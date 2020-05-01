Google technology used in contact-tracing apps may lead to individuals being identified, or even tracked for ads

New research from Trinity College Dublin suggests that Google technology used in contact-tracing apps may lead to individuals being identified, or even tracked for ads.

The in-depth TCD report, from Professor Douglas Leith and Stephen Farrell, comes as pressure mounts on health Minister Simon Harris and the HSE to disclose what technology will be used in Ireland’s upcoming contact-tracing app. Fears have arisen that the app may inadvertently allow agencies or companies to identify and track citizens.

On Thursday, Minister Harris admitted that take-up among the public will be crucial.

“This will only work if the people of Ireland download it,” he told the Dail on Thursday. “Otherwise it won’t make a blind bit of difference.”

Experts say that take-up of over 60pc of smartphone users is needed. However, the number of downloads in countries using such app has so far been low.

The TCD report examined the role of privacy and Google in Singapore’s OpenTrace app, often a focus for European governments exploring their own potential apps, as a case study.

It found that analytics owned by Google and used by the Singapore app make it potentially possible for users to be identified. It also quotes Google’s own literature around its Firebase analytics, citing ad-tracking as a potential use.

The study recommends that Singapore remove the Google analytics from the contact-tracing app.

“There’s an obvious potential conflict of interest,” Professor Leith told Independent.ie’s Big Tech Show podcast today. “In this case, it’s a company that collects data for advertising. Its business model is collecting personal data for commercial use. It can be done inadvertently because of the rush to produce an app quickly and all of the pressure to do this.”

Takeup of the app in Singapore has struggled to get above 20pc, despite its relative longevity in use.

A spokesperson for Google declined to comment on the issue. The company’s policy states that Google Cloud and Firebase only process customer data according to their instructions.

Professor Leith also called for more transparency around Ireland’s contact-tracing app before it’s released.

“In fairness to Singapore, they did make it open source,” he said. “And that's one of the things I think the Irish government should be doing before they release it. Let some independent people have scrutiny on it. The more eyes there are on this, the more we can catch avoidable mistakes.”

Earlier this week the Irish Council for Civil Liberties (ICCL) published a letter calling for greater openness around the contact-tracing app.

“Source code cannot be concealed and must be shared publicly and regularly audited by external experts,” it said in a statement. “It is vital that the public trusts the solutions of our government.”

The ICCL also cited concerns of the app extending beyond the purpose of simply tracking Covid-19 cases.

“Other countries are developing tracing apps which are for contact tracing alone,” it said. “They do not track location or symptoms. There is no known justification for location tracking. Symptom-tracking, if it is really needed, can be handled in a different app.”

Asked for more information about the contact tracing app, the HSE declined to comment.

The company designing the Irish app, Waterford-based Nearform, also declined to comment.

“The OpenTrace app uses Google’s Firebase service to store and manage user data,” says the TCD research. “This means that there are two main parties involved in handling data transmitted from the app, namely Google and the health authority operating the OpenTrace app itself. We find that OpenTrace’s use of Firebase Analytics telemetry means the data sent by OpenTrace potentially allows the (IP-based) location of user handsets to be tracked by Google over time. We therefore recommend that OpenTrace be modified to disable use of Firebase Analytics.”

The study also advises against the storage of phone numbers with Google’s technology used in the background.

“OpenTrace also currently requires users to supply a phone number to use the app and uses the Firebase Authentication service to validate and store the entered phone number. The decision to ask for user phone numbers (or other identifiers) presumably reflects a desire for contact tracers to proactively call contacts of a person that has tested positive. Alternative designs make those contacts aware of the positive test, but leave it to the contact to initiate action. This may indicate a direct trade-off between privacy and the effectiveness of contact tracing. If storage of phone numbers is judged necessary we recommend changing OpenTrace to avoid use of Firebase Authentication for this.”

Finally, the report advocates for a rethink on hosting encryption keys.

“The reversible encryption used in OpenTrace relies on a single long-term secret key stored in a Google Cloud service and so is vulnerable to disclosure of this secret key,” it said.

