Teacher Insights: Teacher Expectations Can Have Powerful Impact on Students Academic Achievement  |  Policy Indications: Make Sure the Digital Technology Works for Public Good  |  Teacher Insights: The Significance of Social Emotional Learning Curriculum in Schools  |  Health Monitor: Forgetting is a Form of Learning  |  Higher Studies: University of Manchester Invites Application for LLB and LLM Programmes   |  Health Monitor: Is There a Blue Spot Inside our Brain?  |  Parent Interventions: Babies born during the Pandemic Performs Lower during Developmental Screening  |  Policy Indications: Invest in Structural Steel R&D : Prof BS Murty  |  Management lessons: ONPASSIVE Technologies Shows the Way in Rewarding Outperformers  |  Parent Interventions: Can We Make Our Kids Smarter?  |  Health Monitor: More Sleep Means Better Quality of Life  |  Parent Interventions: New Year Resolution for Parents  |  Health Monitor: Health benefits of Choline in Kids  |  Health Monitor: It is never too late to Learn  |  Best Practices: IIT Hyderabad Improves ARIIA Ranking to 7  |  
April 11, 2020 Saturday 05:40:46 PM IST

Corona Virus Contact Tracing Apps Create Privacy Issues for Policy Makers

Image by Engin Akyurt

Nations are trying to use the advanced IT, artificial intelligence and data science to keep track of the spread of the coronavirus. Various apps have been devised to upload and process information. However, it has also given rise to privacy concerns.
In the South Indian State of Kerala which has now won world-wide acclaim for its public health intervention policies that helped keep corona virus in check, a new allegation about collection of health information about people in quarantine. Opposition Congress Leader Ramesh Chennithala alleged that health data of people placed in quarantine and other health information related to Covid-19 patients were uploaded to the website of a US company without storing in state government servers. The data will be processed using artificial intelligence. This compromises privacy and security of important patient data, according to Ramesh Chennithala. 
Hassan Asghar and Dali Kaafar of Macquarie University's Cybersecurity Hub has pointed out that even if Covid Contract tracing apps are life savers in these pandemic times, it can also cause privacy issues. 
The scientists have analysed 'TraceTogether' a mobile app which has been put on open source by Singapore. Users may have concerns about the use of their data for mass surveillance. How the app works.
TraceTogether uses Bluetooth to exchange information between users. Signal strength approximates distance between users. The app shares time, and (temporary) user IDs, logging this, encrypted, on the device. When someone installs the app, a centralised authority, like the Department of Health, stores their mobile number, plus a newly-generated user ID, on its server.
The server uses its private key to generate temporary IDs, transmitting them to the corresponding user. These temporary IDs are exchanged between users near each other. A user diagnosed with COVID-19 is asked for consent to upload the app’s encrypted data logs to the server. With these, the registry can contact other users who were in contact with them.

Potential Threats
Privacy from other users is built in. The app generates temporary user IDs, refreshing them frequently. These IDs are generated by the server based on people’s phone numbers and their permanent ID so the central authority can determine the identities of users if needed. The temporary nature of the IDs means other users can’t track someone for long. But the server can.
Users’ data is safe from snoopers: data logs on the user’s phone are encrypted, so hackers can’t read the data. The server has the decryption key for the data logs, which are only sent to the server for determining close contacts between people. The app keeps data secure from other users and snoopers, but not from the central registry. The server can retrieve users’ data logs, decrypt and read them. It can also link the temporary IDs to real identities.
There are some privacy features. The server only asks for data logs from infected users or people who have been near one. Data logs only contain relative distance, not precise location.
Data on phones is deleted after 21 days. The server can know a user’s private data, but this is a feature of most apps.  If a user tests positive, they can consent to the server retrieving their data, to identify users who have been in contact with them. At this point, potentially uninfected users lose control over their privacy.
The app could be (mis)used for surveillance. The central registry could obtain and decrypt data logs from a large number of users, for mass surveillance. Although data logs on the device are deleted after 21 days, there is no guarantee data logs decrypted at the central server would be.
The app could be tweaked for more privacy, reconfiguring it so the app generates temporary user IDs. This way, only the user knows their identity. They would have to allow their device to share the list of their temporary IDs. The server would find temporary IDs that have been in contact with the infected user and broadcast them. Users getting a message containing their temporary ID can respond by identifying themselves. 
Future versions should be decentralised. The server could push temporary IDs of diagnosed users to the apps, allowing other users to determine if they have been in contact with them. 
Locally and randomly generated IDs can’t be linked to true identities. The server would not know the identities of the users within infection range of someone who tested positive.  This fundamental change in the design might not be possible to do quickly.


Courtesy: https://tinyurl.com/u8cd3za



Comments
 

RECOMMENDED NEWS

17-01-2022
Make Sure the Digital Technology Works...
Policy Indications
The connected technologies of the Internet of Things (IoT) power the world we live in. IoT systems and devices are critical infrastructures—they provide a platform for social interaction, fuel the marketplace, enable the government, and control the home. Their increasing ubiquity and decision-making capabilities have profound implications for society. When humans are empowered by technology and technology learns from experience, a new kind of social contract is needed, one ...
Policy Indications
08-01-2022
Invest in Structural Steel R&D : Prof ...
Policy Indications
The use of structural steel in India is very limited compared to developed nations either due to lack of knowledge in structural steel design or outdated codal ...
28-12-2021
MIT’s Field Research in India for th...
Policy Indications
An experiment done by MIT antipoverty researchers based on a “Targeting the Ultra-Poor” (TUP) program that aids people living in extreme poverty have generated positive effects on consumption, food security, income, and health, which grew fairly steadily for seven years after the start of the program, and then remained intact after 10 years as well. The study was based on rural West Bengal, India which was centred on people so poor their average daily household consumptio...
21-12-2021
Rewired Global Declaration on Connecti...
Policy Indications
The Rewired Global Declaration was developed by UNESCO with support from Dubai Cares. It reflects the inputs of a 22-person expert advisory group and an inclusive global consultation process involving governments, civil society, youth, teachers, researchers, and private sector organizations, among other stakeholder groups to discuss strategies to leverage connected technologies to deliver quality education for all. Stefani Giannini, UNESCO Assistant Director-General for ...
20-12-2021
How to improve Transportation? Vision ...
Policy Indications
We generally experience transportation problems in our daily routine. Waiting for a delayed bus, packing ourselves into a train, or crawling along in traffic, it is common to see such systems struggling at close range. A concept of top-down approach in this issue was the theme of the final talk in MIT’s Mobility Forum series, delivered by MIT Professor Thomas Magnanti, which centered on applying to transportation the same overarching analytical framework used in other domai...
17-12-2021
Reduce Inequalities in the Education S...
Policy Indications
 UNESCO’s new Global Education Monitoring (GEM) Report shows that many countries lack adequate regulations on private education or the capacity to enforce them undermining quality and potentially widening the educational divide between rich and poor. The report points out that there is a growing inequality and exclusion in the education sector as education is being privatised by the states.There are many countries where the families have to borrow money to afford their...