Virus-Tracing Apps Are Rife With Problems. Governments Are Rushing to Fix Them.

July 8, 2020 admin Technology 0

Links monetized by Google Adsense and Amazon Affiliated

In April, Norway released a smartphone app, Smittestopp or “stop infection,” that records users who come into close contact for more than 15 minutes and sends alerts if they have been exposed to the coronavirus.

“We can all help stop the spread of infection and save lives,” Prime Minister Erna Solberg said in a statement at the time. “If many people download the Smittestopp app, we can open up society more and get our freedom back.”

Within two weeks, nearly 900,000 people — or about one out of five Norwegians older than 16 — had started using the app. But by mid-June, the government had temporarily turned off the service after data protection regulators there said Norway had so few coronavirus cases that the risks of intensified surveillance outweighed the app’s as yet unproven public health benefits. This week, the country’s data watchdog formally imposed an interim ban on the app.

Norway is one of many countries that rushed out apps to trace and monitor the coronavirus this spring, only to scramble to address serious complaints that soon arose over extensive user data-mining or poor security practices. Human rights groups and technologists have warned that the design of many apps put hundreds of millions of people at risk for stalking, scams, identity theft or oppressive government tracking — and could undermine trust in public health efforts. The problems have emerged just as some countries are poised to deploy even more intrusive technologies, including asking hundreds of thousands of workers to wear virus-tracking wristbands around the clock.

ImageNorway’s data protection watchdog temporarily banned a virus-tracing app this week, saying it collected far more data from users than it needed to function.
Credit…Heiko Junge/NTB Scanpix, via Associated Press

In mid-June, after a barrage of criticism from privacy advocates, Britain abandoned the virus-tracing app it was developing and announced it was switching to software from Apple and Google that the companies have promoted as more “privacy preserving.

In May, after Amnesty International identified major security flaws with a mandatory virus exposure-alert app in Qatar, the government quickly released an update with new security features. In April, reporters at The New York Times found that a government virus-tracing app in India, which had been downloaded more than 77 million times, could leak users’ precise locations. The Indian government immediately fixed the problem, and soon began offering financial rewards to security researchers who find vulnerabilities in the app.

In fact, “the vast majority” of virus-tracing apps used by governments lack adequate security and “are easy for hackers” to attack, according to a recent software analysis by Guardsquare, a mobile app security company.

“It’s a cautionary tale for governments aggregating such an enormous amount of data,” said Claudio Guarnieri, the head of Amnesty International’s Security Lab, who identified the problems with the Qatari app.

Governments around the world have rolled out several dozen virus-tracing apps this year, he noted. “But, of course, doing so in a rushed manner, and doing so without proper considerations and the proper design and oversight,” he said, could “jeopardize these efforts.”

#styln-briefing-block { font-family: nyt-franklin,helvetica,arial,sans-serif; background-color: #F3F3F3; padding: 20px; margin: 37px auto; border-radius: 5px; color: #121212; box-sizing: border-box; width: calc(100% – 40px); } #styln-briefing-block a { color: #121212; } #styln-briefing-block a.briefing-block-link { color: #121212; border-bottom: 1px solid #cccccc; font-size: 0.9375rem; line-height: 1.375rem; } #styln-briefing-block a.briefing-block-link:hover { border-bottom: none; } #styln-briefing-block .briefing-block-bullet::before { content: ‘•’; margin-right: 7px; color: #333; font-size: 12px; margin-left: -13px; top: -2px; position: relative; } #styln-briefing-block .briefing-block-bullet:not(:last-child) { margin-bottom: 0.75em; } #styln-briefing-block .briefing-block-header-section { margin-bottom: 16px; } #styln-briefing-block .briefing-block-header { font-weight: 700; font-size: 16px; line-height: 20px; display: inline-block; margin-right: 6px; } #styln-briefing-block .briefing-block-header a { text-decoration: none; color: #333; } #styln-briefing-block .briefing-block-footer { font-size: 14px; margin-top: 1.25em; } #styln-briefing-block .briefing-block-briefinglinks { padding-top: 1em; margin-top: 1.75em; border-top: 1px solid #E2E2E3; } #styln-briefing-block .briefing-block-briefinglinks a { font-weight: bold; margin-right: 6px; } #styln-briefing-block .briefing-block-footer a { border-bottom: 1px solid #ccc; } #styln-briefing-block .briefing-block-footer a:hover { border-bottom: 1px solid transparent; } #styln-briefing-block .briefing-block-header { border-bottom: none; } #styln-briefing-block .briefing-block-lb-items { display: grid; grid-template-columns: auto 1fr; grid-column-gap: 20px; grid-row-gap: 15px; line-height: 1.2; } #styln-briefing-block .briefing-block-update-time a { color: #999; font-size: 12px; } #styln-briefing-block .briefing-block-update-time.active a { color: #D0021B; } #styln-briefing-block .briefing-block-footer-meta { display: flex; justify-content: space-between; align-items: center; } #styln-briefing-block .briefing-block-ts { color: #D0021B; font-size: 11px; display: inline-block; } @media only screen and (min-width: 600px) { #styln-briefing-block { padding: 30px; width: calc(100% – 40px); max-width: 600px; } #styln-briefing-block a.briefing-block-link { font-size: 1.0625rem; line-height: 1.5rem; } #styln-briefing-block .briefing-block-bullet::before { content: ‘•’; margin-right: 10px; color: #333; font-size: 12px; margin-left: -15px; top: -2px; position: relative; } #styln-briefing-block .briefing-block-header { font-size: 17px; } #styln-briefing-block .briefing-block-update-time a { font-size: 13px; } } @media only screen and (min-width: 1024px) { #styln-briefing-block { width: 100%; } }

Epidemiologists have said virus control apps may be helpful additions to public health efforts, especially in countries like South Korea, which has the national medical infrastructure to do mass-scale testing and isolate people who test positive.

But digital rights groups say some governments are using apps largely as performative gestures — to demonstrate to the public that they are taking some kind of concrete action against the virus.

“Digital contact-tracing — the idea that there’s an app for that — is a very hopeful concept,” said Carly Kind, a human rights lawyer who is the director of the Ada Lovelace Institute, an artificial intelligence ethics research center in London. “I think governments want it to be true,” she added, but often the efforts seem like little more than “do-something-itis.”

Governments in Asia, in Europe and elsewhere have turned to mobile phones and apps during the pandemic for a variety of purposes, including analyzing smartphone location data from mobile providers to assess residents’ compliance with lockdowns. But tracking apps, which some countries are using to notify people of possible coronavirus exposure or to enforce government quarantine orders, have come under heightened scrutiny. That is because some of the apps continuously collect details about users’ health, precise locations and social interactions, increasing the privacy and security risks.

Credit…Karim Jaafar/Agence France-Presse — Getty Images

In May, Qatar began requiring all residents to use a virus-alert and quarantine enforcement app or face fines of up to $55,000. The app assigns each user a digital color code — green for people who are healthy with no symptoms, red for confirmed cases of Covid-19 — that dictates whether a person must stay home or may go out. It can also track users’ real-time locations to monitor whether those infected with the virus are complying with government self-quarantine orders.

After testing the app, however, Amnesty International identified security flaws that could have given hackers access to the names, health status and in some cases the quarantine locations of the more than one million users who had downloaded it. Qatar quickly updated the app, bolstering its user authentication system.

Neither the Ministry of Interior in Qatar, which oversees the app, nor the country’s embassy in the United States responded to emails seeking comment.

Guardsquare’s recent analysis of government-sponsored virus-tracing apps in 17 countries found other security flaws — including scant encryption and inadequate hacker-detection systems. The report warned governments that prioritizing app deployment speed over user security could erode citizens’ trust, and participation, in public health efforts.

“App makers unfortunately do not seem to be taking the risks seriously enough yet,” the Guardsquare report said.

Critics faulted Norway’s “stop infection” app for a different issue: excessive government surveillance.

Like a virus-tracing app in India, the Norwegian app collects continuous location data and sends it to a central government database to be analyzed. Some other countries are taking a different approach, one that processes users’ private data on their own phones where government agencies cannot access it.

Credit…Ørn E. Borgen/NTB Scanpix

Gun Peggy Knudsen, deputy director general of the Norwegian Institute of Public Health, said that analyzing data from the virus-tracing app had helped her agency understand the effectiveness of public health measures, like lockdowns and social distancing.

