DEV Community

SparkedScience
SparkedScience

Posted on

Reacting to a Privacy Breach & More Diagrams!

Contact Tracing

When I first heard that Penn State was implementing contact tracing, I feared that Penn State Go would be their method of implementation. Full time tracking of over 10,000 students in University Park alone? I could see the security and technical problems from months out. We were lucky; Penn State is taking a simpler approach with asking those in quarantine where they've been. One college in Michigan enacted the very plan I was worried about. As outlined by Tech Crunch in an article, Albion College forced the entire campus to download an app for COVID test results and contact tracing. Long story short, a student found the app had many security issues, and reporters and Tech Crunch found some more. We're here to talk privacy though, not security. I'll rant about that later. But before we continue, here's a picture of a sea lion, because why not.
DSC_8561

Privacy Concerns

On one hand, the app is intrusive. On the other...the app is only intrusive. Full time GPS tracking was only previously required for house arrest. Some would make the argument that our current state is house arrest, but at least right now you can leave to buy groceries. The concept of contact tracing is necessary, but the execution by Albion was intrusive. Personally, I would not want this kind of contact tracing here at Penn State. Mainly the privacy and security concerns, but also the technical restrictions. If Penn State can't give a simple survey about returning to school to every single student, then how are they supposed to continuously log the location of every student, at every campus, and store that data for two or three weeks? Then they would have to cross reference all that data once a student tests positive. With Penn State's current track record with technology and not using professors within the College of IST for technical applications, I would not trust any contact tracing app they release. Penn State rant over, back to privacy.

Privacy Concerns, Pt 2

The question still remains; data privacy over safety, which is more important. In my opinion, safety is most important. There is a line where the data needed to be "safe" is actually data that puts us at risk. I'm not going to give Penn State my Social Security Number in the name of being safe. On the topic of the current pandemic, there are mitigation steps we as individuals can take. Since we can lower the risk ourselves, there's less of a need for sensitive data. That being said, we still have to give up some data to remain safe. There's a healthy balance, but safety will always win for me. Albion's solution was very insecure and is extremely intrusive, but there are better technical solutions. Every student has a Student ID card and a PSU ID number attached to that card. The number can be used as a student identifier within a contact tracing app, and every time a student swipes their ID for entrance into a building, purchases, packages, etc., the app can log that to create a path. It isn't ideal in terms of actually tracing the real time location of students, but it puts privacy first. On the other hand, an app could use Bluetooth connections to trade handshakes with other phones as a form of contact tracing. This was discussed in the Tech Crunch article, but I know from experience that Bluetooth is an insecure form of a wireless connection and it is easily exploited. Also, Bluetooth drains a phone's battery. It does trade data privacy for safety, but it would be worth it in the name of stopping the virus, and it is better than the Albion application.

Diagrams

We have updated COVID Risk diagrams! We even have a physical diagram now. The YouTube video touches briefly on example tuples, which were created with Mockaroo.

Conceptual

COVID Risk

Physical

COVID Physical

Tuples

Screen Shot 2020-09-13 at 22.23.55

YouTube

Youtube Video

Top comments (0)