Are Phone Apps in Fight Against Pandemic a Step Towards Universal Surveillance?
Poland has recently introduced smartphone applications that can tell the user if they are near a person at high risk of coronavirus transmission.
Digital innovation strategy expert at Kozminski University in Warsaw, Dr. Szymon Wierciński, talks about the effectiveness of these types of apps and whether they threaten our privacy.
PAP - Science in Poland: IT specialists have joined the fight against the pandemic. The governmental application ProteGO Safe has been created in Poland. What exactly is its task?
Dr. Szymon Wierciński: Two applications have already been created on the government's initiative. One, a currently mandatory app 'Home Quarantine' is designed to check if the person in quarantine actually is in the declared place. Now our government, as well as the governments of other countries and technology companies, including Google and Apple, are working on applications that can tell whether someone has been near a person infected with coronavirus.
PAP: How does an application accomplish this task?
S.W.: The application uses Bluetooth technology that enables direct communication between two devices located close to each other. It theoretically determines the distance between devices, and therefore also their owners. It is worth noting that the application is evolving, its assumptions change, it is expected to be adapted to the improved standard implemented jointly by Apple and Google, so it is difficult to predict how it will function in a month or six.
PAP: But you can already see potential problems?
S.W.: Firstly, there is a jump to the conclusion that contact between phones corresponds to contact between people. But you can, for example, leave your phone at home or switch it to flight mode. Measuring distances is also problematic. For example, if a large aquarium stands in the path of the Wi-Fi router, the signal is much weaker. In a sense, a person is also a water tank. So if two people are standing close to each other, but have phones in pockets on opposite sides, the effect will be similar to standing at a greater distance from each other. And what if they are in their cars standing at the traffic light? For example, the driver of one vehicle and the passenger of another may be close to each other, but they will have virtually no contact with each other. And then there is the part related to broadcasting the signal in intervals, which complicates the matter further, because the contact will be recorded if we either hit the time of the signal or spend a longer moment with another person.
PAP: But Bluetooth technology should ensure respect for privacy, because the phones contact directly and you do not need to, for example, check or send geolocation data.
S.W.: This is where problems start. The current application processes a large part of the data on the server and it is not entirely clear what is happening to them. The system's operation is centralized, like in the Singaporean model. In Singapore, independent experts could not check the code performing the key action, marking the keys that had contact with the infected. We have to trust the Ministry of Digital Affairs, although they have already announced that the server-side code will also be inspected and published under an open license. In the second phase of Apple and Google cooperation (their systems allow the ministry to create a proprietary solution), the phones will be capable of registering contact even without installing additional applications. But even if the application were perfect and would process all data only in the phone, it would not give complete protection.
PAP: Why not?
S.W.: Imagine someone taking part in a protest and being arrested by the police. The police, using several sources of information, including the keys registered in the application, could check who the person contacted while the application was running. From time to time the program generates a new temporary identification key that will be registered by phones in its vicinity. If this key is active for a longer period, users will leave information about their movements on other devices.
PAP: Is this where the problems end?
S.W.: There is one more problem. If the ministry failed to verify the infections reported in the application in any way, the whole system could stop working after a few moments. With health data entered by users themselves, there could be pranksters who declare being infected. Then everyone nearby would be marked as being at high risk of infection. Another problem is the requirement to use the 'Home Quarantine' application, which we mentioned earlier. It is an example of such a semi-voluntary solution, the alternative for which is social ostracism associated with daily police visits during quarantine.
PAP: You mentioned connection to the server. What is the threat here?
S.W.: The solution created by the ministry has a hybrid, i.e. keys are assigned at the central level on the server, but complete data needed to identify a specific user are not. This does not change the fact that other companies that have information about the device's IP addresses and the SIM card assigned to the user could supplement such a database and de-anonymise the application users. I would consider the issue of privacy more broadly.
PAP: What do you mean?
