Coronovirus Apps

Privacy issues with Coronovirus Apps

Virus-Tracing Apps Are Rife With Problems. Governments Are Rushing to Fix Them. NY Times, July 8, 2020

Connecting coronavirus apps and workplaces: what risk does we assume, and when does we assume it, if we download an app required for entering the workplace? Op-Ed: Your college may ask you to sign a waiver for harm inflicted by COVID-19. Don’t do it

In our capitalist society, it’s really about the money, not the people. Tell them schools will open again, work will return to the economic boom as we get back to it, and everything will go back…we just have to figure out: How to get people to actually use contact tracing apps…

Harvard Business Review , July 15, 2020


Early on my library was talking about promoting the Carnegie Mellon contact tracing app to patrons. In talking with friends, some of them seemed to think that downloading a contact tracing app was the altruistic thing to do in the same vein as wearing masks in public. :grimacing:
I read their rather brief privacy policy and DID NOT feel comfortable with pushing it out to patrons or friends and family.

    We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law.
    When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

The language was so non-committal about retention and loosey-goosey on who actually has access to it. Yuck


Yes! The privacy policy was surprisingly vague and not even in the sinister way I’d expect. :imp:

I’m going to also go with: Nope.

There’s no mention of if you want your information redacted, whether there is any recourse you can take. Participating does not seem like there is any strong message for securing the info other than storage, yikes!

There also needs to also be discussion around clearly indicating what is meant by

securely store your personal information and isolate it from any further processing until deletion is possible.

  • what is this further processing, do they mean usage?
  • deletion is possible is also, too vague!
1 Like

New research on apps and COVID surveillance technologies:

The global coronavirus pandemic has raised important questions regarding how to balance public health concerns with privacy protections for individual citizens. In this essay, we evaluate contact tracing apps, which have been offered as a technological solution to minimize the spread of COVID-19. We argue that apps such as those built on Google and Apple’s “exposure notification system” should be evaluated in terms of the contextual integrity of information flows; in other words, the appropriateness of sharing health and location data will be contextually dependent on factors such as who will have access to data, as well as the transmission principles underlying data transfer. We also consider the role of prevailing social and political values in this assessment, including the large-scale social benefits that can be obtained through such information sharing. However, caution should be taken in violating contextual integrity, even in the case of a pandemic, because it risks a long-term loss of autonomy and growing function creep for surveillance and monitoring technologies.

Vitak, J., & Zimmer, M. (2020). More Than Just Privacy: Using Contextual Integrity to Evaluate the Long-Term Risks from COVID-19 Surveillance Technologies. Social Media + Society .


Sorry I’m late to this discussion, but I’ve wanted to talk about this for a bit. The institution I work at has an attestation form that you need to fill out anytime you come to campus (this applies to students, faculty, staff, and community members). There are so many things that aren’t great about it:

  1. Affiliated individuals have to login with their NetID and password so that attestations can be linked to individuals and that information is kept beyond a period recommended by the CDC (indefinitely as far as I know). Before I got here, there was talk about requiring individuals to state where they went on campus but thankfully that was shot down quickly.
  2. While I know contact tracing may have benefits for stemming COVID spread, what concerns me about this particular method is that there is NO information on what other information is obtained, who sees that information, what else it is used for, etc. I’ve sent a couple emails out to kind of get an idea on this but haven’t heard back… reached a point of working on a mini-power map just to see who might have the answers.

This is more of a “gotta get this off my chest because nobody else is worried about it” kind of thing but I’d be interested to know the community’s thoughts on it!