Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

5/21/2020
06:00 AM
50%
50%

Centralized Contact Tracing Raises Concerns Among Privacy-Conscious Citizens

The long debate over whether encryption and anonymity shield too much criminal behavior also has staged a resurgence.

Nations whose governments pursue a centralized model of contact tracing are more likely to see a massive surge in citizens adopting privacy-enhancing technologies — in some cases by a factor of 10x or more, according to messaging security firm Wickr.

In an analysis of its user base, Wickr found that countries such as Turkey, Israel, and Hungary, which have all taken a centralized approach to contact tracing, have seen massive increases in private-messaging adoption by a factor of 15x or more. Even in European nations that have more privacy-centric regulations, adoption of secure messaging has grown faster in countries moving to adopt a centralized approach, such as the United Kingdom and France, versus those that have committed to distributed contact tracing technology, such as Germany, Wickr's analysis states.

The result suggests that the move to more rigorous surveillance of the coronavirus's spread has caused concerns among tech-savvy and privacy-conscious citizens, says Chris Howell, co-founder and chief technology officer of Wickr. 

"The COVID contact-tracing trend points to the general climate around privacy," he says. "If businesses or citizens believe the government is looking at gobbling up all the data, there is going to be a more angst. In those regions, you are going to have people that fear that overreach and turn to technology for privacy."

The data from Wickr reinforces the idea that, as governments increase surveillance powers, citizens are more prone to adopt technology that can help keep their communications private. The report is neither a scientific study nor does it suggest that citizens' privacy concerns with coronavirus contact tracing are driving adoption. However, the report does come as governments worldwide struggle to find ways to keep their populations safe from coronavirus. 

In addition, the long-simmering debate over whether encryption and anonymity shield too much criminal behavior has staged a resurgence. The US Department of Justice reopened its case against technology companies that provide encrypted communications technology that cannot easily be broken. The so-called "going dark" debate generally pits calls for backdoors into encrypted devices as a way to enforce laws and policy on citizenry. 

The most recent legislative battleground is the EARN IT Act, which Congress is currently considering and would allow a group of commissioners to set best practices for technology companies that provide Internet services, including — critics claim — requiring encryption backdoors. 

"Backdoors are a serious threat to the security that encryption offers, just as they were when the modern encryption debate started with the aftermath of the San Bernardino terrorist attack five years ago," said Michael Hayden, the former director of the Central Intelligence Agency and of the National Security Agency, earlier this month in a column for The Hill. "Proponents continue to pursue backdoors through legislation like the Earn It Act, despite the fact that such efforts will not achieve their intended aims, as many experts continue to point out."

The size of the largest gains — 45x in Turkey, 23x in Israel, and 15x in Hungary — is largely due to a small starting user base in those countries, but overall the trend indicates the greatest adoption occurred in countries that planned to use technology to undermine privacy, Wickr's Howell says. Russia, Italy, and South Korea are all among the top adopters, but also countries that adopted contact tracing that respects privacy less.

Some experts have warned that, as the United States did after 9/11, nations that undermine privacy for the promise of security are doing so unnecessarily. Yet, unlike after 9/11, when proposals to sift through citizens' data seemed to be the only option, this time there are two options that will likely serve tracing efforts equally well. 

Centrally managed contact tracing basically allows government to track the historical location of citizens to determine when two people are in the same location at the same time. Distributed contact tracing allows phones to exchange anonymous keys when they are close to one another for a given amount of time, and then only if one person is diagnosed with COVID-19 are the keys collected in a database that is then updated.

"If you look at just the fact that we have two major types of COVID tracing we are talking about, that is a win," Howell says. "We did not have that post-9/11. It was only after the Patriot Act that we looked at whether we needed to be collecting all the data we decided to collect."

Apple and Google have worked together to create a toolkit for the distributed form of contact tracing that other companies, government agencies, and health organizations can use as the basis of an application. Other countries, such as Taiwan and Germany, are developing privacy-preserving contact tracing.

Governments that choose to sacrifice citizens' privacy when tracking coronavirus infections should expect to face harsh questions after the pandemic ends, Wickr's Howell says.

"This puts more scrutiny on them because people can say, 'Hey, there is another option here,'" he says. "When governments do not talk about other solutions, it will cause people to question their motives."

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register
Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Inside North Korea's Rapid Evolution to Cyber Superpower
Kelly Sheridan, Staff Editor, Dark Reading,  12/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29565
PUBLISHED: 2020-12-04
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the...
CVE-2020-5675
PUBLISHED: 2020-12-04
Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD all versions and GS2107-WTBD all versions), and Tension Controller LE...
CVE-2020-29562
PUBLISHED: 2020-12-04
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2020-28916
PUBLISHED: 2020-12-04
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
CVE-2020-29561
PUBLISHED: 2020-12-04
An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a reservation in the case where a load translates successfully but still generates an exception.