Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //


11:15 AM

Technology Empowers Pandemic Response, But Privacy Worries Remain

As technology companies and the medical community work to find ways to track and test for the virus, privacy might fall by the wayside.

In late January and early February, a study of influenza had the ability to reveal whether subjects in the Seattle area were infected by the novel coronavirus. But medical privacy rules scuttled the idea until researchers, on February 25, decided to go ahead and test anyway. They discovered that COVID-19 had already contributed to the deaths of two people.

In China, Singapore, and Israel, government officials used citizens' cell phones to track who may have had contact with infected individuals, a capability the European Union is considering as well. Market intelligence service Unacast has used its system of tracking citizens — originally to determine mobile users' music preferences — to produce scorecards of how well the citizens of nations, regions, and cities were social distancing to reduce spread.

The different ways that nations approach the problem of the coronavirus pandemic often conflicts with privacy rights, says Omer Tene, vice president and chief knowledge officer at the International Association of Privacy Professional (IAPP). 

"There is a balance between the usefulness and effectiveness of measures and the ability to protect privacy and civil liberties, and China weighed in very heavily on one side," he says. "They sacrificed privacy and civil liberties — of course, they did not have much to begin with — to reinforce the public health interest. The US will have to find its own place on the scale."

Natural and human disasters typically redraw the lines between civil liberties and security. Following the September 11 terrorist attacks, the US government curtailed many privacy provisions to try to enhance security. Most experts, in hindsight, believe the government went too far, and some of the privacy protections have been restored. 

The rush to find ways to use technology to combat COVID-19 has given governments visibility into the spread of the novel coronavirus but will likely result in citizens sacrificing privacy — at least for the time being. The pandemic poses a different threat, one that could have a lasting impact on medical and personal privacy, according to Cindy Cohn, executive director of the Electronic Frontier Foundation (EFF).

"We must be sure that measures taken in the name of responding to COVID-19 are, in the language of international human rights law, 'necessary and proportionate' to the needs of society in fighting the virus," she said in a post. "Above all, we must make sure that these measures end and that the data collected for these purposes is not repurposed for either governmental or commercial ends.  

Yet privacy rules have arguably delayed the response to the coronavirus pandemic. The Seattle Flu Study, for example, had already been surveilling influenza infection rates in the city when researchers heard of the spread of the novel coronavirus. The medical researchers offered in late January to start testing for coronavirus, but medical privacy and ethics rules prevented them from extending the effort beyond its original scope and notifying participants of their status, according to The New York Times, which broke the story.

The researchers eventually expanded testing on their own initiative weeks later and were shut down by state officials, but not before confirming that the disease had spread to the Seattle area. On March 22, the group got permission to restart testing and was retasked as the Seattle Coronavirus Assessment Network, or SCAN.

"Everyone who takes part in this effort will help us understand how coronavirus is spreading in the Greater Seattle area," the group now states on its website. "We are increasing capacity and responding to public health priorities as they come up."

Market intelligence firm Unacast has used its ability to track mobile users to create scorecards for the social-distancing efforts of citizens of different regions. The commonwealth of Massachusetts, for example, gets an "A" for its efforts, while Hawaii garnered a "D" grade.

Efforts to monitor potential infected citizens will likely run afoul of privacy rules but can pay dividends, says Ambuj Kumar, Fortanix CEO and co-founder of encryption firm Fortanix. He points to two apps that show the possibilities if privacy issues are resolved: One is China's Alipay Health Code app, which tracks citizen movements and uses a color code to restrict the movement of people as a more authoritarian solution. Singapore used a different app, TraceTogether, which records movements within two meters of other people to determine whether people were exposed to the virus. 

New techniques, such as privacy-preserving data analysis, could allow extremely private data to be tracked from multiple sources without exposing an individual’s private data.

"It’s unlikely that more open democracies with established privacy laws will be able to implement similar systems without additional privacy protections," he says.

The EFF has warned that in fighting the epidemic technologists should consider the privacy consequences. 

We need to "make sure that we both take advantage of how technology can help us now and, equally importantly, that we emerge from this time with our freedom and democracy as strong, if not stronger, than when we went in," the EFF's Cohn said, adding that "we also need to be vigilant so that we come out the other side of this crisis with a society we want to live in and hand down to our kids. We can — and must — do both."

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "What Should I Do If Someone Is Impersonating My Company in a Phishing Campaign?"


Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-12
The Fatek Automation WinProladder Versions 3.3 and prior are vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code.
PUBLISHED: 2021-04-12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
PUBLISHED: 2021-04-12
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile.
PUBLISHED: 2021-04-12
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token
PUBLISHED: 2021-04-12
A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.