Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Tech-Assisted COVID-19 Tracking Is Having Some Issues

Harnessing today’s technology to fight the coronavirus pandemic is turning out to be more complicated than it first appeared.

Harnessing today’s technology to fight the coronavirus pandemic is turning out to be more complicated than it first appeared.

The first U.S. states that rolled out smartphone apps for tracing the contacts of COVID-19 patients are dealing with technical glitches and a general lack of interest by their residents. A second wave of tech-assisted pandemic surveillance tools is on its way, this time with the imprimatur of tech giants Apple and Google. But those face their own issues, among them potential accuracy problems and the fact that they won’t share any information with governments that could help track the spread of the illness.

Contact tracing is a pillar of infection control. It’s traditionally conducted by trained public health workers who interview those who may have been exposed, then urge them to get tested and isolate themselves. Some estimates call for as many as 300,000 U.S. workers to do the work effectively, but so far those efforts have lagged.

Other tech companies like Salesforce have offered database tools to assist manual tracing efforts, although those also raise privacy concerns because of the need to collect and store detailed information about people’s social connections, health status and whereabouts.

Privacy advocates warn that the danger of creating new government surveillance powers for the pandemic could lead to much bigger problems in the future. In a new policy paper shared with The Associated Press, the American Civil Liberties Union is warning state governments to tread more carefully and establish stricter privacy procedures before deploying technology meant to detect and curb new coronavirus outbreaks.

Even the most privacy-minded tools, such as those to be released soon by Apple and Google, require constraints so that they don’t become instruments of surveillance or oppression. “The risks of getting it wrong are enormous,” said Neema Singh Guliani, a senior legislative counsel with the ACLU.

ACLU’s report says the worst location-tracking technology should be rejected outright, such as apps that track individual movements via satellite-based GPS technology and feed sensitive personal data into centralized government databases. “Good designs don’t require you to gather people’s location information and store that,” Singh Guliani said.

Advertisement. Scroll to continue reading.

She urged governments to set rules addressing both privacy and efficacy so that surveillance tools don’t interfere with more conventional public health methods.

Utah, North Dakota and South Dakota were the first U.S. states to launch voluntary phone apps that enable public health departments to track the location and connections of people who test positive for the coronavirus. But governors haven’t had much luck getting the widespread participation needed for them to work effectively.

Nearly a month after Utah launched its Healthy Together app to augment the state’s contact-tracing efforts by tracking phone locations, state officials confirmed Monday that they haven’t done any contact tracing out of the app yet. Instead, people who download the app have been able to “assess their symptoms and get testing if appropriate,” Utah’s state epidemiologist, Angela Dunn, said last week.

The state with the highest known rate of participation so far is North Dakota, where last week about 4% of residents had downloaded the Care19 app and were using its location services. The same app is getting even less support in South Dakota.

“This is a red state,” said Crystal Wolfrum, a paralegal in Minot, North Dakota, who says she’s one of the only people among her neighbors and friends to download the app. “They don’t want to wear masks. They don’t want to be told what to do. A lot of people I talk to are, like, ‘Nope, you’re not going to track me.’”

Wolfrum said she’s doubtful that the app will be useful, both because of people’s wariness and its poor performance. She gave it a bad review on Google’s app store after it failed to notice lengthy shopping trips she made one weekend to Walmart and Target stores.

Related: COVID-19 Contact Tracing Apps: Effective Virus Risk Management Tools or Privacy Nightmare?

North Dakota is now looking at starting a second app based on the Apple-Google technology. The existing app “was rushed to market, because of the urgent need, Vern Dosch, the state’s contact tracing facilitator, told KFYR-TV in Bismarck. “We knew that it wouldn’t be perfect.”

The ACLU is taking a more measured approach to the Apple and Google method, which will use Bluetooth wireless technology to automatically notify people about potential COVID-19 exposure without revealing anyone’s identity to the government.

But even if the app is described as voluntary and personal health information never leaves the phone, the ACLU says it’s important for governments to set additional safeguards to ensure that businesses and public agencies don’t make showing the app a condition of access to jobs, public transit, grocery stores and other services.

Among the governments experimenting with the Apple-Google approach are the state of Washington and several European countries.

Swiss epidemiologist Marcel Salathé said all COVID-19 apps so far are “fundamentally broken” because they collect too much irrelevant information and don’t work well with Android and iPhone operating software. Salathé authored a paper favoring the privacy-protecting approach that the tech giants have since adopted, and he considers it the best hope for a tool that could actually help isolate infected people before they show symptoms and spread the disease.

“You will remember your work colleagues but you will not remember the random person next to you on a train or really close to you at the bar,” he said.

Other U.S. governors are looking at technology designed to supplement manual contact-tracing efforts. As early as this week, Rhode Island has said it is set to launch a “one-stop” pandemic response phone app. It will pair with a new contact-tracing database system built by software giant Salesforce, which has said it is also working with Massachusetts, California, Louisiana and New York City on a similar approach.

Salesforce says it can use data-management software to help trained crews trace “relationships across people, places and events” and identify virus clusters down to the level of a neighborhood hardware store. It relies on manual input of information gathered through conversations by phone, text or email.

“It’s only as good as a lot of us using it,” Democratic Gov. Gina Raimondo said of the soon-to-be-launched mobile app at a news conference last week. “If 10% of Rhode Island’s population opts in, this won’t be effective.” The state hasn’t yet outlined what people are expected to opt into.

The ACLU hasn’t weighed in on the Salesforce model, but has urged contact-tracing public health departments to protect people from unnecessary disclosure of personal information and to not criminalize the requirement for self-isolation.

Related: Security, Privacy Issues Found in Government COVID-19 Mobile Apps

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...