What Do Contact Tracing Apps Tell Us About Our Relationship To Privacy?
That’s it! The Covid19 outbreak is now “under control” in France. The lockdown has ended and the StopCovid app has been authorized. After long debates in several institutions in France, the app is now available on the main application stores.
This solution to deal with the epidemic was promising, given that three out of four French people have a smartphone. What could be more obvious than to use it to trace the contacts between everyone? In this way, the chains of transmission can be traced back more quickly to break them and avoid a new period of lockdown. More than half of the French said they were ready to install the app and were in favor of using it! Good but wasn’t it a little bit optimistic? Indeed, after a peak in downloads at its release, StopCovid has experienced a plateau phase, with less than 2 million downloads — far too little for this application to be effective!
Yet, one might have expected it, if one considers the flaws of equivalent app worldwide.
Indeed, in Qatar for example, the local contact tracing app has been singled out by Amnesty International because it made vulnerable the private data of more than a million users, including their identity card number, their geolocation and their medical status.
To avoid falling into the same trap, France chose to limit the amount of information collected by the application and to call on the hacker community to identify as many vulnerabilities as possible before launching the application (via what is known as a bug bounty). Anyone finding a flaw can thus win a reward, depending on the criticality of the flaw.
And that’s without counting two challenges that the application faces!
The first challenge is that of usage. Singapore, a pioneer in the deployment of a “contact tracing” application, is a good example of this challenge. Faced with the failure of its application, the city-state set up a new QR code tracking system using the Safe Entry application.
From now on, it is necessary to scan a QR code using a smartphone to enter or leave a public place. This process collects name, ID number, phone number, and the time spent by the citizen in that place. While this measure is optional in law, it has become mandatory in practice because it has become simply impossible to come and go without being scanned.
The second challenge that StopCovid is facing is that of interoperability, against the backdrop of the debate on the sovereignty of states against the digital giants, given that there are two models for these apps:
- First, the decentralized model, the basis on which Apple and Google co-constructed their technical solution. Chosen by Germany, this solution allows the smartphone itself to determine whether the user has been in contact with infected people.
- With the centralized model, on the other hand, it is a central server that determines who has been in contact with an infected person. Adopted by France, this model requires absolute trust in the State because this central server learns the social graph of an individual, i.e. it knows indirectly who has been in contact with the individual.
In addition to the debate that can be had on the advantages and disadvantages of each model, the incompatibility of these two models which cannot work together is the main problem and raises questions at a time when European borders are being reopened.
However, the problem today is deeper and questions our relationship between technology and privacy.
In an article dated March 20, 2020 (The world after the coronavirus), thinker Yuval Noah Harari highlights this dilemma between the choice of freedom and privacy and the choice of security in a world of surveillance.
This surveillance is made possible by the development of smartphones more than a decade ago. These tools are at the heart of our lives, our daily exchanges with family, friends, and work. We have several cameras, allowing us to share images at every moment, microphones for conversation, geolocation tools, and soon, we’ll also have a thermometer for temperature. Anything that can, in a crisis context, become a surveillance tool.
The problem is not that of surveillance in an epidemic context, but that of the impossibility of turning back the clock once the uses have become commonplace. Digital giants have understood this principle. In her book The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power, Shoshanah Zubboff explains how Google managed to impose its Street View tool with impunity. Relying on the slow pace of regulatory institutions and a legal vacuum, the company simply launched the deployment of its tool all over the world, capturing the tiniest details of every street, digitizing the world. However, the ayatollahs of privacy took offense and sued the company. The slowness of the legal system, however, played in Google’s favor. Six years after the lawsuit began, what was then unthinkable had become the norm.
In the face of the Covid19 epidemic, the protection of privacy took a back seat. Health data, which has been at the heart of the debate in recent years, has become fully exploitable. Companies have been given additional time to comply with the GDPR and to respond to citizens’ requests for access to their private data. The protection of privacy thus seems doomed to take a back seat. Until when?
About this article
This article has been written by a student on the Grenoble Ecole de Management’s Advanced Masters in Digital Business Strategy. As part of a content creation assignment, students are given the task of writing articles based on their digital interests and disseminate the articles online. Articles are marked but we make minimal changes to the content. Thanks for reading! James Barisic, Programme Director, MS DBS.
