Analysis: The Contact-Tracing Conundrum episode artwork

EPISODE · May 8, 2020

Analysis: The Contact-Tracing Conundrum

from Info Risk Today Podcast · host InfoRiskToday.com

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing.

Episode metadata supplied by the publisher feed · Published May 8, 2020

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing.

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Analysis: The Contact-Tracing Conundrum

0:00 0:00
of MATCHES

TRANSCRIPT · AUTO-GENERATED

contact tracing to centralise or decentralise the IAP's take on privacy during the pandemic and the shifting strategies of identity fraudsters. These stories and more in this week's ISNG Security Report. Hello, I'm Nikon. Contact tracing is a very hot topic these days.

The benefits of being able to digitally connect the dots between COVID-19 carriers and people they have come into contact with has obvious benefits. But the privacy implications of governance tracking citizens to this degree of minutiae has rather ominous Orwellian undertones. With more on some of the initiatives to date, here's ISNG's executive editor, thanks Richard and your Matthew Schwartz. Digital contact tracing apps could help us ease COVID-19 lockdowns more quickly and stay safer going forward.

At the most basic, these apps would function like submarines, pinging each other and exchanging a unique token whenever smartphone users got close enough to each other for a certain period of time. If a user later tested positive for COVID-19, they could set an alert via the app so that everyone they came into contact with previously could be warned that they should self-isolate since they may have been infected with the virus that causes the disease. Now it's not clear if contact tracing apps actually will help, but everyone is going to need to use them to try and make them work and give us our best chance of getting ahead of this pandemic. For all that to happen, however, governments are going to have to convince people to get on board.

Here's British Secretary of State Dominic Rob speaking at a Tuesday press conference. We've worked with the experts, we've got the National Cyber Security Center to make sure we've got the greatest protections on privacy and we've got very high standards, both the professionalism and privacy as we embark on what will be an unprecedented IT project. Despite Rob's claims, however, his government has been pursuing a project that lacks transparency, offers no legal protections for captured data, aims to build social graphs if everyone individual comes to contact with, drags people's location, has no guarantees for when it will get related to data, and plans to process data centrally. All of these things are what hundreds of leading scientists and researchers warned governments not to do.

In an open letter, they published on April 20th. Why are these things bad? For starters, allowing a government to harvest and centrally store all data captured by these apps is a recipe for unchecked surveillance. It could be abused by adversaries, and it could also lead to data breaches.

When the letter came out, I spoke with Alan Woodward, a professor of computer science at the University of Surrey who helped organize the letter about the recommendations and concerns that it highlights. The big, I mean, it really is a big point at the moment is centralized versus decentralized. So for example, should I be doing that risk modeling by capturing all the data on some central server somewhere, or should I be have some kind of anonymous exchange of tokens with people and an alert to be done on the phone? The risk being, and this is what led to the letter, the risk being that if you try and capture a lot of that data, whilst we all understand that extraordinary times call for extraordinary measures, it could actually be misused.

It could be used for what's called social graphic, so you can start to track people's movements, sources of other purposes. Is it too late for the UK to do the right thing? It's notable that this week, Australia, which had been pursuing a centralized approach, signaled that it plans to go with a decentralized approach for its content tracing app instead. Germany also went through a similar journey before changing its mind in recent weeks.

And in Britain, Prime Minister Boris Johnson's administration has suggested in recent days now that it may rethink its approach as well, although, as yet, hasn't offered any concrete details about what that might mean. In some respects, these are early days. This is the first time anyone in the world has been trying to develop a contact tracing app, at least for widespread use. Whether or not these apps will help public health officials reduce the number of new Covid-19 infections remains to be seen.

And there's no one right ready to do it. But as the scientists open that are made clear, there do seem to be wrong ways. Bear in mind that the road to hell is often paid for good intentions. We just want to put a few markers down, one of which was these decentralized approaches are preferred, it has to put privacy as a high factor in this.

But also, we've said that .3 of our letter was, if it really is necessary to collect some of this data and process it centrally, then it has to abide by the data protection guidelines already out there, which is you collect only the minimum you need, and you justify it to the public. And there's some sort of sunset clause, so eventually it will evaporate and it can't be misused for other things in the future. Hopefully government started off in the wrong foot. We'll now find a way on the right one.

For Information Security Media Group, I'm Matthew Schwartz. You're listening to the ISMG Security Report on ISMG Radio. ISMG, your number one source for information security news. Before COVID-19, the privacy discussion this year was mainly about the California Consumer Privacy Act.

