What is a vulnerability assessment portrait.jpg
What is a Vulnerability Assessment?
What can you do to protect yourself from this risk? Read on to learn how Vulnerability Assessments can benefit and defend your organisation.
Read More

How COVID-19 could affect data privacy

Protecting civil liberties is, I think many would agree, viewed as one of our elected officials’ greatest responsibilities. The COVID-19 pandemic, though, has brought about a series of directives that are not in keeping with this: our movement is restricted, our favourite haunts have been forced to close and contact with our non-resident loved ones is confined to telephone and video calls, text messages and so on.

These measures have – with the exception of a handful of people that openly flouted them – been met with approval. A snap survey conducted by YouGov, shortly after Prime Minister Boris Johnson formally outlawed all but essential travel showed that Britons overwhelmingly supported his decision. More than nine out of ten respondents (93%) supported the decision, with 76% going as far as to state that they ‘strongly supported’ the move.1

Our penchant for liberty is, it would appear, outweighed by our desire to keep ourselves and those we care about healthy. Could the opposition so many of us have to the way our data is used by large tech companies soften if doing so could keep our loved ones safer – and in what other ways could such a change affect our society?

The COVID-19 tracking app

Two of the technology industry’s most prominent companies, Apple and Google, recently announced their intention to jointly develop an app that would inform users if they had been in contact with others who had contracted COVID-19. This app would, the companies announced, allow mobile devices running either iOS or Android to communicate with one another.

Each would keep a record of the devices that had been in close contact and, if a user confirmed they had tested positive for the virus, push a notification to devices that had been within a certain proximity of their device over the course of a predetermined time. The hope, of course, is that this will result in a public that are aware of when they need to self-isolate which, in turn, should impede the spread of COVID-19.

In this case, the decision to collaborate most likely stems from the fact that these two companies currently account for the operating systems used in 99% of all smart mobile devices globally.2 The use of the app will also be entirely voluntary, meaning that users will consent to the exchanges of data required for it to function. What, though, if consent was automatic or not required? If the populous had enough faith in these companies to operate ethically whilst benefiting from a free hand?

Trust in the tech giants

Following high-profile breaches and reports concerning the misuse of consumers’ personal data, a 2019 survey of consumers in the UK and US revealed that few had faith in the world’s largest tech companies. Of the 3,500 respondents, more than 75% did not trust Google, Apple or Facebook. More than two-thirds of respondents also felt that the data companies held in relation to them was at risk from hackers and 40% did not believe that such companies would use their personal data in a lawful manner.3

Recently, though, attitudes to such organisations seem to have warmed. So often now people’s main source of information, social media giants Facebook and Twitter quickly began prioritising links to official and recognised sources such as the World Health Organization instead of content created by their users. Google quickly followed suit, foregoing an algorithm in development for close to two decades in favour of recognised authorities and news providers when users leveraged the search engine as a means of gleaning information on the virus.

Companies and prominent individuals have also aided collective efforts to fight COVID-19 by providing substantial financial donations. Two of social media’s most prominent figures, Twitter founder Jack Dorsey and Facebook creator Mark Zuckerberg, have pledged $1 billion and $30 million respectively.4 Google, too, have donated $800 million.5 For the first time in what seems like an age, media coverage concerning tech’s most significant organisation has a positive slant.

More importantly – and this was perfectly summarised by Wired’s Steven Levy in an article dated the 20th of March – these companies’ previous sins now pale in comparison to their functions.6 If, as it would seem, people are now more inclined to trust these organisations and therefore to consent to them using their personal data in a variety of ways, what could this mean?

Tech tackling the outbreak

The combined technological power of these organisations could be used to create tools that could effectively combat this pandemic. South Korea has been widely praised for containing outbreaks without resorting to extreme measures, and this was largely enabled by the efficient analysis of data generated by consumer devices and services.

Dr Jung Won Sunn, Associate Professor of Urban Economic Development at University College London, has attributed South Korea’s successful efforts to the collection and study of information generated by mobile devices, and credit and debit card payments.7 These, he claimed, combined with surveillance infrastructure allowed authorities to rapidly determine where infected individuals had travelled and, vitally, people with whom they had close contact; with the latter then tested accordingly.

