The onset of the coronavirus (COVID-19) has caused a world-wide ripple that has affected millions of lives around the globe. In some countries, this has been dealt with using military operations to contain and control the people affected, while in other countries the authorities did little to prevent the virus from overwhelming their country.
During this time period a number of steps are taken to help eliminate this viral threat. Aside from the actual medical initiatives that take place, the physical methods have been employed to reduce the spread of the virus has been contact tracing and quarantine (voluntary or involuntary). The though process of these two applications is that the quarantining of a person will keep them isolated from others while the virus has run its course and naturally (or medically) left their system.
Contact tracing is a method of identifying all parties that have been in contact with infected people. If a person has been identified as having the virus a process of identifying all the people they were in contact with and then all the people those people were in contact with to help prevent the virus from being mass transmitted. The problem with contact tracing is the resources and personnel it takes to perform these actions. It can be excessively time consuming and ineffective when dealing with large sums of people. Technology may have an answer to this.
Google and Apple have teamed up to create a contact tracing application that is available on both Android and iOS phones. This is done by decentralizing Bluetooth on the phones to allow devices to communicate with each other when close enough together. While this sounds like it could be very beneficial, there are some serious privacy concerns and secondarily the security issues this could introduce could cause some serious issues if exploited.
The way that the software works is when any user that has this application installed on their phone comes within range of other users that have the application installed on their phones, an anonymous identifier beacon is sent out to each of the phones using Bluetooth to transmit the beacon. Every user will have their own beacon that is supposed to be anonymous for security reasons.
If a person tests positive for COVID-19 they can then enter the test data into their app to notify others that may have had exposure to the infected person. The person could consent to upload their past 14 days’ worth of history to all the broadcast beacons they received to the cloud. This would then send out a notification to the users that have a beacon ID of the COVID-19 infected user. This allows for rapid contact tracing and a more reliable method than traditional contact tracing options.
The application is supposed to use Bluetooth to track proximity data and not location data. This has been a concern for privacy advocates, and Apple and Google have put a strong emphasis that they are concerned about privacy. In order to take additional steps to prevent misuse of the information to track individuals, the anonymous identifier beacons are to rotate approximately every 15 minutes making the tracking of an individual device based on the identification beacon not possible from external methods. The companies have also stressed that these applications will not collect any personal data or location data; they will only be used to detect proximity to others for faster alerting of those impacted.
Some of the more security-related concerns would be that these devices could be used to target individuals based on discrimination on a group or class in order to do mass quarantining. Additionally, while this technology is created for one purpose once this software is installed on an operating system level (which will be a future deployment option), the applications that could be shifted to and abused could be severe. This could cause massive real-time tracking of individuals anywhere in the world. The different ways that security could be impacted by these are limitless if not carefully guarded.