Centralized Contact Tracing Raises Concerns Among Privacy-Conscious Citizens

Nations whose governments pursue a centralized model of contact tracing are more likely to see a massive surge in citizens adopting privacy-enhancing technologies — in some cases by a factor of 10x or more, according to messaging security firm Wickr.

In an analysis of its user base, Wickr found that countries such as Turkey, Israel, and Hungary, which have all taken a centralized approach to contact tracing, have seen massive increases in private-messaging adoption by a factor of 15x or more. Even in European nations that have more privacy-centric regulations, adoption of secure messaging has grown faster in countries moving to adopt a centralized approach, such as the United Kingdom and France, versus those that have committed to distributed contact tracing technology, such as Germany, Wickr's analysis states.

The result suggests that the move to more rigorous surveillance of the coronavirus's spread has caused concerns among tech-savvy and privacy-conscious citizens, says Chris Howell, co-founder and chief technology officer of Wickr. 

"The COVID contact-tracing trend points to the general climate around privacy," he says. "If businesses or citizens believe the government is looking at gobbling up all the data, there is going to be a more angst. In those regions, you are going to have people that fear that overreach and turn to technology for privacy."

The data from Wickr reinforces the idea that, as governments increase surveillance powers, citizens are more prone to adopt technology that can help keep their communications private. The report is neither a scientific study nor does it suggest that citizens' privacy concerns with coronavirus contact tracing are driving adoption. However, the report does come as governments worldwide struggle to find ways to keep their populations safe from coronavirus. 

In addition, the long-simmering debate over whether encryption and anonymity shield too much criminal behavior has staged a resurgence. The US Department of Justice reopened its case against technology companies that provide encrypted communications technology that cannot easily be broken. The so-called "going dark" debate generally pits calls for backdoors into encrypted devices as a way to enforce laws and policy on citizenry. 

The most recent legislative battleground is the EARN IT Act, which Congress is currently considering and would allow a group of commissioners to set best practices for technology companies that provide Internet services, including — critics claim — requiring encryption backdoors. 

"Backdoors are a serious threat to the security that encryption offers, just as they were when the modern encryption debate started with the aftermath of the San Bernardino terrorist attack five years ago," said Michael Hayden, the former director of the Central Intelligence Agency and of the National Security Agency, earlier this month in a column for The Hill. "Proponents continue to pursue backdoors through legislation like the Earn It Act, despite the fact that such efforts will not achieve their intended aims, as many experts continue to point out."

The size of the largest gains — 45x in Turkey, 23x in Israel, and 15x in Hungary — is largely due to a small starting user base in those countries, but overall the trend indicates the greatest adoption occurred in countries that planned to use technology to undermine privacy, Wickr's Howell says. Russia, Italy, and South Korea are all among the top adopters, but also countries that adopted contact tracing that respects privacy less.

Some experts have warned that, as the United States did after 9/11, nations that undermine privacy for the promise of security are doing so unnecessarily. Yet, unlike after 9/11, when proposals to sift through citizens' data seemed to be the only option, this time there are two options that will likely serve tracing efforts equally well. 

Centrally managed contact tracing basically allows government to track the historical location of citizens to determine when two people are in the same location at the same time. Distributed contact tracing allows phones to exchange anonymous keys when they are close to one another for a given amount of time, and then only if one person is diagnosed with COVID-19 are the keys collected in a database that is then updated.

"If you look at just the fact that we have two major types of COVID tracing we are talking about, that is a win," Howell says. "We did not have that post-9/11. It was only after the Patriot Act that we looked at whether we needed to be collecting all the data we decided to collect."

Apple and Google have worked together to create a toolkit for the distributed form of contact tracing that other companies, government agencies, and health organizations can use as the basis of an application. Other countries, such as Taiwan and Germany, are developing privacy-preserving contact tracing.

Governments that choose to sacrifice citizens' privacy when tracking coronavirus infections should expect to face harsh questions after the pandemic ends, Wickr's Howell says.

"This puts more scrutiny on them because people can say, 'Hey, there is another option here,'" he says. "When governments do not talk about other solutions, it will cause people to question their motives."

Related Content:

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register.