A group of researchers at the University of Notre Dame is working to address
the security issues of the existing COVID-19 contact tracing systems.
You might also like: A new report from ETSI analyses and compares various contact tracing applications and methods utilised to help mitigate the COVID-19 pandemic. Read more.
Contact tracing technologies have been deployed around the world to help mitigate the spread of COVID-19. The applications differ across national health systems and across developers, with the joint Apple-Google exposure alert initiative standing out by the scale of its implementation. However, researchers at the University of Notre Dame (USA) note that third-party contact tracing apps may be the source of numerous privacy and security concerns.
According to Prof Aaron Striegel, Professor at the Department of Computer Science and Engineering and affiliate member of the Wireless Institute at Notre Dame, contact tracing apps may retain much more information about individuals than necessary. Hence, the question of trust to the apps’ developers comes to the forefront. Abuse of apps is also possible, e.g. through registering fake illnesses.
The solution here could be to allow “only the health agency to identify the individuals who have been officially diagnosed with coronavirus,” says Prof Striegel noting that app design should account for this.
The opt-in format of the majority of apps is another concern, as it does not guarantee that the user will remember to opt out of an app once the pandemic crisis has passed. This means that the apps will keep on running and collecting data. Prof Striegel also points out that the efficiency of automated contact tracing is still inconclusive, as is whether “the use of these apps outweigh the privacy or ethical concerns in a broader sense”.
The researchers at Notre Dame are developing a framework for prototype software to be tested on various devices (e.g. laptops and mobile phones). The framework would ensure encrypted data sharing with health officials and privacy protection. It would also provide users with functionality to monitor the use of their data and be informed about potential exposures in a secure way.
Source: University of Notre Dame