But Norwegian technology experts soon began warning that location and social proximity data from the app could potentially be used for more invasive purposes, like mapping people’s social networks. Critics also argued that the public health agency was exploiting app users’ private details for its own purposes without their explicit consent.


@charset “UTF-8”; /* MODULE : GUIDE */ #g-inlineguide-headline { font-family: “nyt-franklin”, arial, helvetica, sans-serif; font-size: 13px; font-weight: 700; line-height: 20px; max-width: 600px; padding: 0; } @media (min-width: 740px) { #g-inlineguide-headline { font-size: 16px; } } .g-inlineguide-list-circle li { position: relative; padding-left: 1.75em; } @media (min-width: 740px) { .g-inlineguide-list-circle p, .g-inlineguide-list-circle div, .g-inlineguide-list-circle li { padding-left: 0; } } .g-inlineguide-list-circle li:before { position: absolute; content: “•”; top: 2px; left: 1em; font-size: 15px; line-height: 24px; } @media (min-width: 600px) { .g-inlineguide-list-circle li:before { top: 3px; left: -1em; } } .g-inlineguide { background-color: #f3f3f3; text-align: left; margin: 30px auto; height: 380px; width: calc(100% – 40px); border-radius: 10px; transition: height 0.5s; } @media (min-width: 740px) { .g-inlineguide { max-width: 600px; } } #truncate-content { transition: height 0.5s; height: 300px; } .g-inlineguide-container { margin: 0 20px 0px 20px; padding: 20px 0 7px 0; } @media (min-width: 740px) { .g-inlineguide-container { margin: 0 35px 0px 35px; } } .g-inlineguide-container-wrapper { height: 100%; } .g-inlineguide-bottom { display: -ms-flexbox; display: flex; -ms-flex-align: center; align-items: center; -ms-flex-line-pack: center; align-content: center; -ms-flex-pack: center; justify-content: center; top: 10px; } .g-inlineguide-content { position: relative; height: 300px; max-width: 520px; overflow: hidden; } .g-inlineguide-logo { margin: 0 0 10px 0; } .g-inlineguide-date { font-family: “nyt-franklin”, arial, helvetica, sans-serif; font-size: 13px; font-weight: 500; line-height: 25px; color: #666666; max-width: 600px; margin: 5px auto 15px; } /* LINKS */ #g-inlineguide-id a { text-decoration: none; } .g-inlineguide a { color: #326891; text-decoration: none; border-bottom: 2px solid #CCD9E3; } .g-inlineguide a:visited { color: #333; text-decoration: none; border-bottom: 2px solid #ddd; } .g-inlineguide a:hover { border-bottom: none; } .g-inlineguide #g-inlineguide-headline a { color: #333; text-decoration: none; border-bottom: 0px solid #ddd; } .g-inlineguide #g-inlineguide-headline a:hover { border-bottom: 2px solid #ddd; } /* LIST */ .g-inlineguide-list-header { font-family: nyt-cheltenham, georgia, “times new roman”, times, serif; font-weight: 500; font-size: 26px; line-height: 30px; margin-top: 5px; margin-bottom: 5px; } @media (min-width: 740px) { .g-inlineguide-list-header { font-size: 30px; line-height: 36px; margin-bottom: 10px; margin-top: 10px; } } .g-inlineguide-item-list { font-size: 15px; line-height: 20px; font-family: “nyt-franklin”, arial, helvetica, sans-serif; font-weight: 500; } #g-inlineguide-item-list li { padding-left: 15px; line-height: 20px; margin-bottom: 10px; } @media (min-width: 740px) { #g-inlineguide-item-list li { font-size: 17px; line-height: 24px; margin-bottom: 15px; } } #g-inlineguide-item-list li strong, #g-inlineguide-item-list li h4 { font-weight: 700; } #g-inlineguide-item-list li:before { color: #333333; margin-left: -15px; margin-right: 10px; top: 0; font-size: 16px; } @media (min-width: 740px) { #g-inlineguide-item-list li:before { left: 1em; } } ul.g-inlineguide-list { max-width: 600px; margin: auto; } .g-inlineguide-line-truncated { background-image: linear-gradient(180deg, transparent, #f3f3f3); background-image: -webkit-linear-gradient(270deg, rgba(255, 255, 255, 0), #f3f3f3); height: 50px; border-bottom: 0.5px solid #dcddda; width: calc(90% – 70px); margin-top: -55px; position: absolute; } @media (min-width: 740px) { .g-inlineguide-line-truncated { max-width: 520px; width: 90%; } } .g-inlineguide-truncate-button { display: -ms-flexbox; display: flex; -ms-flex-align: center; align-items: center; -ms-flex-line-pack: center; align-content: center; -ms-flex-pack: center; justify-content: center; margin: 10px 0 0 28px; } .g-inlineguide-truncate-button-text { font-family: “nyt-franklin”, arial, helvetica, sans-serif; margin-top: 9px; font-size: 13px; font-weight: 650; line-height: 28px; /* or 215% */ letter-spacing: 0.03em; text-transform: uppercase; color: #333333; background-color: transparent; } #g-inlineguide-expand-carat-transform { margin-top: 8px; width: 28px; height: 28px; margin-left: 3px; background-color: #F4F5F2; display: -ms-flexbox; display: flex; -ms-flex-align: center; align-items: center; -ms-flex-pack: center; justify-content: center; } .g-inlineguide-expand-carat-transform-show { transform: rotate(180deg); transition: transform 0.5s ease; } .g-inlineguide-line { border: 0.5px solid #dcddda; width: 100%; max-width: 600px; margin: auto; margin-top: 10px; } .g-inlineguide-headline-group{ display: flex; align-items: baseline; } .g-inlineguide-headline-carat{ margin-left: 6px; }

