Canadians' Security and Privacy Must Be Protected in The Race To Trace

C

anadians seem ready to embrace digital contact tracing to help contain COVID-19 through an anonymous mobile app, with a majority prepared to make the app mandatory to go to work or take public transit.

In a new report and survey, the Cybersecure Policy Exchange at Ryerson University has five recommendations to ensure this new technology is well-designed and governed to protect Canadians' security and privacy.

In their new report, The Race To Trace Security and Privacy of COVID-19 Contact Tracing Apps, the Cybersecure Policy Exchange surveyed 2,000 Canadians in mid-May and found

Majorities of Canadians support making contact tracing apps mandatory for the use of public services, like public transit (55%) and in workplaces (51%), though in both cases only one in four strongly support such an approach.

Support is somewhat lower (46%) for retail or grocery stores making apps mandatory.

In contrast, opposition to landlords or condominiums making contact tracing apps mandatory (45%) surpassed support (30%).

The report gives a comprehensive overview for policy audiences and the Canadian public of contact tracing apps, which track the proximity of other mobile devices and alert users if they have come close to someone infected with COVID-19. It provides five critical recommendations to evaluate new contact tracing technologies. While there will be security and privacy vulnerabilities with any contact tracing app, Canadian governments and institutions should ensure that any app mitigates these risks to the greatest extent possible by

Following privacy-by-design principles and using only Bluetooth technology, not location data;

Using a decentralized approach by keeping contact data on Canadians' individual devices;

Only collecting, storing and using data that is necessary, including deleting data after no more than 30 days, limiting data use to public health uses only, and deleting the app after the pandemic is adequately contained;

Ensuring the app is used on a voluntary basis only, and passing legislation to ensure that no public or private entities can make the app mandatory to access goods, services, employment or housing, especially considering one in four low-income Canadian households do not have a smartphone; and

Being transparent and maintaining trust, in part through transparent procurement, publicly available source code, comprehensive independent reviews and ongoing oversight.

App-enabled contact tracing is only desirable if it feeds into a strong, people-powered public health tracing, testing and treatment system. It should not be mandatory, but a well-governed regime, guided by these five principles, may support the fight against COVID-19.

A review of contact tracing apps implemented in other jurisdictions indicates that no jurisdiction has yet to fully satisfy all these conditions, and should it choose to proceed, Canadian governments and institutions must ensure the highest standards of privacy and security.

In an age where technology platforms can help amplify mistrust and division, successfully building a regime with these robust protections may help prove that well-designed and -governed technology, developed and used transparently, voluntarily and responsibly in the public interest, can build public trust.

The full findings from The Race to Trace are available at https//www.cybersecurepolicy.ca/. An anonymous survey was conducted by Pollara Strategic Insights on behalf of the Cybersecure Policy Exchange online with 2,000 Canadian residents over the age of 18 from May 14 to 22, 2020. As a guideline, a probability sample of this size would yield results accurate to +/- 2 percentage points, 19 times out of 20 (95%).

The Cybersecure Policy Exchange is a new initiative from Ryerson University, dedicated to advancing effective and innovative public policy in cybersecurity and digital privacy. The Cybersecure Policy Exchange is powered by RBC through Rogers Cybersecure Catalyst and the Ryerson Leadership Lab.

โœ”๏ธ Canadians' Security and Privacy Must Be Protected in The Race To Trace

๐Ÿ“ Post your comments

๐Ÿ’• Found this article helpful? Spread the word and support us!