Additionally, Sunn noted, that by tracking the previous locations of new sufferers, authorities were able to determine when and where they were likely to have contracted the virus. When they were unable to trace individual infections back to a source, they identified unexplained patients – an effective means of determining the speed with which the virus was spreading. Local and national authorities also informed citizens when cases were confirmed nearby via websites, SMS alerts and pushed notifications.

Similarities between this and the application being developed by Google and Apple are unlikely to be coincidental. Authorities in the UK, US and other western nations will not have the consent required to leverage much of the data the resultant app collects, but this could change. The consistency with which we received revised privacy policies with requests to approve them exemplifies just how quickly the necessary permissions could be sought and obtained.

What could this mean?

If opposition to the way tech companies use our data has indeed softened – whether due to the current situation, their recent actions or anything else – and permissions are agreed then, if successful, further developments could abound. It is not unreasonable to suggest that Google could adjust their algorithm and work with mobile service providers to locate users whose search terms suggest they’ve developed symptoms of COVID-19 and push notifications to nearby users and those who have been in contact with this user whilst still preserving their anonymity.

Equally, though, encryption methods could be removed to identify anyone sharing information regarding a breach of curfew or similar offence; devices could even be used to track a user’s whereabouts at all times to ensure they adhere to lockdown measures. These methods may seem draconian but, as widespread approval of the lockdown shows, could be viewed as desirable under extreme circumstances.

Further, if they aid recoveries and are seen to have played a significant part in having done so, could the goodwill generated produce a tipping point: a change in the level of trust we afford these companies with our data and the long-term permissions we are willing to provide?

There is, to put it simply, no obvious answer to such a question. Sharing information with the organisations that make and design various devices and digital services has always delivered various benefits. We can be assigned playlists full of tracks an algorithm has determined we’re likely to enjoy or adverts for products and services we may be looking for.

The nebulousness of what data we do and do not consent to share means that these algorithms are regularly ill-informed, however, with suggestions that often fail to hit their mark being the outcome.

Improving such services, though, is little more than the most obvious example of what could rapidly be achieved with more accurate and precise data: shopping patterns could be analysed with lists automatically compiled, ordered and delivered; wearables could provide the data needed to identify undiagnosed health problems; listening devices could pick up on verbal cues that suggest distress; authorities could automatically determine who was within the proximity of a crime scene between certain times – and these are just a few possibilities.

You may have noticed that the examples I utilised above became gradually more intrusive, draconian and less likely to be fulfillable with data that cannot be traced back to individual users. This is, I feel, incredibly important as, whilst I acknowledge that willingly sharing data with organisations can yield gains, they are not granted without potential drawbacks. Companies claim that the data they will receive is anonymous but many point out that this is not guaranteed.

Consenting to the widespread distribution of our personal data is almost certain to bring about diminished privacy. Whether this is something one is willing to hand over in exchange for greater convenience is an entirely personal preference.

Conclusion

At the start of the year, any suggestion that tech giants would be in a position to persuade us to enhance their jurisdictions concerning our personal data would be laughable. Today circumstances have created an environment within which they may be able to generate the trust needed to do just this.

The debate over whether they should be allowed to is unlikely to be resolved entirely even if consent is given by the majority – this being such a contentious issue – but it is likely to transform it from a hopeless cause into one that has a reasonable chance of success.

A great deal of discussion centred on what a post-pandemic world will look like is currently taking place. One major – and largely unforeseen change – could be that the unique information each of us generates with every single action we undertake in the digital world becomes more accessible to some of the world’s largest organisations.

Soon, we may all need to ask ourselves a question that is not only testing, but that has the potential to shape the world for this and future generations: what do we value more, personal privacy or convenience?

References
  1. Matthew Smith, YouGov (2020), Public overwhelmingly backs the governments new measures to tackle coronavirus
  2. S. O’Dea, Statista (2020), Mobile operating systems’ market share worldwide from January 2012 to December 2019
  3. Tresorit (2019), Trust in Tech Giants is Broken
  4. BBC (2020), Coronavirus: Twitter boss pledges $1bn for relief effort
  5. Reuters (2020), Google-parent Alphabet to donate $800 million in response to coronavirus crisis
  6. Steven Levy, Wired (2020), Has the Coronavirus Killed the Techlash
  7. Jung Won Sonn, The Conversation (2020), Coronavirus: South Korea’s success in controlling disease is due to its acceptance of surveillance​​​​​​

Next

How to maintain security when employees work remotely

© 2024 ROCK. All rights reserved.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×