How ‘Corona Apps’ Threaten Our Privacy

Surveillance apps might help contain coronavirus. But they are prone to inaccuracy and can create a false sense of security.

By
9

“Corona apps” are coming to Europe, to help governments in “trace and track” efforts to manage their coronavirus response. Tracking apps were already widespread in some
Asian countries before the now but privacy rights have largely discouraged their adoption in the West. 

Even in the face of a global pandemic, we shouldn’t rush to discard those privacy rights.

“Stopp Corona” was developed by the Austria Red Cross, and has the aim of reducing the time between the discovery of symptoms and the notification of social contacts. The app allows itself to “digitally handshake” people you interact with, and notifies those people if you happen to present symptoms, requesting them to self-isolate. The app now has more than 200,000 downloads, with growing popularity.

“Experts tell me: If the app obligation is limited in time and provided with a sunset clause, this is compatible with the EU data protection regulation and the constitution.” Those were the words of Austria’s parliament chairman Wolfgang Sobotka in an interview, when asked whether so-called corona apps should be made mandatory.  He also believes that the movements of those who have not installed the app should be limited.

The Austrian digital rights advocacy group Epicenter.works doubts the efficacy of the Red Cross app, as it remains unclear which proximity would trigger a social handshake, and whether it would also work through walls. Adding to that, the app does not register the length of interactions, making it possible that harmless interactions like walking past someone will trigger a notification to isolate yourself. Epicenter.works cautions apps could create false sense of security, implying that healthy people would end up isolating while infected people would continue to go outside. The group also notes that the app requires access to users’ cell phone microphones.

Austrian Chancellor Sebastian Kurz seems to recognize that neither the Red Cross app nor any alternatives investigated by Vienna are in line with a constitutional vision of data privacy. He says:

It is a trade-off: What is more important to us? Data protection or that people can return to normal? Data protection or saving lives? Everything is based on voluntary action—until there is a vaccination we will have to continue to find measures.

Everyone wants things to return to normal, but it’s disingenuous to suggest that the only alternatives to data privacy is more deaths or unending lockdown. Tracking apps make it possible to identify individuals merely by power of deduction (you going home regularly establishes the pattern that YOU live there). After the European Union had requested anonymized data from telecommunications operators, the Dutch privacy regulator said that anonymizing this data is not possible. The European Data Protection Supervisor (EDPS) agrees.

Just last summer, Belgian researchers released a study that proves that in apps, data can never be completely anonymous, and de-identified data can easily be re-assembled. They concluded that data anonymization was not enough to comply with the EU’s strict GDPR (General Data Protection Regulation) rules. The latter rulebook was implemented recently, in an effort to make Europe free from misuse of data, for instance by social media networks.

It becomes clearer to European experts that it is awfully difficult to allow for corona apps that are compliant with GDPR. But with public support mounting, governments will feel enabled to act above established rules. A survey published by the Irish Computer Society shows that 87 percent of the Irish public is willing to share personal data. Now Germany, Norway, the Czech Republic, and Belgium are all working on their own apps that could track virus infections. Whether or not these comply with the rules, the responsible EU Commissioner Thierry Breton still doesn’t seem to know.

Let’s just hope that no European governments will come near the surveillance apparatus that South Korea has established. A “Coronamap” shows the movement of COVID-19 patients, and health authorities have access to everything from credit card information to CCTV camera footage. The government informs citizens about nearby cases via text messages, and reveals very sensitive information about citizens.

One stark example: A man in his 30s was humiliated online for visiting prostitutes, when in fact he was dining in a restaurant close to an area known for prostitution. After the man’s name had been publicly dragged through the mud, health officials blamed the mistake on a “technical glitch.” Note that the ability to know the man’s whereabouts before he displayed of his symptoms means that all movements are constantly being tracked. 

It is also striking how dramatically the debate on personal privacy has shifted. There was a brief time when the bulk collection of data (even if merely meta-data) was a scandal, and when the presence of CCTV cameras was subject to public debate. Under COVID-19, people seem all so willing to surrender personal privacy in the interest of a feeling of personal safety, without much evidence that their data is treated with care or that the measures are even effective. As a result, fundamental rights will come out of this crisis in a worse shape than they have ever been.

Photograph by Catherine Lai/AFP via Getty Images.

9
By
Comments (9)
Join The Dispatch to participate in the comments.
 
  1. PM

    We should quarantine the COVID-19 positive. I don't have an issue with an ankle bracelet or similar technology measure for the time that the person is contagious.

    Your ISP knows where your device is. It hasn't stopped law enforcement and other government agencies in the past. It's easier with one person or a few. As so many have been infected, that's a larger question.

    Collapse
  2. Avatar photo
    DougCLE

    If anyone is interested, minutephysics has a good video on how "anonymous" data can be tracked back to individuals, and what steps can be taken to prevent that. Its target is actually census data - it was done in collaboration with the U.S. Census Bureau - but the concepts apply universally:

    https://www.youtube.com/watch?v=pT19VwBAqKA

    Collapse
    1. Avatar photo
      Moshow

      Love Minutepyhysics great channel.

      I would also highly recommend CGPGrey. Another great channel with really good videos on voting systems, and other government civics. Very nonpartisan so no worry on thinking it’s bias.

      Collapse
      1. Avatar photo
        DougCLE

        Only problem with CGP is I've already watched all his stuff, and he doesn't put it out fast enough for my liking. And "Rules for Rulers" is my favorite one.

        Collapse
      2. Avatar photo
        Moshow

        I would specifically advise this video as well. “The Rules of Rulers” Starting to see some concerning actions being done within our government. One person putting all of their Key people in place.

        https://youtu.be/rStL7niR7gs

        Collapse
  3. Avatar photo
    Moshow

    Let’s start with understanding that we are already being tracked. The cats out of the bag on this one. What I think the issue is that people seem to be ok, either through ignorance or naïvety, that is is privatized. Are we totally ok with having private companies and not just supergiant tech companies of Google, Apple, Amazon, etc. but also credit card companies, most stores like Target, Lowe’s, Walmart and Car companies with GPS built into cars to have all of our information. Cause we are allowing them by using their products. Clicking Yes to the “I agree to the terms and agreements” They all are tracking you. Everyone jokes about how they look to buy something from a store’s website and it then shows up on a Facebook add or Google or YouTube. Even happens with the Dispatch. The day after I got my membership, my wife started to get adds for the Dispatch on her Facebook newsfeed. Do I think the dispatch was a fault, no. But I know that because we live in the modern age with the internet, information gets passed around.

    What it sounds like we are not ok with is the government tracking us. You can call this a conspiracy theory but I think the government is tracking a lot more people then what the public wants to know about. I mean we have a private company that has a pretty up to date, surveillance system called Google Maps. We also spend $750 Billion on our military. How much do you think goes to surveillance? The same people who don’t want to be tracked are giving the Government who can track us the means to do it.

    Collapse
    1. Avatar photo
      DougCLE

      Can someone please explain to me, then, why I always get ads for women's clothing and underwear? Like, a lot of them, all the time.
      And no, before you say it, it's not that. If it were that, I would get a completely different sort of advertisement, with a completely different sort of, uh, accoutrements.

      Collapse
      1. Avatar photo
        Francesca

        TMI

        Collapse
        1. Avatar photo
          DougCLE

          IKR? But funny.

          Collapse