Data Privacy Concerns, Lack of Trust Foil Automated Contact TracingData Privacy Concerns, Lack of Trust Foil Automated Contact Tracing
Efforts to create a technology framework for alerting people to whether they have been exposed to an infectious disease have been hindered by a number of key issues.
August 28, 2020
Automated contact tracing — a tool that could potentially help blunt the impact of the next wave of the coronavirus pandemic as well as future outbreaks — has been largely sidelined due to privacy concerns and citizens' lack of trust in both government agencies and technology companies, according to a variety of experts.
Only 21% of people would willingly share data with healthcare businesses for contact-tracing purposes, and more than half continue to feel uncomfortable sharing personal data for any reason, according to the "2020 Consumer Trust and Data Privacy report" published this week by enterprise privacy firm Privitar. Because automated contact tracing requires significant market penetration to be effective, the absence of privacy protections and the lack of trust means the technology will likely not be adopted quickly enough to be a factor in the current pandemic.
To gain citizens' trust, the technologies and policies surrounding those technologies must protect privacy and be totally transparent in how data is collected and used, says Guy Cohen, head of policy for Privitar.
"If we want to take advantage of tools like contact-tracing apps, we need to make sure those tools work and are trustworthy — otherwise they won't be adopted," he says. "We need evidence of value and trustworthy data management needs to be both perception and reality."
A failure to trust the technology is not the only challenge for contract-tracing applications. False positives — identifying a person as a potential transmission risk — could be a significant issue, as the technologies used to determine proximity — Wi-Fi and Bluetooth — do not take detect a variety of environmental factors, such as whether people are indoors or outside, whether they are talking with one another or facing away from each other, and whether they have donned masks.
Using such technology without finding ways to resolve those issues could result in so many failures that people will lose even more confidence in the applications, says Casey Ellis, chief technology officer and founder of crowdsourced vulnerability assessment firm Bugcrowd.
"The reality is that COVID-19 contact-tracing apps are uncharted territory, and developers are requiring users' devices to use location-based and Bluetooth communication in ways they weren't designed to do," he says. "Additionally, developers are pressured to bring these apps to market faster than what is recommended since we are in the middle of the pandemic still, and this leaves room for error."
Contact tracing is a natural approach to attempting to track down people who have been potentially been exposed to a virus or a disease. In the past, legions of workers have taken on the task after a report of an infected person. Automating contact tracing promises to increase population coverage, speed up the process, and reduce the cost by allowing — or requiring — people to install an application that tracks which mobile devices have been in close proximity. While the technology seems like a smart use of an already ubiquitous technology — people's mobile devices — automated contact tracing raises a passel of thorny issues.
Those most at risk — older people — are least likely to download a contact tracing app, for example, and even distributed contact tracing opens the risk to malicious attacks, such as bad actors reporting a COVID-19 infection in an area to reduce voting participation or shut down businesses, according to three experts who wrote for the Brookings Institution about the challenges facing the technology.
"We have no doubts that the developers of contact-tracing apps and related technologies are well-intentioned, [b]ut we urge the developers of these systems to step up and acknowledge the limitations of those technologies before they are widely adopted," the three researchers said. "Health agencies and policymakers should not over-rely on these apps and, regardless, should make clear rules to head off the threat to privacy, equity, and liberty by imposing appropriate safeguards."
Because contact tracing relies on trust, the current polarization of US politics has made gaining the trust of a third of Americans that much more difficult, according to Privitar's research.Trust requires that two conditions be met, says Privitar's Cohen: One, any app has do its job effectively, and, two, privacy must be protected. Without such transparency, adoption of contact tracing will not pass the threshold that will make it effective, he says.
Stronger federal laws protecting privacy could help make future efforts more likely. However, while Democrats and Republicans have both proposed legislation, they have failed to agree on key provisions, such as whether state laws — such as the California Consumer Privacy Act — can be more stringent than a federal law, as well as the ability of citizens to bring legal action against offenders. Until those fundamental issues are resolved, privacy protections are unlikely to pass through Congress, Cohen says.
"Key disagreements ... [have] blocked progress so far and make it unlikely that the new proposals will pass," he says. "In the interim, America is left lacking any federal standard, and [that is] driving state-level action."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks