Israeli Contact Tracing App Raises Privacy Concerns in US

As contact tracing apps roll out in the US, apps like Tel Aviv-based GlobeKeeper’s SAFE spark concerns around privacy and civil liberties

Contact tracing, a public health tactic in use for decades by health officials to identify and track the transmission of viruses from person to person, had until now primarily been a manual process. But the development of contact tracing apps, which can provide authorities with a much more complete picture of where people have been, with whom, and for how long, has heightened concerns among civil liberties organizations and experts about a potential infringement on privacy rights.

One leading developer of contact tracing apps, Tel Aviv-based GlobeKeeper, is now in talks with various US states and private companies to deploy its COVID-19 tracking app SAFE.

Earlier in the pandemic, GlobeKeeper collaborated with Israel’s Health Ministry in developing HaMagen, a voluntary contact tracing app currently in use by over 2 million Israelis.

The new app, SAFE, works with a device’s Bluetooth technology to broadcast and communicate with other Bluetooth devices in range. The app generates unique anonymous identifiers every 15 minutes and uploads the information to a public database. Data is stored on the individual’s device, with deletion after 21 days.

GlobeKeeper’s COVID-19 tracking app SAFE. (Courtesy)

“The data is basically public. So not even the government owns it. It’s sitting on the cloud, publicly. It’s random unique identifiers that don’t include any personal information,” GlobeKeeper CEO Dan Peleg explained.

Peleg said the SAFE app meets the standards of the California Consumer Privacy Act (CCPA) and does not violate the rules of the US Health Insurance Portability and Accountability Act.

While there is no comprehensive federal privacy law in place in the US, developers who use the CCPA model as a guideline are viewed positively by Professor Jon Garon, director of the Intellectual Property, Cybersecurity and Technology Law Program at Nova Southeastern University’s Shepard Broad College of Law. According to Garon, CCPA is the most aggressive pro-consumer law in the US.

“If these apps are adopted by state health agencies, it is incumbent on the agencies to make sure contractually that the consumer agreement is very narrow in scope, allowing the app to do the contact tracing necessary for health care but not to divulge that data to any third party. If it’s done that way, then its health benefits will outweigh the privacy risks,” Garon said.

Despite transparency assurances by contact tracing developers like Peleg, and those like Garon who see the potential benefits of digital contact tracing, there remain widespread concerns over privacy among civil liberties watchdogs like the Surveillance Technology Oversight Project (S.T.O.P.).

“I think digital contact tracing is unproven, unreliable, and in all likelihood, a dangerous distraction from manual contact tracing and other evidence-based public health tools,” said Albert Cahn, the executive director of S.T.O.P.

Cahn is concerned that contact tracing technology in the US could be used as a new spying tool by local police departments and national security authorities.

I think digital contact tracing is unproven, unreliable, and in all likelihood, a dangerous distraction from manual contact tracing and other evidence-based public health tools.

There is also the concern that, should this type of software be purchased by private entities, the voluntary nature of the app could be nullified, forcing people to make choices like keeping either their jobs or their right to privacy.

“As an employee protection matter, it’s completely inappropriate to give companies this sort of power over their employees’ health data,” Cahn said.

S.T.O.P. is currently working on enacting a state law in New York that would ban employers from forcing employees to hand over their health data.

Peleg believes that how private companies choose to enforce use of the SAFE app is a matter of their internal policies. He also thinks that, while governments should regulate apps like SAFE, his company is not responsible for government actions that might result in the accessing of an individual’s data stored on their personal device.

Both Garon and Cahn advocate the need for federal privacy laws in the US and better protection against geolocation data mining, of which both Google and Apple have been found guilty in the past.

In May, S.T.O.P. released a report about the civil liberties and privacy risks of COVID-19 Bluetooth tracking apps.

The future of contact tracing apps beyond the pandemic is unclear but Peleg is enthusiastic that his app’s positive contribution and benefits will outweigh the risks posed by privacy gatekeepers.

“The point is to help the community minimize the economic damage and life taken from the pandemic. Getting back to normal is the most important thing,” he said.

The point is to help the community minimize the economic damage and life taken from the pandemic. Getting back to normal is the most important thing.

For Cahn, there are still important questions to be answered by American society and lawmakers.

“In the case of COVID-19, do we go down the path of experimental, unproven, equally dangerous technology as a solution? Or do we listen to the public health experts, use evidence-based methods and make the investment in manual contact tracing needed to save lives?”

Rohama Bruk is a student in The Media Line’s Press and Policy Student Program. Ms. Bruk attends the University of Miami.