  • Frequently Asked Questions

    Updated July 7, 2020

    • What are the symptoms of coronavirus?

      Common symptoms include fever, a dry cough, fatigue and difficulty breathing or shortness of breath. Some of these symptoms overlap with those of the flu, making detection difficult, but runny noses and stuffy sinuses are less common. The C.D.C. has also added chills, muscle pain, sore throat, headache and a new loss of the sense of taste or smell as symptoms to look out for. Most people fall ill five to seven days after exposure, but symptoms may appear in as few as two days or as many as 14 days.

    • Is it harder to exercise while wearing a mask?

      A commentary published this month on the website of the British Journal of Sports Medicine points out that covering your face during exercise “comes with issues of potential breathing restriction and discomfort” and requires “balancing benefits versus possible adverse events.” Masks do alter exercise, says Cedric X. Bryant, the president and chief science officer of the American Council on Exercise, a nonprofit organization that funds exercise research and certifies fitness professionals. “In my personal experience,” he says, “heart rates are higher at the same relative intensity when you wear a mask.” Some people also could experience lightheadedness during familiar workouts while masked, says Len Kravitz, a professor of exercise science at the University of New Mexico.

    • I’ve heard about a treatment called dexamethasone. Does it work?

      The steroid, dexamethasone, is the first treatment shown to reduce mortality in severely ill patients, according to scientists in Britain. The drug appears to reduce inflammation caused by the immune system, protecting the tissues. In the study, dexamethasone reduced deaths of patients on ventilators by one-third, and deaths of patients on oxygen by one-fifth.

    • What is pandemic paid leave?

      The coronavirus emergency relief package gives many American workers paid leave if they need to take time off because of the virus. It gives qualified workers two weeks of paid sick leave if they are ill, quarantined or seeking diagnosis or preventive care for coronavirus, or if they are caring for sick family members. It gives 12 weeks of paid leave to people caring for children whose schools are closed or whose child care provider is unavailable because of the coronavirus. It is the first time the United States has had widespread federally mandated paid leave, and includes people who don’t typically get such benefits, like part-time and gig economy workers. But the measure excludes at least half of private-sector workers, including those at the country’s largest employers, and gives small employers significant leeway to deny leave.

    • Does asymptomatic transmission of Covid-19 happen?

      So far, the evidence seems to show it does. A widely cited paper published in April suggests that people are most infectious about two days before the onset of coronavirus symptoms and estimated that 44 percent of new infections were a result of transmission from people who were not yet showing symptoms. Recently, a top expert at the World Health Organization stated that transmission of the coronavirus by people who did not have symptoms was “very rare,” but she later walked back that statement.

