Academics warn on virus app privacy

More than 300 senior academics including around 240 professors across the world have signed a joint statement warning about privacy with contact tracing apps.

Chris Griffith

10 min read

10:00PMApril 20, 2020.

Updated 1:13PMApril 21, 2020

Macquarie University professor of computing Dali Kaafar

More than 300 senior academics including around 240 professors across the world have signed a joint statement warning about privacy with contact tracing apps. They have specified the conditions under which contact tracing apps meet acceptable privacy standards.

One condition is that the app take-up is entirely voluntary, an issue which dogged Prime Minister Scott Morrison, who at one stage suggested it could be compulsory if not enough people downloaded and installed it. He later clarified it would be voluntary.

“The use of contact tracing apps and the systems that support them must be voluntary, used with the explicit consent of the user and the systems must be designed to be able to be switched off, and all data deleted, when the current crisis is over,” the academic said in the letter.

Macquarie University professor of computing Dali Kaafar, one of the signatories, said the letter had been signed by “the creme de la creme when it comes to researchers and practitioners in the field of privacy enhancing technologies and cyber security”.

“We have been very careful with who would be signing and these are Professors who are on the boards, and editors in chief of the leading journals and publications venues of the field, with significant experience and expertise and prestigious track records,” Professor Kaafar said.

“The International community of researchers in the field has come together to raise awareness on the significant global risks.”

Contact tracing apps will allow health officials to more readily find people at risk of coronavirus after having been in contact with a person who later tested positive to the virus.

Manual contact tracing can take up to three days but an app would allow some of those at risk to be contacted within minutes of a person confirmed as testing positive. This would reduce their exposure to loved ones, work colleagues, and others whom they see for extended periods.

The statement, signed by academics in 26 countries, said that while some contact tracing apps in some countries sought to preserve individual privacy, others would not.

The letter puts forward principles for developing contact tracing apps: that apps only support public health measures and are not used for other purposes, solutions must be transparent and data collection minimal, the most privacy preserving option should be used where multiple options exist and their use must be voluntary.

It said Bluetooth based tracking between individuals are more accurate and offer better privacy than ones that use GPS (geolocation) to identify contacts.

But there were other concerns. “Some of the Bluetooth-based proposals respect the individual's right to privacy, whilst others would enable (via mission creep) a form of government or private sector surveillance that would catastrophically hamper trust in and acceptance of such an application by society at large,” the letter said.

“It is crucial that citizens trust the applications in order to produce sufficient uptake to make a difference in tackling the crisis. It is vital that, in coming out of the current crisis, we do not create a tool that enables large scale data collection on the population, either now or at a later time.”

It said solutions that put together information about a population from the data should be rejected “without further discussion”.

It warned that the state, private sector and hackers could spy on citizens’ real world activities with a social graph.

It said systems must match users as anonymously as possible, and information about non-infected users should not be revealed at all.

“We urge all countries to rely only on systems that are subject to public scrutiny and that are privacy preserving by design (instead of there being an expectation that they will be managed by a trustworthy party), as a means to ensure that the citizen's data protection rights are upheld.”

The signatories are:

Australia

Prof. Dali Kaafar Macquarie University
Prof. Vanessa Teague Thinking Cybersecurity and Australian National University
Dr. Yuval Yarom The University of Adelaide and Data61

Austria

Prof. Daniel Gruss Graz University of Technology
Prof. Christian Rechberger Graz University of Technology

Belgium

Prof. Mireille Hildebrandt VU Brussels Prof. Serge Gutwirth VU Brussels Prof. Wouter Joosen KU Leuven Prof. Nele Mentens KU Leuven
Prof. Bart De Moor KU Leuven Fellow IEEE and SIAM Prof. Yves Moreau KU Leuven Fellow ISCB
Prof. Olivier Pereira UC Louvain
Prof. Frank Piessens KU Leuven
Prof. Bart Preneel KU Leuven Fellow IACR
Prof. Jean-Jacques Quisquater UCLouvain Fellow IACR, Member of Belgium Royal Academy
Prof. Nigel Smart KU Leuven Fellow IACR Prof. François-Xavier Standaert UC Louvain
Prof. Joos Vandewalle KU Leuven Fellow IEEE, IET, Eurasip, Member Royal Academy of Belgium and Academia Europaea
Prof. Ingrid Verbauwhede KU Leuven Fellow IEEE and Royal Academy of Belgium
Prof. Frederik Vercauteren KU Leuven
Dr. Mathias Vermeulen VU Brussels

Brazil

Prof. Mário S. Alvim Universidade Federal de Minas Gerais

Canada

Prof. Vijay Ganesh University of Waterloo Prof. Ian Goldberg University of Waterloo Prof. Sergey Gorbunov University of Waterloo
Prof. Xi He University of Waterloo. Prof. Florian Kerschbaum University of Waterloo
Prof. Marc-Olivier Killijian Université du Québec à Montréal
Prof. Ali José Mashtizadeh University of Waterloo Prof. Alfred Menezes University of Waterloo Prof. Bessma Momani University of Waterloo
Prof. Michele Mosca University of Waterloo
Prof. Paul van Oorschot Carleton University Fellow ACM, IEEE and Royal Soc. Canada
Prof. Douglas Stebila University of Waterloo
Prof. Charles Taylor McGill University

Denmark

Prof. Ivan Damgård Aarhus University Fellow IACR
Prof. Claudio Orlandi Aarhus University

Estonia

Dr. Dan Bogdanov Cybernetica

Finland

Prof. Chris Brzuska Aalto University

France

Prof. Davide Balzarotti EURECOM
Prof. Karim Belabas University of Bordeaux
Dr. Olivier Blazy University of Limoges
Dr. Jean-François Couchot University of Franche-Comté
Prof. Aurélien Francillon EURECOM
Prof. Nadia El Mrabet HDR Mines Saint-Etienne
Dr. Rémi Géraud-Stewart CentraleSupélec
Prof. Jean-Gabriel Ganascia Sorbonne University Fellow EURAI
Prof. Louis Goubin University of Versailles St-Quentin-en-Yvelines
Prof. Stefan Haar INRIA (Mexico Team) Prof. David Kohel Aix-Marseille University
Dr. Pascal Lafourcade University Clermont Auvergne
Dr. Benoît Libert ENS Lyon and CNRS Prof. David Naccache ENS Paris
Prof. Melek Önen EURECOM Dr. Pascal Paillier Zama
Prof. Benjamin Nguyen INSA Centre Val de Loire
Prof. Michaël Quisquater University of Versailles Prof. Damien Stehlé ENS Lyon
Prof. Jacques Stern ENS Paris Fellow IACR Prof. Massimiliano Todisco EURECOM

Germany

Prof. Michael Backes CISPA Helmholtz Center for Information Security Fellow IEEE
Prof. Eric Bodden Heinz Nixdorf Institute at Paderborn University & Fraunhofer IEM
Prof. Georg Borges Saarland University
Dr. Sven Bugiel CISPA Helmholtz Center for Information Security
Prof. Stefan Brunthaler Universität der Bundeswehr München
Prof. Cas Cremers CISPA Helmholtz Center for Information Security
Dr. Jean Paul Degabriele TU Darmstadt
Dr. Alexander Dix European Academy for Freedom of Information and Data Protection
Prof. Christian Djeffal TU München
Prof. Hannes Federrath University of Hamburg President of German Computer Society
Prof. Bernd Finkbeiner CISPA Helmholtz Center for Information Security
Dr. Michael Friedewald Fraunhofer ISI
Prof. Mario Fritz CISPA Helmholtz Center for Information Security
Prof. Sascha Fahl Leibniz University Hannover
Prof. Nils Fleischhacker Ruhr-Universität Bochum Prof. Dominik Herrmann University of Bamberg
Dr. Jeanette Hofmann Wissenschaftszentrum Berlin für Sozialforschung
Prof. Thorsten Holz Ruhr-Universität Bochum
Prof. Albert Ingold Johannes Gutenberg Universität Mainz
Dr. Swen Jacobs CISPA Helmholtz Center for Information Security
Prof. Tibor Jager University of Wuppertal
Dr. Ghassan Karame NEC Laboratories Europe
Dr. Christian Katzenbach Humboldt Institute for Internet and Society, Berlin
Prof. Eike Kiltz Ruhr-Universität Bochum
Dr. Dennis-Kenji Kipker European Academy for Freedom of Information and Data Protection
Prof. Dr. Teresa Koloma Beck Universität der Bundeswehr München
Dr. Katharina Krombholz CISPA Helmholtz Center for Information Security
Prof. Dr. Jörn Lamla Universität Kassel
Prof. Gregor Leander Ruhr-Universität Bochum
Prof. Anja Lehmann Hasso-Plattner-Institute and University of Potsdam
Prof. Mira Mezini TU Darmstadt Member Nat. Acad. of Engineering Sciences
Prof. Patrizia Nanz University of Potsdam
Prof. Dr. Paul Nolte Freie Universität Berlin
Prof. Christof Paar Max Planck Inst. CyberSec. and Privacy Fellow IACR and IEEE Dr. Sebastian Pape Goethe University Frankfurt
Dr. Giancarlo Pellegrino CISPA Helmholtz Center for Information Security
Prof. Dr. Hartmut Pohl softScheck GmbH Dr. Tina Pollmann TU München
Prof. Jörn Müller-Quade KIT Karlsruhe
Prof. Kai Rannenberg Goethe University Frankfurt Vice President IFIP Prof. Steffen Reith RheinMain University of Applied Sciences
Prof. Elisa Resconi TU München
Prof. Alexander Roßnagel University of Kassel
Prof. Ina Schiering Ostfalia University of Applied Sciences
Prof. Sebastian Schinzel Münster University of Applied Sciences Prof. Stefan Schönert TU München
Prof. Jörg Schwenk Ruhr University Bochum
Prof. Juraj Somorovsky Paderborn University
Prof. Christoph Sorge Universität des Saarlandes
Dr. Ben Stock CISPA Helmholtz Center for Information Security
Prof. Thorsten Strufe KIT Karlsruhe and CeTI TU Dresden
Dr. Nils Ole Tippenhauer CISPA Helmholtz Center for Information Security
Prof. Jilles Vreeken CISPA Helmholtz Center for Information Security
Prof. Andreas Zeller CISPA Helmholtz Center for Information Security Fellow ACM

India

Prof. Subhamoy Maitra Indian Statistical Institute
Dr. Mridul Nandi Indian Statistical Institute
Prof. Manoj Prabhakaran IIT Bombay
Dr. Somitra Kr. Sanadhya IIT Ropar
Prof. Sandeep Kumar Shukla IIT Kanpur Fellow IEEE

Italy

Prof. Rainer Bauböck European University Institute, Florence
Prof. Carlo Blundo Università di Salerno
Prof. Dario Catalano Università di Catania
Prof. Giovanni Comandé Scuola Superiore Sant'Anna, Pisa
Prof, Mauro Conti Università di Padova
Prof. Giuseppe Persiano Università di Salerno
Prof. Daniele Venturi Sapienza University of Rome
Prof. Ivan Visconti University of Salerno

Israel

Prof. Katya Assaf Hebrew University
Prof. Yehuda Lindell Bar-Ilan University

Japan

Prof. Kazuo Sakiyama UEC Tokyo

Luxembourg

Prof. Peter Y A Ryan University of Luxembourg

Portugal

Prof. Manuel Barbosa University of Porto and INESC TEC

The Netherlands

Prof. Lejla Batina Radboud University
Prof. Peter Boncz CWI Amsterdam and VU University Amsterdam
Prof. Jos Baeten CWI Amsterdam and University of Amsterdam
Prof. Ronald Cramer CWI Amsterdam and Leiden University Fellow IACR Prof. Joan Daemen Radboud University
Prof. Arie van Deursen TU Delft
Prof. Aaron Ding TU Delft
Dr. Leo Ducas CWI Amsterdam
Prof. Dr. Michel van Eeten TU Delft
Prof. Serge Fehr CWI Amsterdam and Leiden University
Prof. Tobias Fiebig TU Delft
Prof. Natali Helberger University of Amsterdam Prof. Lisa Herzog University of Groningen Prof. Marijn Janssen TU Delft
Prof. Tanja Lange Eindhoven University of Technology
Prof. Arno R. Lodder Vrije Universiteit Amsterdam
Prof. Veelasha Moonsamy Radboud University
Prof. Stefanie Roos TU Delft
Prof. Peter Schwabe Radboud University
Dr. Benne de Weger Eindhoven University of Technology
Dr. Philip Zimmermann TU Delft