S.W.: One should ask how much invasion in our privacy we are able to allow. Today, the data of a specific person are assigned to each SIM card. All our geolocation data are therefore stored by telecommunications companies. Meanwhile, for years Poland has been breaking records in the number of requests from various public institutions to the telecommunications sector for access to geolocation or billing data. Today, if necessary, the police can efficiently determine the location of a given phone. Thanks to this, for example, when they receive information of a potential suicide, they can quickly send a patrol to the place.
PAP: Meanwhile, most people use many other applications that know a lot about us.
S.W.: Advertising companies are interested in various data about us. Google, Facebook and other private entities collect all possible data. Recently, the US government began to wonder whether Google has monopolized the online market, because they evaluate each person using their services in terms of several thousand parameters. The question about the new application is therefore a bit deeper: do we accept creating a new data source about us? Perhaps today it will not be used for improper purposes, but let's look about 10 years back. After cracking the iPhone system, it turned out that it contained a file that stored all geolocation data. Lots of people protested. Now nobody protests that there are maybe ten applications on the phone that send various types of data to private companies. The question is - what will happen in a decade?
PAP: What can we expect?
S.W.: The next, young generation will grow up with the idea that, for example, an app used to fight an epidemic is a standard and soon we will be using five more apps that will collect even more information.
PAP: Can we speak about crawling development of surveillance?
S.W.: It is already happening. For example, there is information about monitoring systems that recognize faces. A few years ago, in 'Black Mirror; there was an application, in which each citizen could give the selected number of stars to others. On this basis, the status of a given person would change. Shortly afterwards, China introduced a system that had a different form, but similar function. In the US there are Facebook or Google, and Snowden (Edward Snowden - American whistleblower, former CIA employee - PAP) showed that security services have full access to citizens' data. The question is, in which direction it all goes and what is the limit? Because if there is no limit, we can now forget about privacy and stop wondering if anyone will use our data. We will accelerate the world by a few years, eliminate several epidemics, or solve some problems related to terrorism.
PAP: You are probably not a fan of this solution...
S.W.: The question is whether we want to go in this direction. Some say, however, that we already have given up privacy when we picked up the first mobile phone because it was connecting to at least three base stations. On this basis, you can determine the position of the phone with an accuracy of a few meters. After the introduction of the 5G network, this accuracy may increase due to the higher density of antennas.
PAP: The amount of collected information may also increase. There is already talk, for example, about medical sensors placed in the body.
S.W.: Recently there has been a report on the work on a chip adapted to the current pandemic. This small system could detect the coronavirus, but also markers of glucose, cancer or various infections. It could connect to a mobile device and send data to it. This is a good solution for people with diabetes, for example. But the question is whether it would be voluntary. ProteGo Safe is voluntary. Conspiracy theories aside, we should be guided by reason and think who will give us a guarantee that someday such a chip will not become mandatory.
PAP: For now, people are encouraged to install the app. That doesn't look scary.
S.W.: There were, however, two other ideas that were abandoned at an earlier stage of designing the application. In the first of them, the app was supposed to be associated with a phone number. This violated the principle of anonymity. In the second, people with the application could be privileged when shopping in shopping malls or using public services, and this already meant half-obligation. So now we are wondering whether it should be completely voluntary or indirectly compulsory. In 5-10 years, indirect obligation could become the reality and we will discuss total obligation.
PAP: Do you have any advice for potential users? Avoid such applications or, install and not worry about it? Use, but with caution?
S.W.: I do not want to be a bad news bearer discouraging people from using solutions that increase our safety. Perhaps after adopting the standards introduced by Apple and Google, the application will actually start to work in a distributed model and maximally protect our data. But on the other hand, this discussion would make sense if we didn't allow corporations and smaller companies to track our locations, behaviour patterns, build personality profiles, which are then used to send personalized ads and messages.
PAP: So in your opinion, install or not install?
S.W.: If you are aware of and read the terms of service when updating operating system on your phone before accepting them, I would advise not to install ProteGo until better privacy standards are introduced. But if you automatically accept terms of service in other applications without reading, then the level of privacy in another application that you add to the entire ecosystem does not matter. (PAP)
Interview by Marek Matacz
mat/ agt/ kap/