Another dot in the blogosphere?

Unsophisticated trust?

Posted on: January 7, 2021

I am still surprised that there does not seem to be much discussion about use of TraceTogether (TT) data for secondary use. That is, how TT data for public health might extend to criminal investigations.

For me, such a move is like sharing your salary information with a trusted life insurance agent only to be approached by car sales folk or income tax auditors. Data for the good of one thing (customising an insurance plan) somehow gets used for something else (sell you something, investigate income).

What little discussion I have processed seems to focus on user privacy as enabled by technical and policy protections [1] [2] [3]. But these conveniently bypass an equally important and preliminary issue — permission. I elaborate on this after I reflect on what I have read.

Screenshot of the TraceTogether app.

One justification for using TT data for criminal investigation seems to be that the data is just another source of information. We might consider this part of the process of triangulation.

For example, a team that is investigating, say, an unsolved murder will look for as much information as they can to figure out whodunnit and why. The where, when, how, and what is the domain of forensics.

A modern forensics team will not just rely on possible witnesses. It might also look at video-based data (e.g., CCTVs) and digital traces to figure the who and they why. In this hypothetical case, digital traces might include data from a TT token or app.

A layperson with a rudimentary understanding on how TT works might realise that TT collects proximity (who was around and how near) and temporal (how long) information. A techie and technocrat would like you to focus on how difficult it is to get this information because of siloing and encryption. They would be right to focus on how TT has built in privacy measures.

But it does not take sophisticated skills to cast doubt on such information. How? My guesses are that a would-be criminal merely need install the TT app on someone else’s phone and have them walk somewhere else, or hand their TT token to that person to do the same.

Alternatively, the would-be criminal might give the token and app to two different people in different places so that s/he would seem to be interacting with very different people at the same time. This could call into question the validity of such data as evidence.

The validity of TT data can be compromised by technically unsophisticated acts. So just how valid and important is TT data for solving this hypothetical case?

In contrast, it would take sophisticated skills to manipulate video data or to not get recorded on video in the first place. Other than video evidence, there are other strong points for triangulation, e.g., data in the form of text exchanges, breadcrumb trails in financial records, etc. Do we need TT data?

That question is something the authorities might already have a firm answer to. It is probably safe to assume that most of the general population is not out to commit crimes while they have the TT token or app on their persons, so we are safe from that worry.

But we are not safe from an insidious erosion of privacy. Insidious because it is not obvious — the TT data was arguably only for COVID-19 contact tracing (i.e., public health safety). But because it has the potential to assist in crime investigations, it was added to the umbrella of overall safety.

Designers of artificial intelligence and information systems know how easy it is to abuse the personal data of people even when those people given permission for their data to be used. We need only recall the fallout that resulted from Facebook’s loose grip on data that led to misuse by Cambridge Analytica.

With a limited scope of information and imagination, I do not claim to have answers. But I still have questions. Did we give permission for TT data to be used for other purposes? Was it unreasonable to assume that TT data was only for public health safety? How sophisticated are we as a society if we let slide the secondary use of TT data? How much trust are the authorities willing to exchange for expediency? If circumstances change so that secondary use of data is critical, how might those with more power communicate with those with less?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Usage policy

%d bloggers like this: