Mon Jan 1, 0001

COVID-Era Privacy Erosion

Contact Tracing Promises Broken

Singapore (January 2021): Police accessed TraceTogether contact tracing data for criminal investigations despite explicit public health-only promises. Parliament subsequently passed legislation restricting (not eliminating) police access.

Australia (June 2021): Western Australia police sought access to SafeWA check-in app data for criminal investigations.

South Korea: Quarantine location data used in criminal investigations. Leaked data enabled doxxing. Corona 100m app published location histories of infected individuals (age, gender, locations visited).

North Dakota: Care19 tracing app found by Jumbo Privacy to share location data with Foursquare.

Israel (March 2020): Repurposed Shin Bet domestic surveillance infrastructure for contact tracing without new legislation.

CDC and SafeGraph

CDC purchased phone location data from SafeGraph for ~$420,000 (Vice/Motherboard, May 2022). FOIA documents: CDC used data for 21 purposes including monitoring curfew compliance, tracking visits to pharmacies and churches, measuring lockdown effectiveness. SafeGraph collected pings from ~45 million phones via app SDKs. Google banned SafeGraph from Play Store (June 2022).

Vaccine Passport Databases

  • New York Excelsior Pass (IBM, March 2021), linked to state immunization registry
  • EU Digital COVID Certificate (July 2021), 27 member states
  • CLEAR Health Pass integrated vaccination records for venues/employers
  • State IIS accessible to public health officials and in some cases law enforcement via subpoena

Google/Apple Exposure Notification (GAEN), April 2020

Google and Apple dictated technical terms to sovereign governments: one app per country, decentralized architecture required, no GPS collection. France and UK initially resisted (wanted centralized models), capitulated because Bluetooth APIs required OS-level support only Apple and Google could provide.

Sources

  • Vice/Motherboard on SafeGraph/CDC (May 2022)
  • Singapore Parliamentary proceedings (February 2021)
  • Vice/Motherboard on X-Mode (November 2020)
  • The Pillar on Burrill (July 2021)
  • EFF and ACLU documentation of Venntel/X-Mode