So what would entice you to install/enable a covid-19 App?

So what would entice you to install/enable a covid-19 App?

In the UK, where they’ve developed their own centralised App, (see what .ico says) it is expected that people will download the App in the name of ‘civic duty’. Sounds very British 😉

Apparently the Australians have also developed their own App, and I’d be surprised if ‘civic duty’ would motivate Australian citizens 😉

However, the one developed to be installed as a default on the Apple and Google phone, a decentralised version, could trigger the user to enable so that they can detect if they are in the proximity of an individual who could have covid-19, i.e. they’ve been in the proximity themselves with a covid-19, on one who has developed symptoms.

You know I wouldn’t be surprised if UK citizens did actually install on the basis mentioned above, to have a ‘civic duty’ is a key British value 🙂

What will motivate most outside of the UK though would be the idea that they can -as much as is doable- continue a normal life, and minimise the risk of becoming one of the statistics for covid-19.

Mentioned above are 2 models, centralised and de-centralised. In the centralised model the phone sends data to a government authority which will be compiling stats to understand the spread of the virus. It is claimed that no personal data is collected, i.e. it is anonymised. In the latter model the data stays on the phone.

The centralised model is only privacy friendly, if the data sent is truly anonymised, which I am sceptical over. At least at this stage, even if the intentions are true, I have yet to see a process which can really anonymise data, i.e. there is in fact, to my knowledge, no industry standard on the anonymisation process, which is mulitple steps of: de-identification, masking, obscurification, etc., to make it impossible to revert back. In fact it will always be possible to revert back unless the keys used for each step are securely disposed.

When I ask myself if I would install/enable the App? For covid-19, probably not. I live on an island, and there’s no bridge to the mainland. I don’t consider myself to be a risk group. However, if I were a risk-group, I would enable the Apple App, the privacy friendly one. Although who knows my ‘civic duty’ could jump in (as a British ex-pat) if the pandemic fatality rate was much higher and a sense of panic sets in.

Covid-19, a rehearsal for the real horror? and privacy concerns

The use of tracking technologies to collect data on the spread of covid-19 has triggered a lot of discussions concerning the privacy invasions of such practices, one which I got involved in was the installation as a default a tracking App on both Apple and Android devices, which needed to be switched on by the user in order for the tracking to work.

My take on this as a privacy guy, is that nothing privacy invasive should be installed as a default. The general fear is that what is installed as a default can be enabled as a default, take a look at China.

Thinking about it, we are truly lucky in that covid-19 is not an Ebola. We are getting the chance to rehearse in preparation for the real thing which will happen one day, and I’m hoping not in my lifetime. I think of Stephen King’s book The Stand, and what we see happening with deaths in old peoples homes, whereby they have been forgotten (almost) mirrors the horrors in this book. The horrors reflect the ‘Black Plague/Death‘ people dying in their homes, there is no hope. Fatality was 80%.

Together with a right to privacy are the associated dilemmas. It is clear to us all, although we may not think consciously about it that we want privacy for ourself, but not for others. A basic dilemma which makes privacy per se difficult on a basic human values level. This is reflected in the argument on privacy and the use of a tracking App. We don’t want any government authority -something we feel is the faceless George Orwell figure- tracking our movements. Yet we don’t want to die, and we don’t want our loved ones to die.

In fact the GDPR takes cares of these dilemmas by inserting clauses which enables government authorities in the name of public safety to take measures, also the use of extraordinary circumstances come into effect. In fact even if these Apps are not installed as a default today, they could arguably be pushed out at any time without our consent in the name of public safety. Privacy International has quite a lot on this subject by different countries.

Did you know that many of the international laws on wiretapping date back to a series of seminars hosted by the FBI in the United States in 1993 at its research facility in Quantico, Virginia, called the International Law Enforcement Telecommunications Seminar (ILETS) together with representatives from Canada, Hong Kong, Australia and the EU. The product of these meetings was the adoption of an international standard called the International Requirements for Interception that possessed similar characteristics to CALEA from the United States. In 1995 the Council of the European Union approved a secret resolution adopting the ILETS. Following its adoption and without revealing the role of the FBI in developing the standard, many countries have adopted laws to this.

Virtual Shadows, 2009

The question is, do we trust our governments to do what is right in the name of public safety, i.e. not abuse their power during times of crises, and pandemics? To be honest, we don’t have much choice, as much as we kick and scream, what it boils down to is that if a pandemic breaks out which can kill 80% of the population, these type of questions will not be asked. What about afterwards, in the wake of such a disaster? I guess we will be just grateful to be alive, even the politicians and faceless bureaucrats.

This is why the use of privacy by design in application development are of paramount importance, and I think this should be the focus of discussions hereon. ENISA published a useful paper in 2015 which can be used as a great inspiration. It would be great to see some evolutions on this paper on moving forward. There are some technologies out there, pathing the way into new territories, and it could take some time before we get absolute privacy on the use of any digital technology.

IMHO Privacy by Design embedded in all technology is where our energy should be placed. Words come cheap, action for long term change is often missed in the heat of the argument. The point is missed given the context, and human behaviour which results in getting nowhere; or somewhere, where we don’t want to be.