Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

06:00 AM

Centralized Contact Tracing Raises Concerns Among Privacy-Conscious Citizens

The long debate over whether encryption and anonymity shield too much criminal behavior also has staged a resurgence.

Nations whose governments pursue a centralized model of contact tracing are more likely to see a massive surge in citizens adopting privacy-enhancing technologies — in some cases by a factor of 10x or more, according to messaging security firm Wickr.

In an analysis of its user base, Wickr found that countries such as Turkey, Israel, and Hungary, which have all taken a centralized approach to contact tracing, have seen massive increases in private-messaging adoption by a factor of 15x or more. Even in European nations that have more privacy-centric regulations, adoption of secure messaging has grown faster in countries moving to adopt a centralized approach, such as the United Kingdom and France, versus those that have committed to distributed contact tracing technology, such as Germany, Wickr's analysis states.

The result suggests that the move to more rigorous surveillance of the coronavirus's spread has caused concerns among tech-savvy and privacy-conscious citizens, says Chris Howell, co-founder and chief technology officer of Wickr. 

"The COVID contact-tracing trend points to the general climate around privacy," he says. "If businesses or citizens believe the government is looking at gobbling up all the data, there is going to be a more angst. In those regions, you are going to have people that fear that overreach and turn to technology for privacy."

The data from Wickr reinforces the idea that, as governments increase surveillance powers, citizens are more prone to adopt technology that can help keep their communications private. The report is neither a scientific study nor does it suggest that citizens' privacy concerns with coronavirus contact tracing are driving adoption. However, the report does come as governments worldwide struggle to find ways to keep their populations safe from coronavirus. 

In addition, the long-simmering debate over whether encryption and anonymity shield too much criminal behavior has staged a resurgence. The US Department of Justice reopened its case against technology companies that provide encrypted communications technology that cannot easily be broken. The so-called "going dark" debate generally pits calls for backdoors into encrypted devices as a way to enforce laws and policy on citizenry. 

The most recent legislative battleground is the EARN IT Act, which Congress is currently considering and would allow a group of commissioners to set best practices for technology companies that provide Internet services, including — critics claim — requiring encryption backdoors. 

"Backdoors are a serious threat to the security that encryption offers, just as they were when the modern encryption debate started with the aftermath of the San Bernardino terrorist attack five years ago," said Michael Hayden, the former director of the Central Intelligence Agency and of the National Security Agency, earlier this month in a column for The Hill. "Proponents continue to pursue backdoors through legislation like the Earn It Act, despite the fact that such efforts will not achieve their intended aims, as many experts continue to point out."

The size of the largest gains — 45x in Turkey, 23x in Israel, and 15x in Hungary — is largely due to a small starting user base in those countries, but overall the trend indicates the greatest adoption occurred in countries that planned to use technology to undermine privacy, Wickr's Howell says. Russia, Italy, and South Korea are all among the top adopters, but also countries that adopted contact tracing that respects privacy less.

Some experts have warned that, as the United States did after 9/11, nations that undermine privacy for the promise of security are doing so unnecessarily. Yet, unlike after 9/11, when proposals to sift through citizens' data seemed to be the only option, this time there are two options that will likely serve tracing efforts equally well. 

Centrally managed contact tracing basically allows government to track the historical location of citizens to determine when two people are in the same location at the same time. Distributed contact tracing allows phones to exchange anonymous keys when they are close to one another for a given amount of time, and then only if one person is diagnosed with COVID-19 are the keys collected in a database that is then updated.

"If you look at just the fact that we have two major types of COVID tracing we are talking about, that is a win," Howell says. "We did not have that post-9/11. It was only after the Patriot Act that we looked at whether we needed to be collecting all the data we decided to collect."

Apple and Google have worked together to create a toolkit for the distributed form of contact tracing that other companies, government agencies, and health organizations can use as the basis of an application. Other countries, such as Taiwan and Germany, are developing privacy-preserving contact tracing.

Governments that choose to sacrifice citizens' privacy when tracking coronavirus infections should expect to face harsh questions after the pandemic ends, Wickr's Howell says.

"This puts more scrutiny on them because people can say, 'Hey, there is another option here,'" he says. "When governments do not talk about other solutions, it will cause people to question their motives."

Related Content:

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register
Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are...
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from versio...
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from...
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...