Cybersecurity Problems With Contact Tracing

When COVID-19 hit in early 2020, one of the first things authorities did was create a plan to start tracking where positive-tested people had been.

Contact tracing is key to controlling who has the virus, who they are around, so that people can be notified and begin self-isolation for a specific period of time. The faster you can determine who is at risk, the sooner the spread can be controlled.

Of course, COVID-19 is just one reason to build contact tracing applications. Businesses see the benefits in all kinds of applications. Assisted living and skilled nursing facilities have been using them to monitor patients’ movements, which can be especially beneficial for patients with cognitive deficits. Instead of wondering where they are, you can track every move they make, keeping a watchful eye over them at all times.

But where there is potential for benefits, there are also doors to criminal behavior. A security flaw in Qatar’s coronavirus contact tracing app left over a million individuals’ personal data at risk. Because the app was mandatory for every resident to install, it had the potential of impacting every citizen.

When do the benefits outweigh the risks? When public health is at risk, there might not be cause for discussion. Tracking and isolating cases is imperative to curb infection rates. But how about in the general population? Should people be able to track another population’s movements because of an elevated risk factor, such as with assisted living or skilled nursing facilities?

There are two things to consider as contact tracing applications become more available.

Is privacy protected?

In the above examples of contact tracing used in assisted living facilities, the residents were on edge about having the technology in place. Often, both the staff and patients’ families considered it to be the lesser of two evils - they preferred to keep a person safe, and surveillance was an end to the means. But it was also proven to increase anxiety in patients who understood the technology. They changed their behavior, scared of what the tracing software would show. Timing bathroom visits, for example, can further enhance health problems. Yet patients admitted to doing just that.

There are always weaknesses

Yin and yang. Two sides to every story. Where there are benefits, there are also pitfalls.

Wearable technology is a growing industry. Giants like Apple, Google, and smaller companies like CarePredict are moving further into contact tracing technology.

Wearables are becoming more commonplace throughout the population because of ease. You can track your steps, send a quick text, and check your email, all from this tiny device. And because you wear it, leaving it on for twenty-four hours of the day, adding contact tracing is easy to do.

Top-level administrators state the data captured and used at the top is anonymous, but researchers have easily used the data to drill down to specifics. They’ve uncovered such things as classified military outposts, and tracked the movement of specific groups.

Wearables might not even be the target. Hackers want bigger payoffs. Wearable technology might just be a way to piggyback in. If they can use a wearable connection to break-in to a smartphone with even more contact information, the damage begins.

Is contact tracing a part of our future? It’s already here. The more important question now is: How are you building it into your cybersecurity plan?

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.