Many countries are looking at contact-tracing apps to help limit the spread of Covid-19 – but privacy advocates are wondering what the consequences will be.
Centralised or decentralised? That is the question. Or at least it is for anyone keeping a close eye on the rapidly evolving development of contact-tracing apps.
With confirmed Covid-19 cases passing 3m worldwide at the time of writing, global efforts to contain and trace the spread of the coronavirus led many to suggest that one solution may lie in our pockets – in the form of smartphones.
With billions of devices across the world, it could be possible to identify when one person comes in close contact with another on a given day based off Bluetooth ‘handshakes’ from their devices. If an app used this data in combination with Covid-19 case reporting, it could alert someone if they may have been exposed to the virus and could help health authorities to track the spread.
No clear picture
While seemingly a good idea, using data in this way creates a privacy headache and no one has yet agreed on the solution. The simplest argument boils down to whether it’s best to deploy an app with a centralised database that the HSE or other health authorities could control, or a decentralised approach where the phone holds the data.
Ireland appears likely to take the decentralised approach, popularised by a joint effort between Silicon Valley rivals Apple and Google. The two companies released the first versions of their Covid-19 exposure-notification tools to public health authorities this week, ahead of a system launch in mid-May.
With a decentralised system, data is stored on the user’s device rather than being sent to a centralised server. The contact-tracing model uses anonymised ID data relating to devices and not personal information. This means the HSE or other health authorities won’t be able to identify who gets an alert, unless a user decides to disclose that information.
NearForm, the Waterford-based company developing the Irish app, has not disclosed any concrete details, but the HSE has said that it plans to launch a pilot version this month.
Across Europe, countries have been split over their approaches to contact-tracing apps. This week, Germany said it plans to adopt the contact-tracing solution proposed by Apple and Google, despite originally backing a centralised standard. In that instance, it was reported that the country’s pivot was caused by Apple’s refusal to budge on changing iOS settings for a centralised app.
“Here, have this free GCHQ app on your phone! It will log everyone you meet and keep your data in a safe central GCHQ approved store.”https://t.co/eneIPJDjkL
— Silkie Carlo (@silkiecarlo) April 27, 2020
Centralised could work, but not now
Despite the EU’s call for a single approach to contact-tracing apps, there seems little cohesion among the biggest nations. While Germany is taking the Apple-Google route, France and the UK are opting for centralised servers.
In Australia, things are further complicated by the fact it is using a hybrid of centralised and decentralised systems, based on the TraceTogether app that was developed in Singapore. This means it uses Bluetooth handshakes stored on a user’s device and on a centralised server to record data. The TraceTogether app has been made open source, allowing privacy experts to pick through it and discover any potential red flags.
Although many have suggested that a decentralised approach may be more secure in terms of data privacy, it isn’t the only solution. According to Dr Paolo Palmieri, a cybersecurity researcher at University College Cork (UCC), a concept called homomorphic encryption would allow data to be secured on a centralised server.
“The server doesn’t have the ability to decrypt the data, but it can do some computation on it,” he said. “But … I haven’t seen anybody proposing to use it in contact-tracing apps because it’s not at a level yet in which you can have quick deployment of the solution and used by millions of people.”
‘A grave intrusion’
The European Data Protection Board (EDPR) recently published a document with guidelines for anyone developing contact-tracing tools for Covid-19. This warned of the dangers of thinking that location data can be unequivocally anonymised, and said that large-scale monitoring of people would be “a grave intrusion into their privacy”.
After all, despite what we might think about the concept of six degrees of separation, research has shown that only four location pings on a map are enough to pinpoint where 95pc of us live.
Closer to home, the Irish Council on Civil Liberties (ICCL) issued a plea to the HSE and the Department of Health calling for a decentralised approach and to follow the EDPR guidelines that call for making an app’s source code available for public scrutiny.
One of the signatories on that appeal was Barry O’Sullivan, a professor of computer science at UCC, director of SFI’s Centre for Research Training in AI and a leading authority on AI in Europe.
Speaking with Siliconrepublic.com, he said: “We need to be careful about how we allow technology to be used in times of crisis like they are now. Because it’s very easy to be convinced by the argument that in order to fight situations like this, we must sacrifice certain things.
“I’m not aware of any hard evidence that suggests that we need to give up our data privacy and our autonomy.”
Margrethe Vestager, who doesn’t shy away from a fight with tech companies, finds it encouraging that @Google and @Apple think about *decentralized* contact tracing #DP3T https://t.co/7t0oTSsZ0j pic.twitter.com/95Gxdqb3Ox
— Marcel Salathé (@marcelsalathe) April 30, 2020
A numbers game
As the ICCL pointed out, for an app to work as intended, Ireland and the rest of the world need to get it right first time. One small slip-up or mistake that lays even the smallest seed of doubt might be enough to scupper the entire project.
That’s because contact tracing is fundamentally a numbers game. If not enough people use the app because they fear their data may be misused – whether through a data breach or legal matter – the contact tracing will not been effective.
While no definitive figure has been agreed upon, it has been estimated that at least 60pc of a country’s population need to use the app for it to be effective. In Singapore, the uptake is as little as 17pc. In Australia, the country’s prime minister said that movement restrictions could be eased if 40pc of the country downloaded the app.
Another potential issue is that while the world may heavily rely on two operating systems – Google’s Android and Apple’s iOS – billions of older phones might not be able to actually run the solution that these companies are about to roll out.
Just as there are many questions to be answered about Covid-19 itself, Palmieri said there are still a lot of uncertainties surrounding contact-tracing apps and data privacy.
“I think overall what’s important is that there is a lot of goodwill on everybody’s side. Everybody understands this is extraordinary and there is a need to cooperate to some degree and there is some openness at looking at solutions.
“I think we will have a massive privacy headache down the line no matter what we do.”