Australian researchers have provided privacy recommendations as the Australian government explores the use of contact tracing mobile apps as a tool for public health officials and communities to fight the spread of the COVID-19 pandemic.
Dr Hassan Asghar (Macquarie University), Dr Farhad Farokhi (University of Melbourne), Professor Dali Kaafar (Macquarie University) and Associate Professor Ben Rubinstein (University of Melbourne) have released a paper highlighting that the Government must not ignore privacy concerns and implications of TraceTogether or similar apps that may be rolled out in Australia.
“While many of the legal considerations could be relaxed at the discretion of enforcement authorities during times of crisis such as the current public health emergency, privacy issues could markedly hinder the adoption of these mobile apps. Such apps could also be used as a tool for mass surveillance beyond the original purpose of COVID-19 contact tracing.”
The researchers have made the following privacy recommendations:
The app can be tweaked to provide more privacy from the Central Authority.
The temporary user IDs can be generated locally by the app, instead of the server. This way, no one except the users know their identity, and they have to provide informed consent to the server by sharing the list of their temporary IDs for their private data to be used. When a user tests positive for COVID-19, the server can find the temporary IDs that have been in contact with the infected user and broadcast them. When they receive a message that contains their temporary ID, users can respond by identifying themselves. This functionality can be implemented either as a specific consent request to individuals or as an automatic response to identification requests if individuals opt in for self-identification.
Future versions of the app need to be more decentralized.
The server can push the temporary ID of diagnosed users to the apps and other users can locally determine if they have been in contact with them. If the IDs are locally and randomly generated, they are not linkable to true identities. This way the server does not know the identities of the users who were in close proximity with the infected user. This provides higher privacy against the server. This is not an easy fix and requires a fundamental change in the app’s design which might not be possible to be implemented rapidly.
Future releases of anonymised data logs must be restricted.
An important aspect of data gathered by the server is future use by epidemiologists and policy makers. Although the information seems innocuous, it can be very sensitive and reveal a lot about the users. So it should not be shared publicly even if anonymized. This is because a large percentage of the people might share their data. Even the contact graph, without locations, timestamps, phone numbers or explicit identities, can be linked to other data sources enabling user reidentification.
Digital technologies promise to greatly improve our ability to flatten the COVID-19 curve. Privacy is an enabling technology that can enhance rates of adoption of critical digital infrastructure such as mobile-based contact tracing. We encourage governments nationally and internationally to consider how privacy and data can be managed together, when tracing this significant global pandemic.