Corona app: trade-off between privacy and security?

Many European countries have pinned their hopes on a corona tracking app now that measures can be gradually relaxed. Countries are rapidly trying to develop all kinds of solutions and are reinventing the wheel separately from each other. At the beginning of March an attempt was made to build a pan-European system that would meet European privacy requirements. This system, based on the PEPP-PT standards, would not collect location data by the use of Bluetooth and would be interoperable across national borders. At the same time, a decentralized variant (DP-3T), where governments have minimal data access, was developed. Apple and Google also jointly announced a decentralized system, similar to DP-3T.

Corona app: moral and technical issue becomes a political choice

Within the EU, Austria leads the way with the Stopp Corona app, issued by the Red Cross and developed by Accenture. However, only 5% of the Austrian population has downloaded the app, far from reaching the recommended 60% to ensure effectiveness. Where many countries, including the Netherlands, want to use the Apple-Google technique, France and England are developing their own app using their own technique, despite concerns about its inaccurate functioning. There is a lack of European unity and leadership. Moreover, there are concerns about dependence on Apple and Google and the accuracy of Bluetooth technology. The high risk of false positives can lead to a false sense of security. Conflicting national interests, different privacy views, the role of Apple and Google and the inaccuracy of Bluetooth make the development of an app a complex process. From a moral and technological issue, the development of a tracking app has become a political one. The Ministry of Health, Welfare and Sport faces a complex privacy and security dilemma and is struggling to find its way through this jumble of views. Is the app reliable? Is Bluetooth the right technology or are there simpler solutions? To what extent does the use of the app harm our privacy? What about public support? What will happen with the data after the corona crisis? In short: are we on our way to a kind of ‘surveillance state’, or are these concerns unfounded?

Appathon: intermediate result or goal in itself?

After a difficult start, as a result of a suddenly announced Appathon that did not have the desired outcome, the Dutch government is now further investigating whether effective solutions can be developed that help the Municipal Health Service in source and contact research and that meet all requirements. A ‘proof of concept’ is being developed, which is expected to be ready by the end of May. The digital solution will be realized by a number of government organizations, with support of various external experts. These experts are currently examining all available source codes, including those of the parties that took part in the Appathon, and are working towards an intermediate result that can be built on.

While the search for a tracking app continues, concerns remain about the proportionality of a tracking app. Bart Jacobs (professor of computer security at Radboud University in Nijmegen) thinks that the current frameworks are sufficient, but he regrets that too little attention has been paid to how a good app can be built and thinks that the focus has been too much on Bluetooth. Niels Chavannes (general practitioner, professor and eHealth expert at LUMC) also emphasizes that a simpler solution needs to be found. The government is too busy finding a ‘golden app’, of which it is still questionable to what extent this is at all possible. For example, a user density of 60% appears to be virtually unfeasible and Bluetooth technology is very inaccurate. According to Chavannes, there are already several simple solutions, including the LUMC’s Covid Radar, which can support the Municipal Health Service. The user fills in gender, age, symptoms and behavior. Within a postcode area, this provides an overview, and shows if the virus is under control. On the basis of this data, a mayor can decide to take a stricter approach locally. The citizen remains in control and privacy is guaranteed. However, a link to regular care and existing care pathways is also crucial.

Privacy criteria based on current health care system

Critics of a tracking app are worried about the development towards a ‘surveillance state’. The European Data Protection Supervisor (EDPS) warned against new data protection risks, as it becomes possible to track a large part of the population in public and private places. Both the centralized and the decentralized model are subject to privacy risks. It is, therefore, necessary to use data minimization and privacy-enhancing technology to ensure that contacts and infected persons cannot be identified. Even if downloading the app is voluntary, it automatically raises questions about what happens if people persistently refuse to download the app. Completely anonymizing data is ‘wishful thinking’ and almost impossible according to Pieter van Boheemen (researcher at Rathenau Institute). Anonymizing data, therefore, does not automatically mean more privacy. The following privacy guarantees (VeiligtegenCorona and MedMij) must be taken into account when an app is launched:

The app must be proven reliable and based on expertise. The source code and other infrastructure are freely available and therefore auditable;
There is a two-way market with the right quality incentives and sufficient choice between applications;
The deployment of the application is by definition temporary;
No centrally stored personal data. Should it be necessary to share data, then only with the explicit and informed consent of the user;
The application uses as little data as possible;
Only the user determines which data is collected and shared and with whom;
The application must be secured according to strict requirements and data exchange is encrypted;
The application must be completely voluntary.

If privacy is guaranteed, security will follow

These safeguards are conditional on the confidence of the citizen and only when the citizen has confidence in a digital solution or app, he or she will consider using it. In addition, medical legislation and regulations are already geared to the mandatory reporting of COVID disease symptoms. Professional confidentiality assures patients that their data is safe. A platform or application in which citizens themselves keep track of their symptoms by filling in a logbook, together with sufficient testing capacity of the Municipal Health Service, may be sufficient in this respect. Data is not shared, unless the citizen gives his or her own explicit and informed consent. This can be realized within regular healthcare and already existing care pathways, for example by using Personal Health Environments (PGO’s).

A digital solution can certainly support source and contact research, but the goal should be kept in mind. It is questionable to what extent the effects of a tracking app can be reversed in the long term and what this means for future security. The coronavirus can also be monitored without far-reaching tracking, with the risk of a false sense of security and violation of the above-mentioned privacy safeguards. Only if the privacy of the citizen is protected, security is guaranteed.

Sources: