1. Three Privacy Sensitivity Levels of COVID-19 Apps
She nodded. I continued, “one way to evaluate contact tracing apps for their privacy sensitivity is to categorize them by the types of data they collect.” That is a reasonable first proxy, I thought, because what is not collected cannot be lost, misused, or compromised. Though, certainly, there are other criteria, such as whether contact tracing is centralized or decentralized, who is collecting the data, or how long it is retained. “On the sensitive end of the spectrum we have apps that are collecting personal data, such as e-mail addresses or phone numbers. The Healthy Together app, from the small social network company Twenty used in Utah [2], is an example. Once a user shows symptoms, they can be asked directly with whom they interacted previously. This approach is very effective but requires the exchange of personal data. Healthy Together collects data on a voluntary basis and explains their practices in a privacy policy [3].” The mayor nodded again, though, she seemed not quite convinced that this would be the right approach for Alphaville.
![A diagram outlining the three levels of privacy sensitivity; from high to low: personal data, location data, Bluetooth data.]
The three different levels of privacy sensitivity of COVID-19 apps.
I went on, “other apps are only relying on location tracking. GPS can be accurate up to a few centimeters.” I knew that HowWeFeel uses that option with anonymous user identifiers [4]. This app was developed by a team of scientists and Pinterest co-founder and CEO Ben Silbermann. It is recommended by the Governor of Connecticut [5]. Likely people here in Middletown, where I live, are using it. So, maybe that was something of interest. But as the mayor showed no reaction I continued, “at the least sensitive end of the spectrum we have apps that are just using Bluetooth beacons to detect whether two phones are in proximity. Bluetooth will not keep track of locations,” I said. “Imagine two unrelated people, Michael and Ralf, standing side by side at a bus stop. The sensors in Michael’s and Ralf’s phones are just picking up a random string of characters from each other. If Michael shows symptoms of the disease, he can upload his string to a server. All other phones, including Ralf’s, are periodically downloading the strings from there. Once Michael’s string matches the string already on Ralf’s phone, Ralf is notified that he was in contact with a symptomatic person. This form of contact tracing is used in Apple’s and Google’s ExposureNotification [6]. It is the least privacy sensitive approach.” The mayors face lit up. “That’s great,” she said, “but do you think it will actually work?” “That’s a good question,” I replied. As the mayor had other work to do, we agreed that I would research this question and we would touch base again in a few days.
#mobile-apps #privacy-technologies #privacy-protection #privacy #covid19
