Blog

Contact Tracing Apps

Contact tracing software, will it be coming to a phone near you soon?

With COVID-19 at the forefront of our lives these days, there has been a lot of talk of contact tracing both from healthcare workers and government workers calling users directly who may have been in contact with the virus and also from a technology standpoint. Many experts agree that an app alone won’t fully solve the problem and it will take a combination of both manual calls by humans in conjunction with contact tracing software enabled on smartphones. Let’s look at the technology side and what is involved.

We all want to stop the spread of Coronavirus and the pandemic as it has greatly affected everyday life as we know it. Tech giants like Apple, Google and Microsoft are working hard to create the API’s that will be the foundation of the contact tracing apps but the issue of privacy seems to be the main concern by privacy advocates to ensure protection of cyber-security rights.  And while many analysts have debated contact tracing apps in the last few months and their usefulness to quickly notify those at risk and reduce the spread, the big question remains, will consumers really use them or do the issues of privacy outweigh the use of them?

Let’s a take a look at how they work first.

Apple and Google have already rolled out the first phase of a two-part roll-out of the framework (API) that will allow development of contact tracing apps.

Here is how the technology works: a smartphone running an app that supports the API uses Bluetooth to periodically ping other phones with a random beacon- a string pf characters that is not connected to the user’s identity information. The beacon changes frequently to provide a level of security, yet keeps track of the list of beacons or string of codes it sends out. It also keeps track of the list of beacons it receives from phones nearby.

If you test positive for the virus, you can enter the result into the public health authority’s app which will give the app permission to upload the list of beacons your phone transmitted in the last 14 days, essentially the incubation period. Each day the app will download a list of infected beacons and notify those individuals who have come in contact with those beacons. You will not know the identity of the person with whom you came in contact with, you will simply know that your phone was in close proximity to someone who has tested positive for the virus.

Apple and Google’s API does not use GPS location data which can be a big privacy issue because of the ability to send location data back to the cloud but instead uses Bluetooth technology and is said to have more accuracy when it comes to close proximity data. However, many of the proposed apps do rely on the use of Geo-location data and GPS data which is why privacy advocates are concerned.

What are the privacy concerns?

So once you opt-in to a contact tracing app and start using it, how long can you be tracked and how long can the data be used? Will the data be used by the government for anything else? Will these apps make it easier for more surveillance by the government? Could hackers obtain this data and use it for malware attacks or phishing schemes? Will your use and participation in the app (and more importantly if you test positive) be used negatively in any way in terms of you returning back to society or can it be used by your insurance carrier? And the list of “what-if’s” goes on and on.

Currently, Congress is working to craft privacy legislation around all of this to ensure that collection ends after the pandemic ends and to try to put some sort of guidelines of use around these apps, but there are no guarantees there will be comprehensive legislation before the apps are released and are in use. The “Exposure Notification Privacy Act” would require the user to provide explicit consent to use of the app and would keep collected data from being used for commercial purposes. The proposed bill also would barre businesses from discriminating against employees who do not want to participate and do not want the contact tracing app on their device.

There still is a lot to be debated on the use of contact tracing apps in terms of consumer privacy, the bill that is currently being reviewed still has a lengthy process to go through until it is made into law. Also, Apple and Google were a little late on the scene, many states were left to develop their own apps in the wake of the sudden COVID-19 virus and have already begun development work on their own apps. To date, only 3 states have agreed to use the Apple/Google API framework for their apps (Alabama, South Carolina and North Dakota).

Adoption of the app is key

Many other countries have started use and development of contact tracing apps but have run into a variety of issues. Europe has rolled out contact tracing apps in hopes of diminishing a second wave of the virus. Specifically, Italy and Germany activated apps that both use the Apple/Google API collaboration for more privacy. France and Britain have both rolled out their own apps and are in the early stages of gaining user adoption. Still, GPS based apps that collect a user’s location and other personal information are being used by some governments in other parts of the world, with these countries taking extreme measures to fully monitor phone location data and the spread of COVID-19.

The question remains of how successful will each country be in slowing and stopping the spread of COVID-19 by getting its citizens to adopt and download and use these contact tracing apps? All the apps, regardless of how they work, rely on buy-in from the end user. For an app like this to have a significant impact, the adoption rate would need to be in the 60% range. No country has even come close to the halfway mark, with Singapore reporting they have a 37% adoption rate of their contact tracing app, one of the highest noted to date.

Currently, there is not a single country who can state that a contact tracing app has been a game changer for them. As of this moment, contact tracing is still best performed by a healthcare or government official working with the infected person to backtrack and contact by phone calls those individuals and locations with whom they have been in contact. However, officials have noted many users are leery of answering a call from an unknown or government phone number. As with information on the virus itself, we expect much to change on this topic in the coming weeks and months.