The age of COVID-19 has brought about a slew of ethical and moral conundrums for the average citizen. The latest resides in our pockets, on our phones: Should citizens risk data privacy and opt in to contact tracing apps for the common good?
Although governments have begun to roll out contact tracing apps, the uptake has been slow and has yet to hit a critical mass for the tool to be effective. Although Singapore was lauded as the first country to launch a Bluetooth tracing solution, TraceTogether, on March 20, only one in six people in the city-state are using it, far from the necessary threshold of three-quarters of the population. Australians, too, are reluctant to opt in to their iteration of TraceTogether, COVIDSafe, causing their prime minister, Scott Morrison, to call upon citizens to download it as part of their “national service.”
The public’s reluctance could be due to concerns about data privacy. After all, contact tracing apps have roots in surveillance technology. Singapore’s Prime Minister Lee Hsien Loong addressed this in his fourth national address, “People must install [the contract tracing apps] and weigh privacy concerns against the benefits of being able to exit from the circuit breaker.”
The benefits of such apps have been made clear. “A well-designed contact tracing app reduces the complexity and scale of the contact tracing effort, narrowing the search space to a smaller list of possible contacts,” said professor Teo Yik-Ying, dean of Saw Swee Hock School of Public Health. This then lightens the workload of human contact tracers who must distinguish meaningful signals from noise.
So, what exactly are these privacy concerns?
KrASIA spoke to a security engineer working for a tech company listed on the NYSE. “The risk with a contact tracing application like TraceTogether is usually that of privacy,” explained the engineer, who has requested to be identified as QY. “In the case of TraceTogether, although location data is not collected, users of the application are still constantly emitting an identification token tied to their devices, and this identification token is generated and encrypted by a system managed by the authorities. This is also what we call a centralized system. Although a third party will not be able to identify users from the identification token, the authorities, however, are in a position of trust and have the ability to do so.”
Do people in Singapore trust the governmental entities that are managing this data? The spate of public data breaches hitting the Ministry of Health over the last two years has not inspired public confidence. Furthermore, independent analyses of an older version of TraceTogether showed that the app did not function as publicized; it was found to be collecting location data as well as data that was generated more than 21 days ago, and then siphoning that information to WOGAA, a centralized internet-facing government platform. KrASIA reached out to GovTech for a statement but they said they have no new comments at this time.
Nonetheless, QY opined that the uploaded information would be insufficient to accurately identify a user and would not de-anonymize the data. The team behind TraceTogether has responded to the independent findings and published Version 1.5. The app’s latest version will automatically delete data after 21 days.
“The goal should not be to build trust, but to earn trust—that is, to demonstrate trustworthiness,” Dr. G. Owen Schaefer, a research assistant professor at the Center for Biomedical Ethics, Yong Loo Lin School of Medicine, NUS, emphasized. “Such responsiveness is essential to being good stewards of data.” He also points out that, comparatively, contact tracing apps collect a fraction of the information that Google Maps and other apps already gather for private, commercial purposes.
How then would the collaboration between TraceTogether and tech superpowers Apple and Google play out? While they espouse “user privacy and security as central to the design,” skepticism continues to mount as privacy experts state that Apple and Google built their dominion over the software ecosystem on the backs of privacy compromises, many of which are done without the knowledge or explicit consent of users. While we can only speculate on the future behavior of private tech conglomerates, what can we make of the new features that they offer?
“One of the known issues with TraceTogether is the inability of the application to work in the background on iOS devices, and collaborating with Apple can help resolve that. Apart from that, the system proposed by Apple and Google is more privacy-centric than that of TraceTogether, as the design uses a decentralized approach, and only the user device itself is able to decrypt its identification token,” said QY.
He mentions that there are still ways that the identification token can be tied back to users. QY pointed to an example scenario described by Ashkan Soltani, former chief technologist of the United States Federal Trade Commission, where a linkage attack could be made on Apple-Google’s API to identify people who report positive for COVID-19.
Even so, like many other experts, Teo believes that contact tracing apps should be made mandatory. Ultimately, each government will have to decide whether they have the necessary level of trust with their people to execute digital contact tracing in a broadly acceptable manner. Teo noted, “In every society, there will be that group of people that opposes any action that seemingly infringes on personal rights and privacy—the question is whether the group is in the minority or large enough that the government cannot ignore.”
Since it’s up to Singapore’s citizens to voluntarily download and activate TraceTogether, how should individuals weigh the cost of potential privacy intrusions against the potential benefits of utilizing the app? Do the ends justify the means?
Dr. Schaefer argues that, yes, it does. Rather, we have a moral obligation to do so. “By consistency, if we are willing to accept much greater intrusions of social distancing and stay at home orders for the public benefit, we should be willing to accept the imposition of minimal privacy risks via well-designed apps that can effectively improve on existing contact tracing efforts.”
The choice, of course, is still yours.