Concerns regarding “solutions” to the current COVID-19 pandemic, including contact tracing apps, have been raised with some resolutions offered by global scientists and researchers.
In a joint statement on contact tracing signed by over 300 professors and academics from around the world, it was stated that “contact tracing is a well-understood tool to tackle epidemics, and has traditionally been done manually” but “manual contact tracing is time-consuming and is limited to people who can be identified.”
Whilst the academics acknowledged that contact tracing apps on a personal smartphones may improve the effectiveness of the manual contact tracing technique, and allow a person who has been infected to be notified, they argued that “we need to ensure that those implemented preserve the privacy of users, thus safeguarding against many other issues,” noting that such apps can otherwise be repurposed to enable unwarranted discrimination and surveillance.
The concerns center around where the GPS data is stored, as the academics said it was vital that “we do not create a tool that enables large scale data collection, either now or at a later time,” and apps “which allow reconstructing invasive information about the population should be rejected without further discussion.”
The use of a highly decentralized system, with no distinct entity that can learn anything about the social graph, was encouraged, particularly where matching between users who have the disease and those who do not is performed on the non-infected users’ phones as anonymously as possible, whilst information about non-infected users is not revealed at all.
The academics applauded efforts by Google and Apple to develop infrastructure to enable required Bluetooth operations in a privacy protective manner “as it simplifies — and thus speeds up — the ability to develop such apps.”
The statement follows an announcement by the European Parliament on April 17 to approve the creation of a decentralized approach. The European Commission recommended developing “a common EU approach for the use of such applications” and pointed that any use of “applications developed by national and EU authorities may not be obligatory and that the generated data are not to be stored in centralized databases, which are prone to potential risk of abuse and loss of trust and may endanger uptake throughout the Union.”
A group of European privacy experts proposed a decentralized system for Bluetooth-based COVID-19 contact tracing, named Decentralized Privacy-Preserving Proximity Tracing (DP-PPT), last week, while Italy and the UK have both detailed plans for contact tracing apps this month.
The academics claimed that there “are a number of proposals for contact tracing methods which respect users' privacy, many of which are being actively investigated for deployment by different countries,” and it urged all countries to rely only on systems that are subject to public scrutiny and that are privacy preserving by design (instead of there being an expectation that they will be managed by a trustworthy party).