Amnesty International’s Security Lab reviewed contact tracing apps from counties all over the world and found apps used by the several countries to violate standards of privacy. Those countries with the most egregious violations are Bahrain, Kuwait and Norway.
“Bahrain, Kuwait and Norway have run roughshod over people’s privacy, with highly invasive surveillance tools which go far beyond what is justified in efforts to tackle COVID-19,” said Claudio Guarnieri, Head of Amnesty International’s Security Lab.
What Amnesty found most troubling is the apps in these countries not only capture location data of the users via GPS, but then upload the data to a central government database. In other words, the apps are capable of tracking users’ movements in real time.
A contact tracing app used by the government of Qatar also has the capability but it has not yet been activated, or turned on, by that country’s government.
Governments and tech companies have repeatedly assured the public that their privacy would not be invaded with such technology, specifically by enabling these apps to use Bluetooth technology instead of the more invasive GPS.
As a result of Amnesty’s findings, Norway has decided to press “pause” on its app and attempt to address the concerns.
“The Norwegian app was highly invasive and the decision to go back to the drawing board is the right one. We urge the Bahraini and Kuwaiti governments to also immediately halt the use of such intrusive apps in their current form,” Guarnieri said.
Amnesty points out that the apps in both Bahrain and Kuwait are paired with a bluetooth bracelet, which then allows the system to ensure the user remains within a certain distance of their phone at all times. The Kuwait app checks the distance between the phone and the bracelet regularly – every 10 minutes – and uploads that information to a central server.
Tech companies and governments have repeatedly assured the public that these tracing apps are meant only to keep the spread of Covid19 at bay and won’t be used to invade users’ privacy. Findings so far do not support those claims.