A Human Centric Framework to Evaluate the Risks Raised by Contact-Tracing Applications
17 Pages Posted: 20 Jul 2020
Date Written: April 22, 2020
Digital technologies and data-gathering and analytics are gaining prominence in the strategies adopted by governments all over the world as they address many of the challenges associated with the COVID-19 pandemic. Contact-tracing applications, in particular, promise to help contain the spread of the virus and allow societies to slowly relax social distancing measures. However, digital solutions pose a variety of risks to the security of individuals, and the enjoyment of human rights. This document proposes a framework to analyze how technical design and governance interplay in contact-tracing applications and how this interplay balances the safety needs of individuals and society at large. The document focuses on the two most prominent models at the time of writing, the Google-Apple protocol, announced on April 10, 2020, and the Decentralized PrivacyPreserving Proximity Tracing protocol (DP3T), proposed by a group of technologists, legal experts, engineers and epidemiologists. It also considers the EU toolbox for the use of mobile applications for contact tracing.
This document evaluates the two above mentioned protocols, and what is known about their governance and design at the time of writing. The document should be useful for policy-makers and members of civil society currently looking to evaluate these two different contact-tracing applications as a means to ease the lockdown imposed on most of the world to flatten the curve of infection of COVID-19. Similarly, understanding on how the enjoyment of a variety of human rights interacts vis-à-vis the voluntary adoption of these applications, should offer guidance for policymakers, civil society and developers to decide whether to promote these options, and how these applications should be deployed, and when they should be dismantled.
Keywords: COVID-19, Contac Tracing Apps, Google, Apple, Surveillance, Encryption, Data Governance, Privacy
Suggested Citation: Suggested Citation