Home M3AAWG Blog M3AAWG Engagement Series: COVID-19 Tracing Apps Security, Privacy and Efficacy Considerations

Author: Amy Cadagin, Executive Director of M3AAWG

In our upcoming Member Engagement webinar series, Stephen Farrell, M3AAWG Senior Technical Advisor, will host a session detailing the state of COVID-19 contact-tracing applications and discuss their security, privacy and efficiency implications. The session will take place on Tuesday, September 15th at 8am PT / 11am ET. Professionals from M3AAWG member companies are welcome to join the session. To register, please visit the M3AAWG Engagement Series site

Within M3AAWG, the Data and Identity Protection Committee has undertaken efforts to facilitate knowledge-sharing around contact-tracing applications, understand their data and privacy implications, and develop best practices to support their effectiveness and long-term viability. 

Despite increased attention on contact-tracing amidst the pandemic, the practice has been implemented manually by public health officials in emergency response long before COVID-19. As we work to contain outbreaks, contact-tracing applications are supporting contact tracers in monitoring the health and safety of local environments. Yet, concerns around personal privacy, data security, and potential abuse must be addressed to measure effectiveness of contact-tracing applications.

Without appropriate security standards in place, user data could be subject to abuse aimed at gathering private information or spreading misinformation, including providing false positives and altering data to induce panic. Currently, many applications lack certificate pinning – which provides an additional layer of secure communication between users and applications – potentially enabling unauthorized parties to access personal health data. Additionally, many applications utilize bluetooth pinging, which could have unreliable signals and inaccurately measure distance between users. These privacy and security concerns, among others, threaten the efficiency of contact-tracing applications and must be addressed to ensure their long-term viability.

In his session, Stephen will outline the state of contact tracing apps today and the need to carefully consider the privacy and security implications that come with the collection of location and health data. Additionally, he’ll discuss how these considerations go beyond technical aspects and impact adoption, highlighting research from the Testing Apps for COVID Tracing (TACT) project.

The presentation is open to all M3AAWG member companies and their team members. Please keep in mind that all M3AAWG Member Engagement sessions follow M3AAWG meeting and conduct policy. We look forward to having you in attendance and ask that you register ahead of the session on the M3AAWG Engagement Series site.


The views expressed in DM3Z are those of the individual authors and do not necessarily reflect M3AAWG policy.