Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
Neil Sweeney
Neil Sweeney
Connect Directly
E-Mail vvv

Using 'Data for Good' to Control the Pandemic

The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.

As governments around the world cope and contemplate how to deal with a once-in-a-lifetime health threat, serious questions are being raised about the role of technology in helping to prevent the spread of COVID-19. 

COVID-19 should be gone, but it's not. In fact, we are now awaiting a potential second wave of the pandemic. During this time, it is imperative that our leaders in government, industry, and technology take a closer look at what is and isn't working with COVID-19 tracing applications in order to put the necessary steps in place for more effective tracing before the next wave hits. 

This is a global problem. The current tracing applications are clearly not working throughout the world:

  • The United Kingdom's attempt to implement its tracing application was stopped due to mismanagement.
  • Norway bowed out after it discovered a data breach.
  • Other countries either don't have an application or have a disjointed program such as the United States, where one participant, North and South Dakota, used a former football tailgating application, turned COVID-19 tracer, to monitor the health of its citizens and then were "shocked" to find out that this application was selling user information out the backdoor

With countries attempting to address this individually, it should be no surprise that current contact-tracing practices aren't nearly as effective as they should be. In a global pandemic that has affected 195 countries, developing 195 unique apps — run by government bureaucrats with little to no experience in data, security, and consumer applications — creates an incomplete and inaccurate picture of their users. Who thought this approach was going to work?

Occam's razor suggests that the simplest solution is usually the best, and complicating things typically results in a less desirable remedy. So, why is it so complicated? Apple and Google's proposal, which put forward a shared Bluetooth protocol (BLE) to be used by one party in each country (or health organization), was an attempt to reduce the number of COVID-19 apps in each country while allowing governments to maintain health information on its citizens.

While on the surface, enabling governments seems like a good idea, it's not practical. This raises the question: Why haven't Apple, Google, and other tech companies partnered on building and distributing their own COVID-19 tracing application? First, the benefits. Clearly, many tech companies are experts in creating consumer-facing applications; a quick scan of your phone will prove this point. Additionally, with the Google Play and Apple store available around the world, a consumer application jointly built by industry leaders would have ubiquitous distribution virtually overnight. Lastly, as borders reopen, an application operated by the same entity would assist with the tracking of the virus across borders. But this is where things get dicey.

Tech companies would suggest that they should not be responsible for the creation and distribution of a universal application due to privacy concerns, but this falls short considering Apple, Google, and others collect reams of data on users (for example, via smart speakers)  to power lesser causes (such as advertising). Governments will also pound the table, arguing that they should be the only entity monitoring their citizens. Both of these arguments are feckless and are more political than progressive. This is where these companies have a chance to calm government concerns and use all of the data that they have been scrutinized for collecting over the years for something good. Politicians should also acknowledge that they are Luddites when it comes to technology and consumer products, and defer to the experts.  

This is a rare opportunity for tech leaders to change the narrative that often focuses on antitrust, misuse of data, and perpetual data collection. Turning the story on its head and using "data for good" would go a long way in helping to soften the opinion many in the Department of Justice and Congress think of "big tech." It will not be easy. The commentary will naturally focus on the misuse of data and human surveillance, but this is not a new topic for these firms. One could say that Apple, Google, and others currently do not have a universal tracing application because they did not want to draw more attention to their current data practices and instead would rather arm the government with the protocol and let them bear the brunt of the criticism — which is exactly what is happening. By offering a universal tracing application, big tech companies would be offering a reprieve for their chief executives to get off the hot seat. If they should oblige, I suspect many officials would jump at the opportunity. 

Irrespective of whether building or not building a COVID-19 tracing application was a conscious or unconscious decision, the opportunity for companies in the industry to save hundreds of thousands of lives should warrant them going all in. Here is how they can tackle the next wave and save the planet.  

  1. Create an advisory board of esteemed epistemologists, members of the World Health Organization, and privacy experts to comment on the integrity of the project. Bill Gates to chair.
  2. Continue to support the BLE protocol and provide to governments should they choose to monitor their own citizens and COVID-19.
  3. Apple and Google to co-create a universal application and offer this to a) any country that does not have a tracing application, b) does not feel comfortable with their current solution, or c) wants to pair its current application with this new product.
  4. Apple and Google share this de-identified information with the government and squash the "we don't want to collect private information" argument once and for all when they have been providing 10 times of the same info to the advertising community for years.

This won't be popular. It will dominate the headlines, and it will force CEOs to withstand enormous criticism. We are in a war against a pandemic that is a lot bigger than your next quarter or publicly managing an image. When in battle, leadership is a must. General MacArthur said, "A true leader has the confidence to stand alone, the courage to make tough decisions, and the compassion to listen to others' needs."

Here is hoping that big tech takes note. Millions of lives depend on it.

Related Content:



In May 2018, Neil launched Killi, the world's first consumer-facing mobile application that allows consumers to opt-in and control their data and monetize it should they choose.  Available to both Apple and Google users, as well as online, Killi is currently available in ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS Build 20210202 and later Q...
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...