Contact-Tracing Apps: Privacy Group Raises ConcernsAs Google and Apple Prepare an Infrastructure, Electronic Frontier Foundation Urges Caution
As Google and Apple prepare to offer a jointly developed infrastructure for contact-tracing smartphone apps to help fight the COVID-19 pandemic, the Electronic Frontier Foundation, a privacy advocacy group, is raising concerns about the risks involved.
In a report released this week, Bennett Cyphers and Gennie Gebhart, two technology researchers at EFF, note that some of the components of the system Google and Apple is developing to support contact-tracing apps are susceptible to hacking, which could lead cybercriminals to harvest data meant for healthcare officials and also open the door to surveillance.
The EFF researchers say that many of the privacy concerns raised by contact-tracing apps remain unresolved. And Cyphers and Gebhart believe that these apps need to be retired after the current healthcare crisis passes to avoid abuse.
"The truth is, nobody really knows how effective proximity tracking apps will be. Further, we need to weigh the potential benefits against the very real risks to privacy and security," the researchers write in their report.
The EFF report comes as Google and Apple are preparing to release early versions of the jointly developed contact-tracing infrastructure to app developers for testing, Reuters reports.
Contact-tracing apps are meant to help augment the manual process of tracking individuals who have tested positive for COVID-19 by attempting to notify everyone with whom an individual may have come into contact since they were infected. Through these apps, users could also self-report symptoms and seek medical advice.
The use of these apps, as well as the role technology companies are playing in developing them, has raised a host of security and privacy concerns (see: Contact-Tracing App Privacy: Apple, Google Refuse to Budge).
Use of RPIDs
Google and Apple are developing APIs that will allow Android smartphones and iPhones to use Bluetooth signal strength as a way to estimate the distance between two devices.
The smartphones would generate a private exposure key each day that would then be used to generate random identification numbers called rolling proximity identifiers, or RPIDs, that would be transmitted to nearby devices at regular intervals, according to the EFF report.
The security issue with this approach, according to the EFF researchers, is that it's difficult to verify if a device sending an RPID is actually the one that generated it. This could enable hackers to collect this data and then rebroadcast it as data coming from a legitimate source.
"Anyone who passes by a 'bad' beacon would log the RPIDs of everyone else who was near any one of the beacons," the EFF report states. "This would lead to a lot of false positives, which might undermine public trust in proximity-tracing apps - or worse, in the public health system as a whole."
The EFF also warns that a "well-funded" adversary could use a Bluetooth beacon set up in a public place to gather RPID signals from various targets and then use that data to create profiles of individuals' routines by linking various RPID signals together.
"This can create a map of the user's daily routine, including where they work, live, and spend time," the report notes. "Such maps are highly unique to each person, so they could be used to identify the person behind the uploaded diagnosis key."
Apple and Google did not immediately reply to a request for comment on the EFF's concerns.
A Decentralized Approach
Google and Apple are taking a "decentralized approach," which avoids collecting data in a central location, such as a government database.
Some nations, including Australia, France, Singapore and the U.K. - as well as several U.S. states - back a centralized approach. This would enable governments to track individuals, including their location, as well as who they came into contact with and for how long. But other nations, including Germany, plan to follow a decentralized approach, citing privacy concerns.
"Apple and Google's tech would be largely decentralized, keeping most of the data on users' phones and away from central databases," according to the EFF report. "This kind of app has some unavoidable privacy tradeoffs ... and Apple and Google could do more to prevent privacy leaks. Still, their model is engineered to reduce the privacy risks of Bluetooth proximity tracking, and it's preferable to other strategies that depend on a central server."
The EFF researchers also assert: "Developers shouldn't share any data over the internet beyond what is absolutely necessary: just uploading diagnosis keys when an infected user chooses to do so."
They also urge developers to create contact-tracing apps that allow users to opt out of sharing data at any time, provide an easy-to-understand list about what data is collected and why, and not burden these apps with unnecessary features.
Important Role to Play?
While privacy groups are urging caution in adopting contact-tracing apps, others see them as urgently needed and useful tools.
Tom Pendergast, the chief learning officer at security training firm MediaPRO, believes that these contact-tracing apps are one of the only ways to successfully track COVID-19 successfully.
"I'm optimistic that people will understand that widespread data collection via contact tracing may be the only path back to normality," Pendergast tells Information Security Media Group. "I'm encouraged that Apple is involved, because of their longstanding commitment to privacy, and I do believe that Google is capable of upholding similar commitments."
Managing Editor Scott Ferguson contributed to this report.