Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

06:00 AM

Centralized Contact Tracing Raises Concerns Among Privacy-Conscious Citizens

The long debate over whether encryption and anonymity shield too much criminal behavior also has staged a resurgence.

Nations whose governments pursue a centralized model of contact tracing are more likely to see a massive surge in citizens adopting privacy-enhancing technologies — in some cases by a factor of 10x or more, according to messaging security firm Wickr.

In an analysis of its user base, Wickr found that countries such as Turkey, Israel, and Hungary, which have all taken a centralized approach to contact tracing, have seen massive increases in private-messaging adoption by a factor of 15x or more. Even in European nations that have more privacy-centric regulations, adoption of secure messaging has grown faster in countries moving to adopt a centralized approach, such as the United Kingdom and France, versus those that have committed to distributed contact tracing technology, such as Germany, Wickr's analysis states.

The result suggests that the move to more rigorous surveillance of the coronavirus's spread has caused concerns among tech-savvy and privacy-conscious citizens, says Chris Howell, co-founder and chief technology officer of Wickr. 

"The COVID contact-tracing trend points to the general climate around privacy," he says. "If businesses or citizens believe the government is looking at gobbling up all the data, there is going to be a more angst. In those regions, you are going to have people that fear that overreach and turn to technology for privacy."

The data from Wickr reinforces the idea that, as governments increase surveillance powers, citizens are more prone to adopt technology that can help keep their communications private. The report is neither a scientific study nor does it suggest that citizens' privacy concerns with coronavirus contact tracing are driving adoption. However, the report does come as governments worldwide struggle to find ways to keep their populations safe from coronavirus. 

In addition, the long-simmering debate over whether encryption and anonymity shield too much criminal behavior has staged a resurgence. The US Department of Justice reopened its case against technology companies that provide encrypted communications technology that cannot easily be broken. The so-called "going dark" debate generally pits calls for backdoors into encrypted devices as a way to enforce laws and policy on citizenry. 

The most recent legislative battleground is the EARN IT Act, which Congress is currently considering and would allow a group of commissioners to set best practices for technology companies that provide Internet services, including — critics claim — requiring encryption backdoors. 

"Backdoors are a serious threat to the security that encryption offers, just as they were when the modern encryption debate started with the aftermath of the San Bernardino terrorist attack five years ago," said Michael Hayden, the former director of the Central Intelligence Agency and of the National Security Agency, earlier this month in a column for The Hill. "Proponents continue to pursue backdoors through legislation like the Earn It Act, despite the fact that such efforts will not achieve their intended aims, as many experts continue to point out."

The size of the largest gains — 45x in Turkey, 23x in Israel, and 15x in Hungary — is largely due to a small starting user base in those countries, but overall the trend indicates the greatest adoption occurred in countries that planned to use technology to undermine privacy, Wickr's Howell says. Russia, Italy, and South Korea are all among the top adopters, but also countries that adopted contact tracing that respects privacy less.

Some experts have warned that, as the United States did after 9/11, nations that undermine privacy for the promise of security are doing so unnecessarily. Yet, unlike after 9/11, when proposals to sift through citizens' data seemed to be the only option, this time there are two options that will likely serve tracing efforts equally well. 

Centrally managed contact tracing basically allows government to track the historical location of citizens to determine when two people are in the same location at the same time. Distributed contact tracing allows phones to exchange anonymous keys when they are close to one another for a given amount of time, and then only if one person is diagnosed with COVID-19 are the keys collected in a database that is then updated.

"If you look at just the fact that we have two major types of COVID tracing we are talking about, that is a win," Howell says. "We did not have that post-9/11. It was only after the Patriot Act that we looked at whether we needed to be collecting all the data we decided to collect."

Apple and Google have worked together to create a toolkit for the distributed form of contact tracing that other companies, government agencies, and health organizations can use as the basis of an application. Other countries, such as Taiwan and Germany, are developing privacy-preserving contact tracing.

Governments that choose to sacrifice citizens' privacy when tracking coronavirus infections should expect to face harsh questions after the pandemic ends, Wickr's Howell says.

"This puts more scrutiny on them because people can say, 'Hey, there is another option here,'" he says. "When governments do not talk about other solutions, it will cause people to question their motives."

Related Content:

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register
Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory ...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sam...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety r...