Now, it's about healthcare data sharing, contact tracing and monitoring remote workers. Home at 10A with the International Association of Privacy Professionals, discuss the pandemic's influence on global privacy concerns with ISMG's SVP of editorial, Tom Field. In this excerpt of the interview, Tom asks, what is this data privacy today with the impact of COVID-19? Here's our main resource.

We have seen an urgent need for data by governments, by healthcare systems, by academic institutions. And this includes all kinds of data, location data, and proximity information, tracking populations, of course, healthcare data. So there is a greater need in the very compelling public interest why we would want to facilitate data, access data sharing and data use. But in all of these discussions, privacy has been front and center.

So if you think about contact tracing apps, those are only as good as the adoption rate. If no one downloads them, enables them, then they're not effective. And people won't adopt technologies unless they trust them. And privacy, of course, is a very key component and sometimes really a surrogate for trust.

The digital platforms that we are currently communicating on and that I'm sure you've already done your first year of meetings on today. And my kids are still in school and are all studying through these platforms have raised privacy and data security issues, at Zoom, which has grown from, I think, something like 10 million to 200 million users in about a month has had its share of privacy issues discussed over the front pages, business pages, or actually might have been from news pages of media. So you see that privacy is very central or there. And as we consider how to restart the economy before there is a vaccine, privacy, again, will figure prominently in checking employees' temperatures.

And do we share information about an employee who tested positive or has even been exposed to someone who tested positive? And some countries are considering antibody passports, certificates that demonstrate that someone tested positive for antibodies to the disease. And of course, our privacy and fairness, equality questions there. So I'd say more use and need for data, but part and parcel with that also more privacy issues.

Finally, a new report came out recently from Jeffery of Strategy, tracking recent trends in identity fraud. One of the anomalies flagged in the research is a decrease in number of identity fraud incidents, with an increase in financial losses between 2018 and 2019. That's because the TED up to refer to security and payments of Jeffery and strategy and author of the study and asked for why this is. Issues.

That was the anomaly that really we wanted to dig into because typically the assumption would be fewer incidents equals less dollars lost. And this is the complete opposite of what we found. And it's because of a real shift in how the criminals are behaving and how they are committing identity fraud. So when there's more incidents, that generally means it's a smaller dollar figure or per card transaction.

So it's more transaction based on existing card programs when the number of incidents are high. So if you think back to the heyday before EMV and it was mag-stripe, the incident rates were a lot higher. And now criminals are finding they have to perpetrate fewer acts to get even more money. So criminals are using digital technology and they're working smarter, not harder, and they're able to get more.

And that's really what we dug into to figure out why that is occurring. Okay. So what kind of types of fraud do you see? It looks like again onto the card fraud is a little bit smaller value.

It's more labor-intensive. What's been the pivot here in terms of the frauds of the marketplace? So card frauds still are important. However, we saw a major increase in new account frauds being in merchant accounts as well as checking and savings accounts in account there's also higher incidents of social media takeovers, utility takeovers.

So things that are used to obtain information, the accounts that traditionally want to be considered as a financial instrument generally now have financial data associated with it. So we're really getting an understanding that criminals are playing a long game. They're taking over email accounts, social media accounts to gain the information to then commit new account fraud. And so the combination of the two really is the difference.

That's it for this week's items, your security report. Theme music is by Ethan Corio. I'm Nick Collins. Catch you next time.

That Hoarder: Overcome Compulsive Hoarding That Hoarder Hoarding disorder is stigmatised and people who hoard feel vast amounts of shame. This podcast began life as an audio diary, an anonymous outlet for somebody with this weird condition. That Hoarder speaks about her experiences living with compulsive hoarding, she interviews therapists, academics, researchers, children of hoarders, professional organisers and influencers, and she shares insight and tips for others with the problem. Listened to by people who hoard as well as those who love them and those who work with them, Overcome Compulsive Hoarding with That Hoarder aims to shatter the stigma, share the truth and speak openly and honestly to improve lives. The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting! DIOSA. Carolina Sanper This podcast is a sacred space created by Carolina Sanper where you connect with your inner wisdom and embody your magnetic feminine power.It is the realization that the mystical realm is where you plant the seeds of your desired reality.It is a portal to your true essence: awareness, presence, and receiving with ease. Welcome home, DIOSA. 🖤 XXX Tech by SOVRYN Dr. Brian Sovryn The crossroads between technology, sensuality, and metaphysics - and the longest running anarchist podcast in the world! Brought to you by Dr. Brian Sovryn.

Frequently Asked Questions

How long is this episode of Info Risk Today Podcast?

Episode duration information is not available.

When was this Info Risk Today Podcast episode published?

This episode was published on May 8, 2020.

What is this episode about?

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on...

Can I download this Info Risk Today Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!