Read on Twitter
#COVID19 contact tracing apps: we need to go beyond shallow reassurances that privacy is protected. Here are 8 questions we think you should ask. A thread. https://cpg.doc.ic.ac.uk/blog/evaluating-contact-tracing-apps-here-are-8-privacy-questions-we-think-you-should-ask/
Question 1: How do you limit the personal data gathered by the authority? Large-scale collection of personal data can quickly lead to mass surveillance.
Question 2: How do you protect the anonymity of every user?
Users’ identities should be protected. Special measures should be put in place to limit the risk that users can be re-identified by the authority, other users, or external parties.
Users’ identities should be protected. Special measures should be put in place to limit the risk that users can be re-identified by the authority, other users, or external parties.
Question 3: Does your system reveal to the authority the identity of users who are at risk?
The goal of contact tracing is to let people know they have been in contact with someone who was infected. The authority should not know who these people are.
The goal of contact tracing is to let people know they have been in contact with someone who was infected. The authority should not know who these people are.
Question 4: Could your system be used by users to learn who is infected or at risk, even in their social circle?
Infecting someone may become a matter of life and death. Digital contact tracing should warn people at risk without revealing who might have infected them.
Infecting someone may become a matter of life and death. Digital contact tracing should warn people at risk without revealing who might have infected them.
Question 5: Does your system allow users to learn any personal information about other users?
Apps should not need to leak information on a user’s locations or social networks to other users.
Apps should not need to leak information on a user’s locations or social networks to other users.
Question 6: Could external parties exploit your system to track users or infer whether they are infected?
The system should take into account the risk of external adversaries, including well-resourced ones.
The system should take into account the risk of external adversaries, including well-resourced ones.
Question 7: Do you put in place additional measures to protect the personal data of infected and at risk users?
The system design may reveal more personal information about users who are infected or exposed. But these are often the people who are more vulnerable and at risk.
The system design may reveal more personal information about users who are infected or exposed. But these are often the people who are more vulnerable and at risk.
Question 8: How can we verify that the system does what it says?
Large-scale contact tracing is too sensitive to rely on blind trust. Transparency is essential to prove that the app functions as advertised
Large-scale contact tracing is too sensitive to rely on blind trust. Transparency is essential to prove that the app functions as advertised
Thanks for reading! All of this is work with @fhoussiau and @AndreaGadotti at @imperialcollege and Florent Guepin at @ENSdeLyon
