Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
Neil Sweeney
Neil Sweeney
Connect Directly
E-Mail vvv

Using 'Data for Good' to Control the Pandemic

The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.

As governments around the world cope and contemplate how to deal with a once-in-a-lifetime health threat, serious questions are being raised about the role of technology in helping to prevent the spread of COVID-19. 

COVID-19 should be gone, but it's not. In fact, we are now awaiting a potential second wave of the pandemic. During this time, it is imperative that our leaders in government, industry, and technology take a closer look at what is and isn't working with COVID-19 tracing applications in order to put the necessary steps in place for more effective tracing before the next wave hits. 

This is a global problem. The current tracing applications are clearly not working throughout the world:

  • The United Kingdom's attempt to implement its tracing application was stopped due to mismanagement.
  • Norway bowed out after it discovered a data breach.
  • Other countries either don't have an application or have a disjointed program such as the United States, where one participant, North and South Dakota, used a former football tailgating application, turned COVID-19 tracer, to monitor the health of its citizens and then were "shocked" to find out that this application was selling user information out the backdoor

With countries attempting to address this individually, it should be no surprise that current contact-tracing practices aren't nearly as effective as they should be. In a global pandemic that has affected 195 countries, developing 195 unique apps — run by government bureaucrats with little to no experience in data, security, and consumer applications — creates an incomplete and inaccurate picture of their users. Who thought this approach was going to work?

Occam's razor suggests that the simplest solution is usually the best, and complicating things typically results in a less desirable remedy. So, why is it so complicated? Apple and Google's proposal, which put forward a shared Bluetooth protocol (BLE) to be used by one party in each country (or health organization), was an attempt to reduce the number of COVID-19 apps in each country while allowing governments to maintain health information on its citizens.

While on the surface, enabling governments seems like a good idea, it's not practical. This raises the question: Why haven't Apple, Google, and other tech companies partnered on building and distributing their own COVID-19 tracing application? First, the benefits. Clearly, many tech companies are experts in creating consumer-facing applications; a quick scan of your phone will prove this point. Additionally, with the Google Play and Apple store available around the world, a consumer application jointly built by industry leaders would have ubiquitous distribution virtually overnight. Lastly, as borders reopen, an application operated by the same entity would assist with the tracking of the virus across borders. But this is where things get dicey.

Tech companies would suggest that they should not be responsible for the creation and distribution of a universal application due to privacy concerns, but this falls short considering Apple, Google, and others collect reams of data on users (for example, via smart speakers)  to power lesser causes (such as advertising). Governments will also pound the table, arguing that they should be the only entity monitoring their citizens. Both of these arguments are feckless and are more political than progressive. This is where these companies have a chance to calm government concerns and use all of the data that they have been scrutinized for collecting over the years for something good. Politicians should also acknowledge that they are Luddites when it comes to technology and consumer products, and defer to the experts.  

This is a rare opportunity for tech leaders to change the narrative that often focuses on antitrust, misuse of data, and perpetual data collection. Turning the story on its head and using "data for good" would go a long way in helping to soften the opinion many in the Department of Justice and Congress think of "big tech." It will not be easy. The commentary will naturally focus on the misuse of data and human surveillance, but this is not a new topic for these firms. One could say that Apple, Google, and others currently do not have a universal tracing application because they did not want to draw more attention to their current data practices and instead would rather arm the government with the protocol and let them bear the brunt of the criticism — which is exactly what is happening. By offering a universal tracing application, big tech companies would be offering a reprieve for their chief executives to get off the hot seat. If they should oblige, I suspect many officials would jump at the opportunity. 

Irrespective of whether building or not building a COVID-19 tracing application was a conscious or unconscious decision, the opportunity for companies in the industry to save hundreds of thousands of lives should warrant them going all in. Here is how they can tackle the next wave and save the planet.  

  1. Create an advisory board of esteemed epistemologists, members of the World Health Organization, and privacy experts to comment on the integrity of the project. Bill Gates to chair.
  2. Continue to support the BLE protocol and provide to governments should they choose to monitor their own citizens and COVID-19.
  3. Apple and Google to co-create a universal application and offer this to a) any country that does not have a tracing application, b) does not feel comfortable with their current solution, or c) wants to pair its current application with this new product.
  4. Apple and Google share this de-identified information with the government and squash the "we don't want to collect private information" argument once and for all when they have been providing 10 times of the same info to the advertising community for years.

This won't be popular. It will dominate the headlines, and it will force CEOs to withstand enormous criticism. We are in a war against a pandemic that is a lot bigger than your next quarter or publicly managing an image. When in battle, leadership is a must. General MacArthur said, "A true leader has the confidence to stand alone, the courage to make tough decisions, and the compassion to listen to others' needs."

Here is hoping that big tech takes note. Millions of lives depend on it.

Related Content:



In May 2018, Neil launched Killi, the world's first consumer-facing mobile application that allows consumers to opt-in and control their data and monetize it should they choose.  Available to both Apple and Google users, as well as online, Killi is currently available in ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Google Cloud Debuts Threat-Detection Service
Robert Lemos, Contributing Writer,  9/23/2020
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
Kelly Sheridan, Staff Editor, Dark Reading,  9/23/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-27
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even witho...
PUBLISHED: 2020-09-27
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an uploa...
PUBLISHED: 2020-09-27
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> ...