New Zealand

Prof. Steven Galbraith University of Auckland

Norway

Prof. Kristian Gjøsteen NTNU

Slovenia

Prof. Marko Holbl University of Maribor

Spain

Prof. Manuel Carro IMDEA Software Institute and Technical University of Madrid
Prof. Ignacio Cascudo IMDEA Software Institute
Prof. Dario Fiore IMDEA Software Institute
Prof. Ramon Lopez de MantarasArtificial Intelligence Research Institute Fellow of EurAI Prof. Juan Tapiador UC3M
Prof. Narseo Vallina-Rodriguez IMDEA Networks Institute

Sweden

Prof. Rose-Mharie Åhlfeldt University of Skövde
Dr. Matthias Beckerle Karlstad University
Prof. Simone Fischer-Hübner Karlstad University
Dr. Leonardo Martucci Karlstad University
Mr. Linuys Nordberg DFRI
Dr. Tobias Pulls Karlstad University

Switzerland

Prof. David Basin ETH Zurich Fellow ACM
Dr. Peter Berlich ZHAW
Dr. Jan Beutel ETH Zurich
Prof. Edouard Bugnion EPFL Fellow ACM
Prof. Christian Cachin University of Bern Fellow ACM and IEEE
Prof. Srdjan Čapkun ETH Zurich Fellow ACM
Prof. Bryan Ford EPFL
Prof. Dennis Hofheinz ETH Zurich
Prof. Jean-Pierre Hubaux EPFL Fellow ACM and IEEE
Prof. James Larus EPFL Fellow ACM
Prof. Ueli Maurer ETH Zurich Fellow ACM, IACR and IEEE
Prof. Adrian Perrig ETH Zurich Fellow ACM
Prof. Kenny Paterson ETH Zurich Fellow IACR
Prof. Mathias Payer EPFL
Prof. Kaveh Razavi ETH Zurich
Prof, Marcel Salathé EPFL
Prof. Carmela Troncoso EPFL

United Arab Emirates

Prof. Christina Pöpper New York University, Abu Dhabi.

United Kingdom

Prof. Martin Albrecht Royal Holloway, University of London
Dr. Reuben Binns University of Oxford
Prof. Lorenzo Cavallaro King's College London
Prof. Liqun Chen University of Surrey
Prof. Carlos Cid Royal Holloway, University of London
Dr. Jennifer Cobbe University of Cambridge
Prof. Jon Crowcroft University of Cambridge FRS, FREng Fellow ACM and IEEE
Prof. George Danezis UCL
Prof. Lilian Edwards Newcastle University
Prof. Flavio Garcia University of Birmingham
Dr. Robert Granger University of Surrey
Dr. Jassim Happa Royal Holloway, University of London
Dr. Rikke Bjerg Jensen Royal Holloway, University of London
Dr. Philipp Jovanovic UCL
Prof. Aggelos Kiayias University of Edinburgh
Prof. Christopher Marsden University of Sussex
Prof. Keith Martin Royal Holloway, University of London
Prof. Ivan Martinovic University of Oxford
Dr. Tim Muller University of Nottingham
Dr. Dan Page University of Bristol
Dr. Elizabeth Quaglia Royal Holloway, University of London
Prof. Mark D. Ryan University of Birmingham
Prof. Burkhard Schafer University of Edinburgh
Prof. Steve Schneider University of Surrey Fellow IET
Dr. Jat Singh University of Cambridge
Prof. Max Van Kleek University of Oxford
Dr. Michael Veale UCL
Prof. Alan Woodward University of Surrey Fellow BCS and InstP
Dr. Vassiles Zikas University of Edinburgh

