When it comes to the best strategies to fight the corona virus, South Korea is often mentioned. The country has tamed the surge in infection numbers with relatively few deaths – all without a strict lockdown. One of the most important reasons for success is early detection: up to 15,000 tests are performed daily, even on patients without symptoms. This program works because society in South Korea is digitized like no other. And because citizens engage in state surveillance, which would be interpreted as a breach of privacy in other democratic countries.
Credit card and cell phone data helps find people who have had contact with infected people. Nowhere in the world is so much cashlessly paid, and the movements of credit card holders are recorded. Mobile phone density is also unprecedented. Thanks to 860,000 4G or 5G radio masts, every mobile phone reveals the owner’s whereabouts almost around the clock. There is also a high density of surveillance cameras in South Korea, every person is filmed several times a day in public space.
This means that health authorities can not only find contact persons for infected people. You can also track who might have infected whom, how widespread the virus really is. On the websites of local administrations or via app, everyone can see where the latest infections have occurred. It is good for anyone who wants to know where it is better not to go in times of the pandemic.
South Korea’s brave new world, on the other hand, is more of a nightmare for data protection activists: motion profiles, enriched with images from surveillance cameras, and information about consumer behavior – there is not much missing about glass citizens. Some countries even go one step further. They want to know not only where a citizen’s smartphone is, but also what is stored on it.
In Israel, domestic intelligence monitors citizens’ cell phones
In the high-tech nation of Israel, for example, the transitional government led by Benjamin Netanyahu, by emergency ordinance, placed the surveillance of citizens using cell phone data in the hands of the domestic secret service and did not even involve Parliament at first. The Schin Bet can now use technologies that were previously only permitted in the fight against terrorism. Every positive corona test triggers a chain of data queries at the Schin Bet: Who has the patient been in contact with for the past two weeks and for how long? Where was the person traveling?
In addition to GPS data, 14 smartphone sensors are evaluated, which measure movement, acceleration or light conditions, for example, which WiFi network or device with Bluetooth was nearby. This gives the secret service deep insights into the privacy of everyone who is in Israel – far beyond location queries on smartphones. “You can really get into the content, the social networks of the person and in his emails,” says cybersecurity specialist Isaac Ben-Israel on the Israeli army radio.
The fact that the secret service compares the findings with existing data for other purposes or that it does not delete them after the end of the crisis – these concerns are particularly important to data protection officers. So far, the majority of the population considers surveillance to be correct. Finally, it enables people who came too close to infected people to automatically receive a text message asking them to quarantine.
1.6 of the 6.5 million smartphone owners in Israel already use the “HaMagen” app in Hebrew for “The Shield”. By comparing the cell phone data, it shows users whether they were near a suspected case. Defense Minister Naftali Bennett now wants to build a system that monitors the movements of infected people in real time – with the participation of controversial service providers for spy software such as NSO. So far, the Ministry of Justice has vetoed that citizen data should not be left to private companies. Bennett, on the other hand, says: “We are at war. I do not want to do without a tool that could help Israeli citizens.”
“People have to give their consent,” says EU data protection officer Jourová
In the European Union, with its comparatively strict data protection guidelines, such extensive measures would be unthinkable. “Even in such an exceptional situation, the principles of data protection must be respected,” said EU Commissioner Věra Jourová.
The General Data Protection Regulation provides strict rules, especially for applications in which the user’s personal data is stored. According to Jourová, such apps should therefore meet at least two conditions: “Firstly, people must be informed and give their consent. Secondly, the data may only be stored for a short, clearly limited time.”
The EU Commission is currently investigating whether it would be possible to agree on common standards for applications with the members – then the apps could possibly be part of a coordinated exit strategy for the relaxation of restrictions, the Commission says.
For this it would be helpful if the apps from neighboring countries could communicate with each other – so that, for example, a cross-border worker is not “lost” if he does his work in the neighboring country. The federal government is pushing to use only one app across Europe, said spokesman Steffen Seibert on Monday. The worst would be if many different ones were used.
Austria is considering mandatory tracking apps
The apps already used in Europe have so far been comparatively reserved: the Czech Republic, for example, has developed an application with its “FreMen contra Covid” project that “does not prescribe anything, forbids anything, does not pursue anyone and does not collect any personal data”, according to the developers from the Technical University in Prague. The program wants to prevent crowds of people by making forecasts based on movement data – and then advises, for example, to go shopping later.
All reports on the current situation in Germany and worldwide as well as the most important news of the day – twice a day with SZ Espresso. Our Newsletter brings you up to date in the morning and evening. Free registration: sz.de/espresso. In our News app (download here) you can also subscribe to the espresso or breaking news as a push message.
Slovakia goes half a step further: The “Stay healthy” app tracks users’ whereabouts, but anonymously: Instead of names or telephone numbers, users are saved with a code, and anyone who approaches the infected at 50 meters receives a warning on their cell phone. At the same time, the app can monitor whether infected people keep to the quarantine. The government has allowed itself to check this with cell phone tracking with its “Lex Korona”.
The applications of these apps have so far been voluntary. When an influential politician from the ruling People’s Party in Austria indicated that he could imagine a mandatory app as an accompanying measure to loosen exit restrictions, the criticism was fierce.
Anyone who receives an SMS must send a selfie
So far, only Poland has dared to take this step: the “Kwarantanna Domowa” app (house quarantine) has been in use there since March 19, since the police are no longer able to carry out the checks offline, with 300,000 people in quarantine. If you download them to your phone, you will receive an SMS at different times. The user then has 20 minutes to take and send a photo.
The police should be able to use the phone’s GPS data to see whether the person is in their apartment. The use of the app was only voluntary and has been mandatory since April 1st. Only it seems to work better theoretically than in practice: Thousands of users report malfunctions.
Also because of the technical difficulties, Poland is considering switching to a pan-European solution soon: 130 European scientists and IT experts are currently developing basic software for Corona apps, which should also enable data exchange between states and data protection. It carries the bulky title “Pan-European Privacy-Preserving Proximity Tracing”, or Pepp-PT for short. The idea behind the initiative, on the other hand, is simple: “We don’t need another app, we need a uniform framework,” says IT entrepreneur Chris Boos, who coordinates the project.
The European project Pepp-PT focuses on voluntariness and anonymity
The platform is a software framework on which app developers can build. The Robert Koch Institute (RKI) and the Heinrich Hertz Institute (HHI) are involved in the German implementation. The app is based on the Bluetooth radio technology and should work completely anonymously. Every cell phone on which the software runs receives a random identification number that changes regularly. Other devices that are within a critical range of less than two meters for a certain period of time are stored locally and encrypted – but only the pseudonymous identity, which does not allow any conclusions to be drawn about the user.
After a positive diagnosis, the patient transfers the list of IDs to a central server. Then contact persons are asked via push message to be tested. Personal information, location data or other features are never saved that make it possible to identify infected persons or their contacts. The Federal Data Protection Officer and the Federal Office for Information Security are involved in the development. And: no one is forced to install the app.
The great challenge arises from voluntariness: The scientists hope that 60 percent of the population will use the app – in Germany that would be 50 million people. Older people in particular, who are particularly at risk, often do not have a smartphone. This is why the researchers are thinking of distributing Bluetooth bracelets or other portable devices. The Pepp-PT platform should be ready later this week. The app for German users should be released after Easter.