The 4 Myths of Modern Privacy in Contact Tracing
What COVID-19 is showing us about what is possible, and what’s not
Contact Tracing applications for combatting COVID-19 are getting popular.
Apple and Google have announced a technology framework for these applications that leverages Bluetooth contact tracing, one that runs privately in the background of a smartphone.
In the UK, the National Health Service has decided to take a different approach. Despite the performance and privacy concerns, their app will be built using standard published API and by collecting the data they need in a centralised system.
This debate is making us believe that there are trade-offs required in modern technology. You can have privacy or you can have functionality but you cannot have both. Well, here are 4 Myths of Modern Privacy that we believe need to be debunked.
Myth #1: You’re always private on the edge (but don’t you ever leave it!)
Keeping personal data on the device is very privacy-friendly. But software is emerging now which can be owned by the individual and created in the cloud. Personal data servers such as these combine private data storage with the advantages of cloud functionality, and for the first time are making truly private application-building a new paradigmatic technology architecture.
Myth #2: Privacy isn’t important because these are extraordinary times
Extraordinary times call for extraordinary measures. But these must be reserved for when they are strictly necessary. In the era of COVID-19 we’re being asked to make lots of compromises about our privacy.
If we’re going to have contact tracing apps I think we need to also have them be privacy-preserving. Not doing so and forcing a compromise kind of feels amateurish.
Myth #3: Privacy just means deleting the data afterwards
Some implicit assumptions about privacy is that it’s just about deleting all our data after it’s used. This isn’t sufficient. We shouldn’t be asked to just trust our governments, and a mature understanding of data must separate its value from its responsible handling. The individual and the organisation must each be able to take what value they desire from the data, and also protect it in the way it is being used.
Myth #4: The privacy problem is solved simply by trust
Privacy-by-design mentality says don’t ask your users to have to trust you, show them that they can. That means that our trusted organisations, like our governments, and national health services, can’t abuse our trust just because we have good will. Privacy needs to be preserved by trusted organisations just like their trust does.
And that’s even if they have a spotless record of ethical data management.
This issue is about more than just technology. It’s kind of about technical competency, and the ability of businesses and governments ethically and responsibly handle data.
We shouldn’t have to compromise. Read our full analysis on Contact Tracing Applications and the NHSX in Modern Privacy: What COVID-19 is showing us about what is possible, and what’s not.
Originally published at https://dataswift.io on April 30, 2020.