United States of America

Prof. Alessandro Acquisti Carnegie Mellon University
Dr. Johanna Amann ICSI
Prof. Adam Bates Uni. of Illinois at Urbana-Champaign
Prof. Lujo Bauer Carnegie Mellon University
Prof. Mihir Bellare UC San Diego Fellow ACM and IACR
Prof. Daniel J. Bernstein University of Illinois at Chicago
Prof. Matt Blaze Georgetown University
Prof. Vincent Bindschaedler University of Florida
Prof. Dan Boneh Stanford University Fellow ACM, IACR, US Nat. Acad. of Eng.
Prof. Kevin Butler University of Florida
Prof. Ran Canetti Boston University Fellow IACR Deirdre Connolly Zcash Foundation
Prof. Nicolas Christin Carnegie Mellon Uni.
Prof. Lorrie Cranor Carnegie Mellon Uni. Fellow ACM and IEEE
Prof. Anupam Das North Carolina State Uni.
Prof. Srinivas Devadas MIT Fellow ACM and IEEE
Prof. Sven Dietrich City University of New York
Prof. Marten van Dijk University of Connecticut and CWI
Prof. Jintai Ding University of Cincinnati
Roger Dingledine The Tor Project
Dr. Roel Dobbe AI Now Institute (New York)
Prof. Manuel Egele Boston University
Prof. William Enck North Carolina State Uni.
Prof. Shyam Gollakota University of Washington
Prof. Matthew D. Green Johns Hopkins University
Prof. Rachel Greenstadt New York University
Prof. Giulia Fanti Carnegie Mellon University
Prof. Dean Foster Uni. of Pennsylvania Fellow IMS and Game Theory Society
Prof. Britta Hale Naval Postgraduate School
Dr. Mike Hamburg Rambus
Dr. Helena Handschuh Rambus Fellow
Prof. Trent Jaeger Pennsylvania State University
Prof. Somesh Jha Uni. of Wisconsin, Madison
Prof. Sham Kakade University of Washington
Prof. Aniket Kate Purdue University
Prof. Jonathan Katz George Mason Uni. Fellow IACR
Dr. Hugo Krawczyk Algorand Foundation Fellow IACR
Prof. Susan Landau Tufts University Fellow ACM and AAAS
Prof. Tadayoshi Kohno University of Washington
Mr. John Langford Microsoft Research President of ICML
Dr. Timothy Libert Carnegie Mellon University
Prof. Anna Lysyanskaya Brown University
Prof. David Mazières Stanford University
Prof. Michelle Mazurek University of Maryland, College Park
Prof. Patrick McDaniel Pennsylvania State Uni.
Prof. Prateek Mittal Princeton University
Prof. Aanjhan Ranganathan Northeastern University
Prof. Bradley Reaves North Carolina State Uni.
Prof. Franziska Roesner University of Washington
Mr. Gregory Rose Deckard Technologies, Inc.
Prof. Norman Sadeh Carnegie Mellon University
Prof. Alessandra Scafuro North Carolina State Uni.
Prof. Patrick Schaumont Worcester Polytechnic Institute
Prof. Micah Sherr Georgetown University
Prof. Thomas Shrimpton University of Florida
Prof. Philip B. Stark UC Berkeley Fellow ASA, Inst. Phys. and Royal Astronomy Soc.
Prof. Stefano Tessaro University of Washington
Prof. Patrick Traynor University of Florida
Prof. Lyle Ungar University of Pennsylvania
Henry de Valence Zcash Foundation
Prof. Mayank Varia Boston University
Prof. XiaoFeng Wang Indiana University Fellow IEEE
Mr John Wilkinson MIT
Prof. Byron Williams University of Florida
Prof. Laurie Williams N. Carolina State Uni. Fellow IEEE
Prof. Matthew Wright Rochester Institute of Technology
Prof. Dongyan Xu Purdue University
Prof. Xiangyu Zhang Purdue University