data protection controls in order to track the spread of the virus. Numerous media reports from around the world show data protection agencies are placing precedence on lives over privacy. With Western nations endorsing China and South Korea’s use of mobile phones to track the spread of COVID-19 as being a success, all caution has been thrown to the wind.
Just because the world is threatened by a pandemic doesn’t mean intelligence agencies, unscrupulous companies, and cybercriminals postponed their activities. On the contrary, it’s during a major crisis such as this—when most everyone is running around like chickens with their heads cut off—that such bad actors make their move. As Walshe pointed out, we should be concerned by the growing number of COVID-19 “tracking” websites and applications popping up all over the place, especially when most users aren’t as security conscious as they should be. One of the most critical times for us to keep data privacy governance at the top of our minds is during a serious global emergency. To learn more about this topic or would like to know about our services, please contact us today in order to learn more!