    • What’s the risk of catching coronavirus from a surface?

      Touching contaminated objects and then infecting ourselves with the germs is not typically how the virus spreads. But it can happen. A number of studies of flu, rhinovirus, coronavirus and other microbes have shown that respiratory illnesses, including the new coronavirus, can spread by touching contaminated surfaces, particularly in places like day care centers, offices and hospitals. But a long chain of events has to happen for the disease to spread that way. The best way to protect yourself from coronavirus — whether it’s surface transmission or close human contact — is still social distancing, washing your hands, not touching your face and wearing masks.

    • How does blood type influence coronavirus?

      A study by European scientists is the first to document a strong statistical link between genetic variations and Covid-19, the illness caused by the coronavirus. Having Type A blood was linked to a 50 percent increase in the likelihood that a patient would need to get oxygen or to go on a ventilator, according to the new study.

    • How can I protect myself while flying?

      If air travel is unavoidable, there are some steps you can take to protect yourself. Most important: Wash your hands often, and stop touching your face. If possible, choose a window seat. A study from Emory University found that during flu season, the safest place to sit on a plane is by a window, as people sitting in window seats had less contact with potentially sick people. Disinfect hard surfaces. When you get to your seat and your hands are clean, use disinfecting wipes to clean the hard surfaces at your seat like the head and arm rest, the seatbelt buckle, the remote, screen, seat back pocket and the tray table. If the seat is hard and nonporous or leather or pleather, you can wipe that down, too. (Using wipes on upholstered seats could lead to a wet seat and spreading of germs rather than killing them.)

    • What should I do if I feel sick?

      If you’ve been exposed to the coronavirus or think you have, and have a fever or symptoms like a cough or difficulty breathing, call a doctor. They should give you advice on whether you should be tested, how to get tested, and how to seek medical treatment without potentially infecting or exposing others.

In May, after privately advising the government to make changes, more than 300 Norwegian technology, security and privacy experts posted a statement on Medium warning that the app could lead to “unprecedented surveillance” of society.

In June, Norway’s Data Protection Authority said it would temporarily ban the app, arguing that it collected far more data than it needed to function and could “no longer be regarded as a proportionate encroachment” on users’ basic privacy rights.

The public health agency has since deleted users’ personal data and temporarily deactivated the app. But Ms. Knudsen, the public health official, argued that disabling the app now was shortsighted and could make Norway less prepared for the next wave of the virus.

“It’s good for democracy to have a huge debate when we collect this amount of data,” Ms. Knudsen said. “But I am surprised that the critics, primarily tech people in Norway, are focusing so much on the privacy side and not on how can we handle public health during the coronavirus outbreak.”

In June, the Norwegian Parliament asked the health authorities to develop distinct user permissions for the app: one consent for virus-tracing and another for data collection. When the country’s data watchdog formally imposed a temporary ban on the app this week, it said health authorities had not proved its utility or allowed users to control how their data would be used.

“The app was introduced in what you might call a warlike situation,” said Simen Sommerfeldt, the chief technology officer of Bouvet, an I.T. consulting company in Norway and one of the organizers of the group statement on Medium. But now that the pandemic seems less like a short-term war against a disease and more like a long-term “new normal,” he said, “we can’t have an app that is so invasive of privacy.”

“We need to protect human rights even in this situation,” Mr. Sommerfeldt added.

Countries with more controlling governments may not be as responsive to privacy concerns.

Singapore recently began pilot-testing more intrusive virus-tracking technology — asking a group of migrant workers to wear Bluetooth-enabled wristbands that can detect their locations and proximity to one another. The initial goal is to deter workers infected with the virus who are quarantined in special dorms from visiting their healthier colleagues, said Ron Rock, the chief executive of Microshare, a company in Philadelphia that is supplying technology for the pilot.

“Privacy concerns in Singapore are nothing like Europe and the United States,” Mr. Rock said. He added that Singapore was considering making the tracking wristbands mandatory for hundreds of thousands of its migrant workers. “They can mandate it for sure.”

Aaron Krolik contributed reporting.

Source

Related Articles

Be the first to comment

Leave a Reply

Your email address will not be published.


*


sixteen + six =