‘The Perfect Privacy Storm’

New Issues in Privacy Debate With Technology and Contact-Tracing

By Jeff Benson

Last of two parts.

Contract-tracing raises myriad privacy issues in the coronavirus fight. Today’s report discusses how technology further muddies the waters.

Contact-tracing can involve deep detective work.

People are reluctant to share information with strangers. They forget where they’ve been, or they mix up Tuesday with Wednesday.

All of which makes it difficult to pinpoint close contacts.

Incorporating modern technology, from Bluetooth-based location tracking to app integrations that pull data from patients’ calendars, could make contact-tracing faster but would introduce fresh privacy concerns.

Ironically, the fight around contact-tracing apps could focus attention on our expectations of medical privacy more generally.

Help for the Human Worker

To be clear, health departments already are using technology for contact-tracing. The San Francisco Department of Health, for example, relies on CommCare, customizable mobile data-collection software created by Dimagi, to map COVID-19’s spread and notify potential contacts.

Without it, health officials would be sticking photos and strings to the wall like FBI agents in old movies.

“Organizations who use CommCare to collect data are the owners of the data they collect — and our platform gives them state of-the-art security capabilities to ensure adherence to strong security and privacy practices,” CommCare product director Devendra More told Digital Privacy News.

He noted that “CommCare is also Privacy Shield- and GDPR-compliant.”

More stressed that CommCare was in the business for social impact, not to repurpose and sell data. But what data, exactly, is being digitized — and what tracers can see within the software or share with contacts — largely depends on the local health authority’s own practices, he said.

Whereas CommCare is a data-collection tool used to aid human tracers, a new generation of tools would go further.

As Digital Privacy News has reported, Apple Inc. and Google are creating a system that would allow Bluetooth-enabled mobile devices to maintain a log of other devices and cross-check it with COVID-19 data.

“Leveraging personal data through contact-tracing apps to combat COVID-19 is the perfect privacy storm.”
— Dazza Greenwood, MIT Computational Law Report.

Shortcuts Possible

Though the companies are using privacy-by-design methods to create their system, the resultant apps built on that framework could take shortcuts to manufacture consent and open people up to more intrusive tracing measures.

“Leveraging personal data through contact-tracing apps to combat COVID-19 is the perfect privacy storm,” Dazza Greenwood, executive director of the MIT Computational Law Report, told Digital Privacy News.

“We’re developing a balanced set of privacy principles and legal frameworks to navigate through that storm at Law.MIT.edu,” he said.

Greenwood added, “The key is putting people in charge of their data through well-informed and targeted consent that can be revoked as easily as granted — and through technology that reflects and supports fair-information practices.”

For instance, NextTrace, an epidemiologist- and developer-led project to build “a scalable survey-based digital-contact tracing platform,” calls for contacts to receive an initial text prompt; the system would delete the contact information of those who opt out.

Yet, as Greenwood and others look to create privacy frameworks for tracing apps, no clear answer exists as to what currently happens to data. It may not have even been a consideration when states created public-health statutes.

“We generally just talk about a public-health department’s authority to engage in contact-tracing,” UNLV’s Stacey Tovino told Digital Privacy News. “We don’t really talk about informed consent to that.”

What to Do

COVID-tracing practices are still in their infancy — and no one is yet effectively tracking your movements to tell if you’ve come in contact with infected patients.

Therefore, contact-tracing (as currently constituted) can’t really function without your participation.

Health officials don’t know who you live with or when you buy groceries — although they may notify your employer, especially if you work in a jail, residential-care facility or other location that houses many vulnerable people. 

In your case, you agree to help in order to limit the spread. You give the contact tracer your roommate’s name and number, tell her about your trips to the grocery store and detail the time you went to a hotel to escape your roommate’s interminable guitar practice.

After you get off the cellphone, you realize how valuable your health information might be to the hotel’s front desk clerk.

You wonder, briefly, whether her information will be used just like yours was. Then you shrug and click on your next Netflix binge.

Surely, you think, someone’s got it figured it out.

Jeff Benson is a Nevada writer.

Where You Least Suspect

Your data may be most vulnerable before it reaches a contact-tracer because much of the health industry relies on fax machines to transmit data.

William Crank, COO of Fortified Health Security, told Digital Privacy News that providers could accidentally enter the wrong number when trying to send your information to health departments.

Received faxes could sit on a public machine before being picked up. The attack vectors get more sophisticated from there.

Once that data is collated into health-department servers, it becomes especially tempting. Health-care providers and insurers remain the top target for medical data breaches, but public-health agencies haven’t been immune.

A March 2019 phishing attack at the Oregon Department of Human Services led to the patient data of 645,000 Oregonians being compromised, including Social Security numbers and protected health information.

The prior year, Minnesota’s public health agency fell to a similar ploy.

According to Crank, attackers are most interested in obtaining a patient’s complete medical record “as it contains significant information from which an identity could be stolen to perform almost anything as that individual.” 

While a standard confidential morbidity report that’s sent after a positive COVID-19 result isn’t a complete medical record, it nonetheless contains much information, including Social Security numbers and contact details.

— Jeff Benson

Sources (external links):