6 Principles to Prevent Misuse of Network-Based Tracking in the War on Covid-19
The software discloses substantial details about one’s habits and routines, hence these systems need strict governance as to when and how they should be used
The cyber and data security sectors have reached a pivotal moment, one that we will reflect on for years to come. Those creating and maintaining these new processes bear a large responsibility and will be judged on how they responded to the challenges posed by the Covid-19 pandemic for decades.
We have seen a number of innovative smart technology systems introduced to address the spread of coronavirus. These have included:
1. Remote Medical Triaging Systems - using remote temperature measurement and facial recognition to diagnose and triage patients.
2. Remote Healthcare Monitoring Systems - enabling hospital teams to reduce contact with coronavirus patients.
3. Network-Based Tracking Systems - increasingly used by governments around the world, tracking civilians to match confirmed cases with individuals they might have met during the incubation period.
The technique that has been shown to be most effective in combating Covid-19, although also regarded as the most contentious in many cases, is social distancing, and the methods being employed to enforce this practice often incorporate network-based tracking systems. This tool is generally used by domestic security organizations to track high-risk suspects in criminal or terror investigation situations, although it is now increasingly being used to track potentially infected civilians to control the spread of the disease amongst the healthy population. Effective – yes, but certainly a tool that is raising eyebrows in the privacy and cybersecurity world.
These systems contain information that can easily be used to infringe privacy rights and regulations, including insights into where an individual is at any given time and who they have met. The software discloses substantial details about one’s habits and routines, hence these systems need strict governance as to when and how they should be used. It is also important for governments and organizations to provide regulations concerning what data is stored and for how long, how secure the system is, who can access the systems, what purposes they can fulfill, and how civilians will know they are being tracked.
When rolling out or operationalizing any non-security threat-related deployments of these systems, many practical aspects need to be clarified and made visible; not just how secure the systems are, which is, of course, imperative when looking at population monitoring, but also in regards to interaction (does the system need collaboration from the population?). For example, machine-learning needs to be trained on correct datasets. One must consider that an individual may leave the house without a mobile phone and people may challenge the accuracy of the systems in sight, as well as a host of other privacy concerns. These concerns need to be baked into the very infrastructure of the program.
To address these sensitivities, there are six principles we would urge anyone constructing and running these systems to consider when addressing the growing threat of Covid-19:
1. Inform those being subjected to tracking about the need to deploy these systems
2. External audit by an independent body to monitor the use of the systems
3. Commit to purging / sanitizing data at the earliest possible occasion
4. Commit to closing these systems during normal times
5. Sanitized data will be globally available for analysis, research, and machine-learning purposes
6. The publishing of a strict data security and access policy, enabling visibility to the application of the above commitments
The impact that the implementation of these principles could have industry-wide should speak for itself - only time will tell.
The author is the Chief Knowledge and Innovation Officer at Qualitest