Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
Neil Sweeney
Neil Sweeney
Connect Directly
E-Mail vvv

Using 'Data for Good' to Control the Pandemic

The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.

As governments around the world cope and contemplate how to deal with a once-in-a-lifetime health threat, serious questions are being raised about the role of technology in helping to prevent the spread of COVID-19. 

COVID-19 should be gone, but it's not. In fact, we are now awaiting a potential second wave of the pandemic. During this time, it is imperative that our leaders in government, industry, and technology take a closer look at what is and isn't working with COVID-19 tracing applications in order to put the necessary steps in place for more effective tracing before the next wave hits. 

This is a global problem. The current tracing applications are clearly not working throughout the world:

  • The United Kingdom's attempt to implement its tracing application was stopped due to mismanagement.
  • Norway bowed out after it discovered a data breach.
  • Other countries either don't have an application or have a disjointed program such as the United States, where one participant, North and South Dakota, used a former football tailgating application, turned COVID-19 tracer, to monitor the health of its citizens and then were "shocked" to find out that this application was selling user information out the backdoor

With countries attempting to address this individually, it should be no surprise that current contact-tracing practices aren't nearly as effective as they should be. In a global pandemic that has affected 195 countries, developing 195 unique apps — run by government bureaucrats with little to no experience in data, security, and consumer applications — creates an incomplete and inaccurate picture of their users. Who thought this approach was going to work?

Occam's razor suggests that the simplest solution is usually the best, and complicating things typically results in a less desirable remedy. So, why is it so complicated? Apple and Google's proposal, which put forward a shared Bluetooth protocol (BLE) to be used by one party in each country (or health organization), was an attempt to reduce the number of COVID-19 apps in each country while allowing governments to maintain health information on its citizens.

While on the surface, enabling governments seems like a good idea, it's not practical. This raises the question: Why haven't Apple, Google, and other tech companies partnered on building and distributing their own COVID-19 tracing application? First, the benefits. Clearly, many tech companies are experts in creating consumer-facing applications; a quick scan of your phone will prove this point. Additionally, with the Google Play and Apple store available around the world, a consumer application jointly built by industry leaders would have ubiquitous distribution virtually overnight. Lastly, as borders reopen, an application operated by the same entity would assist with the tracking of the virus across borders. But this is where things get dicey.

Tech companies would suggest that they should not be responsible for the creation and distribution of a universal application due to privacy concerns, but this falls short considering Apple, Google, and others collect reams of data on users (for example, via smart speakers)  to power lesser causes (such as advertising). Governments will also pound the table, arguing that they should be the only entity monitoring their citizens. Both of these arguments are feckless and are more political than progressive. This is where these companies have a chance to calm government concerns and use all of the data that they have been scrutinized for collecting over the years for something good. Politicians should also acknowledge that they are Luddites when it comes to technology and consumer products, and defer to the experts.  

This is a rare opportunity for tech leaders to change the narrative that often focuses on antitrust, misuse of data, and perpetual data collection. Turning the story on its head and using "data for good" would go a long way in helping to soften the opinion many in the Department of Justice and Congress think of "big tech." It will not be easy. The commentary will naturally focus on the misuse of data and human surveillance, but this is not a new topic for these firms. One could say that Apple, Google, and others currently do not have a universal tracing application because they did not want to draw more attention to their current data practices and instead would rather arm the government with the protocol and let them bear the brunt of the criticism — which is exactly what is happening. By offering a universal tracing application, big tech companies would be offering a reprieve for their chief executives to get off the hot seat. If they should oblige, I suspect many officials would jump at the opportunity. 

Irrespective of whether building or not building a COVID-19 tracing application was a conscious or unconscious decision, the opportunity for companies in the industry to save hundreds of thousands of lives should warrant them going all in. Here is how they can tackle the next wave and save the planet.  

  1. Create an advisory board of esteemed epistemologists, members of the World Health Organization, and privacy experts to comment on the integrity of the project. Bill Gates to chair.
  2. Continue to support the BLE protocol and provide to governments should they choose to monitor their own citizens and COVID-19.
  3. Apple and Google to co-create a universal application and offer this to a) any country that does not have a tracing application, b) does not feel comfortable with their current solution, or c) wants to pair its current application with this new product.
  4. Apple and Google share this de-identified information with the government and squash the "we don't want to collect private information" argument once and for all when they have been providing 10 times of the same info to the advertising community for years.

This won't be popular. It will dominate the headlines, and it will force CEOs to withstand enormous criticism. We are in a war against a pandemic that is a lot bigger than your next quarter or publicly managing an image. When in battle, leadership is a must. General MacArthur said, "A true leader has the confidence to stand alone, the courage to make tough decisions, and the compassion to listen to others' needs."

Here is hoping that big tech takes note. Millions of lives depend on it.

Related Content:



In May 2018, Neil launched Killi, the world's first consumer-facing mobile application that allows consumers to opt-in and control their data and monetize it should they choose.  Available to both Apple and Google users, as well as online, Killi is currently available in ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-20
The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction...
PUBLISHED: 2020-10-20
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking ...
PUBLISHED: 2020-10-20
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.
PUBLISHED: 2020-10-20
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
PUBLISHED: 2020-10-20
Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a ...