Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

5/21/2020
06:00 AM
50%
50%

Centralized Contact Tracing Raises Concerns Among Privacy-Conscious Citizens

The long debate over whether encryption and anonymity shield too much criminal behavior also has staged a resurgence.

Nations whose governments pursue a centralized model of contact tracing are more likely to see a massive surge in citizens adopting privacy-enhancing technologies — in some cases by a factor of 10x or more, according to messaging security firm Wickr.

In an analysis of its user base, Wickr found that countries such as Turkey, Israel, and Hungary, which have all taken a centralized approach to contact tracing, have seen massive increases in private-messaging adoption by a factor of 15x or more. Even in European nations that have more privacy-centric regulations, adoption of secure messaging has grown faster in countries moving to adopt a centralized approach, such as the United Kingdom and France, versus those that have committed to distributed contact tracing technology, such as Germany, Wickr's analysis states.

The result suggests that the move to more rigorous surveillance of the coronavirus's spread has caused concerns among tech-savvy and privacy-conscious citizens, says Chris Howell, co-founder and chief technology officer of Wickr. 

"The COVID contact-tracing trend points to the general climate around privacy," he says. "If businesses or citizens believe the government is looking at gobbling up all the data, there is going to be a more angst. In those regions, you are going to have people that fear that overreach and turn to technology for privacy."

The data from Wickr reinforces the idea that, as governments increase surveillance powers, citizens are more prone to adopt technology that can help keep their communications private. The report is neither a scientific study nor does it suggest that citizens' privacy concerns with coronavirus contact tracing are driving adoption. However, the report does come as governments worldwide struggle to find ways to keep their populations safe from coronavirus. 

In addition, the long-simmering debate over whether encryption and anonymity shield too much criminal behavior has staged a resurgence. The US Department of Justice reopened its case against technology companies that provide encrypted communications technology that cannot easily be broken. The so-called "going dark" debate generally pits calls for backdoors into encrypted devices as a way to enforce laws and policy on citizenry. 

The most recent legislative battleground is the EARN IT Act, which Congress is currently considering and would allow a group of commissioners to set best practices for technology companies that provide Internet services, including — critics claim — requiring encryption backdoors. 

"Backdoors are a serious threat to the security that encryption offers, just as they were when the modern encryption debate started with the aftermath of the San Bernardino terrorist attack five years ago," said Michael Hayden, the former director of the Central Intelligence Agency and of the National Security Agency, earlier this month in a column for The Hill. "Proponents continue to pursue backdoors through legislation like the Earn It Act, despite the fact that such efforts will not achieve their intended aims, as many experts continue to point out."

The size of the largest gains — 45x in Turkey, 23x in Israel, and 15x in Hungary — is largely due to a small starting user base in those countries, but overall the trend indicates the greatest adoption occurred in countries that planned to use technology to undermine privacy, Wickr's Howell says. Russia, Italy, and South Korea are all among the top adopters, but also countries that adopted contact tracing that respects privacy less.

Some experts have warned that, as the United States did after 9/11, nations that undermine privacy for the promise of security are doing so unnecessarily. Yet, unlike after 9/11, when proposals to sift through citizens' data seemed to be the only option, this time there are two options that will likely serve tracing efforts equally well. 

Centrally managed contact tracing basically allows government to track the historical location of citizens to determine when two people are in the same location at the same time. Distributed contact tracing allows phones to exchange anonymous keys when they are close to one another for a given amount of time, and then only if one person is diagnosed with COVID-19 are the keys collected in a database that is then updated.

"If you look at just the fact that we have two major types of COVID tracing we are talking about, that is a win," Howell says. "We did not have that post-9/11. It was only after the Patriot Act that we looked at whether we needed to be collecting all the data we decided to collect."

Apple and Google have worked together to create a toolkit for the distributed form of contact tracing that other companies, government agencies, and health organizations can use as the basis of an application. Other countries, such as Taiwan and Germany, are developing privacy-preserving contact tracing.

Governments that choose to sacrifice citizens' privacy when tracking coronavirus infections should expect to face harsh questions after the pandemic ends, Wickr's Howell says.

"This puts more scrutiny on them because people can say, 'Hey, there is another option here,'" he says. "When governments do not talk about other solutions, it will cause people to question their motives."

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register
Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/3/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4035
PUBLISHED: 2020-06-03
In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally causing the app to...
CVE-2020-13783
PUBLISHED: 2020-06-03
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
CVE-2020-13784
PUBLISHED: 2020-06-03
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
CVE-2020-13785
PUBLISHED: 2020-06-03
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
CVE-2020-13786
PUBLISHED: 2020-06-03
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.