Recently, contact tracing apps have emerged to allow governments to track their citizens who are infected by COVID-19. However these contact-tracing apps are centralized, meaning that all of the data is stored in one place. This has, consequently, raised alarms for human rights activists because the data can easily be hacked. The government also has easy access to personal information, which is an illegal violation of privacy.
Several companies have volunteered to help create contact-tracing apps for the government. Perhaps most notably, Google and Apple, both of whom have a past of privacy concerns, have partnered and plan to use Bluetooth Low Energy technology to inform users who have been exposed to someone with COVID-19.
Jessica Davis, writer for HealthItSecurity, explained The American Civil Liberties Union and the Electronic Frontier Foundation released concerns revealing potential privacy and cybersecurity risks. Davis stated “Many of the proposed apps will rely on geo-location tracking, but this poses another issue with whether individuals understand the extent to which they’re giving the app an “almost uncomfortable degree of insight into their daily activities.” Furthermore, the ACLU claims that the app developers have not created an exit plan to delete data that has been created. Google and Apple have announced they have plans to disable service after the pandemic ends, but the general public in the U.S. are in disagreement. The University of Maryland and Washington Post found 3 in 5 Americans would be unwilling or unable to utilize the contact-tracing app. These contact-tracing apps have reached the political sphere; Congress has considered implementing plans to prevent the government using personal user data when the apps are in use.
National Healthcare Service, a publicly funded healthcare system has released a contact-tracing app that is currently in its “testing phase” on the Isle of Wight, England. Yet again, there has been mass distress against the launch of the contact-tracing app. Sharing data with health organizations and private companies may cause a number of legal problems and worries about the possible illegality. The Guardian explains “Given the nature of the data likely to be shared, the government will need to undertake a data protection impact assessment (DPIA) prior to the processing of any personal data,” it adds. “The results of that DPIA should be made public. Those steps may be in progress, but we are not aware of them having been completed thus far.”
In China, the possibility of the government taking advantage of contact-tracing apps is higher. In Wuhan, where the virus was first reported, the government requires an app for all citizens when they exit or enter the region. The app analyzes personal data, color coding the person in green, yellow, or red corresponding to their health status. Against the idea, Sophie Richardson, the China director at the Human Rights Watch, warns that this is another way the government can use surveillance to gather information and use it against individuals. According to ABC News “Users are first prompted to enter personal information, including their Chinese ID number, phone number, residential address, their place of work and where, when and how one entered the region, as well as the address of where they’re staying locally…” The government has implemented a strict policy- those who enter and exit public destinations must have QR scans.
In the cybercity of Bengaluru, India, a vigilante programmer by the name of Jay, managed to hack the “un-hackable” COVID-tracing app “Aarogya Setu”, much to the government’s dismay who had repeatedly claimed how secure and safe the application was. Jay managed to bypass the location and Bluetooth permissions, and it now permanently shows him as “safe” and in a “low-risk” region. He voiced his reasons for the hack, saying “I’m rebelling against the mandatory nature of this app. I don’t want to share my location 24/7 with the government. If I was coding this app, I would have chosen to keep data points to a minimum. If I have your location information for a month, I can gauge a lot of things about your life.”
French ethical hacker Robert Baptiste (who goes by Elliot Anderson on Twitter) had also criticised the security problems present on “Aarogya Setu”, which risks the privacy of millions of registered users. The MIT Technology Review gave it 2 out of 5 stars after analyzing COVID-tracing apps in 25 countries. They later downgraded the rating to 1 star out of 5 because the app collected more information than necessary for its function. A former Supreme Court judge, Justice B.N. Srikrishna, also expressed his discontent over the government’s mandate to push for its increased use; he openly called out the government, calling it’s actions “utterly illegal” and questioning “under what law” is its use being mandated. The national daily Economic Times pointed out the fine print in the app’s terms and conditions which states that the user "agrees and acknowledges that the Government of India will not be liable for … any unauthorised access to your information or modification thereof.”
Despite these piling concerns, in the 40 days since its launch, Aarogya Setu has had 100 million downloads. Much of them because of the government offices’ insistence that their employees be registered on it and check it every morning before commuting to work. On May 21, the Airports Authority of India had also issued a Standard Operating Procedure (SOP) stating that all departing passengers must compulsorily be registered with the Aarogya Setu app. They retracted their words a day later, clarifying that the app is “not mandatory for any passengers” at all, now. The Indian Ministry of Electronics and Information Technology on 26 May also released the source code of the app to “promote transparency.”What does such a chaotic reception mean for COVID-tracing apps? Moreover, what does their existence mean for government control over its citizens' personal information? Will this be the next great challenge we will face after the pandemic?
The central focus behind why, COVID-tracing apps are so problematic are due to privacy issues, data that is “required” for these apps hold a number privacy breaches that both the companies and government could access. The apps have already proven to be hackable but besides that, allow governments to view and abuse this data for their own personal use. An after use of these apps once COVID has ended could result in millions of civilians being targeted and tracked under constant surveillance. Acknowledgement is not enough, taking caution regarding our actions to these apps must be a priority.