Apple and Google Lay Out Privacy Requirements for COVID-19 Apps

• Apple and Google have laid out explicit privacy requirements for their coronavirus exposure notification system, according to which they plan to allow only one app per country to use the contact system to avoid fragmentation and encourage wider adoption, prohibit apps from collecting location information, and mandates that data collection must be minimised and used only for health response (and not for targeted advertising or policing) in a bid to prevent governments from using the system to compile dossiers on citizens.
• The proposed opt-in tool, already previewed in the latest versions of Android and iOS, aims to avoid fragmentation between different platforms to enable contact tracing on a large scale, while maintaining user privacy via Bluetooth. (Some experts, however, opine using only Bluetooth could fall short, as it wouldn't take into account scenarios where two individuals sit in the same spot or share tables over time.)
• The main danger with this "opt-in" approach is that it could lead to a patchwork of apps, with individual nations relying on their own internal solutions that combine both GPS and Bluetooth to record encounters, in addition to building their own infrastructure that centralises all the collected data and making it searchable, leading to lowered standards of privacy and a huge increase in invasive government surveillance.
• The U.K. is one of the few countries that has decided to adopt such a centralised approach for its contact tracing app, shunning the decentralised system designed by Apple and Google. Their contention is that Apple and Google's rules to protect privacy prevent the robust data analysis needed to slow the virus' spread.
• Other countries like China, Colombia, Australia, New Zealand, and India have rolled out apps with Bluetooth and GPS functions to trace people who have come in contact with the coronavirus. But they come with their own problems: app permissions.
• iOS, by default, forbids third-party apps from accessing Bluetooth unless they're running in the foreground — in other words, if your iPhone is locked or you're not actively looking at the app, then they cannot transmit Bluetooth signals. While having to run contact-tracing apps constantly isn't battery friendly, the system level restrictions will only reduce its effectiveness.
• Australia's COVIDSafe app, a version of Singapore's open-sourced TraceTogether app, gets over the problem on iOS by making it still work after locking the phone screen as long as the app is open when the phone is being locked.
• But it appears mounting privacy concerns and the aforementioned software limitations imposed on third-party apps are prompting some governments to reverse course and adopt the Apple-Google technology, including Colombia, Australia and the U.K. The NHS tracing app is said to have failed cybersecurity tests in limited trials ahead of a nationwide rollout later this month.
• The U.K. is far from alone on that front. India's Aarogya Setu app (which now boasts of over 90 millions users) has drawn criticism for a number of loopholes that could violate its users' privacy and become a potential surveillance tool in the hands of the government. (On a side note, people under quarantine have also been told to send geo-tagged selfies periodically to prove that they are staying at home, failing which could lead to criminal prosecution)
• Not only is the app closed-source (nor audited by security experts), it has been found that users who sign up for the service have no option to delete the account once the pandemic is over. Nor does the privacy policy clarify whether Aarogya Setu is a temporary application whose purpose is contact tracing only during the outbreak.
• What's more, there's no sunset clause: The policy mentions that the personal information collected during registration will be retained "for as long as your account remains in existence and for such period thereafter as required under any law for the time being in force," leaving open the possibility that it could be repurposed in the way that it becomes compulsory even after the situation cools off — a worrying development given the lack of a comprehensive data protection regulation in the country.
• With the app being made mandatory for everything from taking public transit to going to work, the centralisation of anonymised aggregate information (along with location and other personal details — mandatory: mobile number, optional: name, age, sex, profession, and travel history; the mobile number is used to create a random identifier that never changes during its lifetime, unlike Apple and Google's approach — collected during initial setup) poses data leakage risks.
• The Indian Software Freedom Law Center found numerous concerns, among them a clause that it says absolves the government from liability in the event of "any unauthorised access to the [user's] information or modification thereof," meaning the government cannot be held responsible in the event of a data breach or a false diagnosis.
• Calling for for diminished civil liberties to confront the crisis is one thing, but it remains to be seen if consumers trust government-based apps or Apple and Google to better safeguard data collected by contact tracing.
• Technology can only be a means to an end, and not the end itself. A mass-monitoring system of this kind can only help augment governments' efforts in contact-tracing at scale (the success depends as much on aggressive testing as on technology), but cannot be used to justify any form of Orwellian mass-surveillance beyond the scope of the pandemic.
• "Surveillance must have a legitimate aim and purpose. These restrictions must be proportionate in nature, and the measures should be within an institutional framework so that it limits the scope for abuse," Internet Freedom Foundation's Sidharth Deb said.