Source: SC Magazine
01 May 2020

As the likes of Google and Apple bolster privacy in the race to come up with contact tracing apps to get a handle on the spread of COVID-19, Americans are placing a premium on safeguarding their data with only 27 percent in one study saying they would give permission to an app to track their location.

Apple and Google have fast-tracked development of an API that can be used to build Bluetooth-based contact tracking app, which they’re now soft-pedaling as an “exposure notification” tool. The companies plan to release the API on schedule in May and offer a platform intended exclusively for public health agencies to develop apps in the next couple of months.

The duo released details of measures they’ve taken to ensure privacy, including limiting the time that devices should be in close proximity to exchange keys to 30 minutes and encrypting device metadata.

The latest steps to ensure privacy are intended to allay growing fears that contact tracing apps will expose users or be misused. A large majority of Americans – 89 percent – said they support or strongly support privacy rights, a CyberNews.com survey found. The number of those willing to let an app display location if they were infected ticked up to 30 percent but most – 79 percent – worried that the government wouldn’t continue to use what they consider intrusive tracking measures well after the pandemic has been quashed.

“With all the discussion that is taking place worldwide about ways to ensure public health and safety, guidelines would certainly provide a useful starting point for the tracking, tracing and testing so necessary to fight the Coronavirus pandemic,” said Steve Durbin, managing director of the Information Security Forum.

“The fundamental issues for me that need to be addressed are transparency and building in privacy to any technology solution or approach from the outset – privacy by design in other words,” said Durbin. “The notion of only storing data for as long as you need it and protecting it at all stages of the information lifecycle will strike a chord with information security professionals worldwide who for many years have been adopting this mantra to safeguard confidential data.”

Read Full Article