While online scams are always a danger, malware and phishing attacks have skyrocketed in the past two weeks. Many of these schemes have found new opportunities through the growing fear and concern over coronavirus. And now, millions of Americans are working and learning from home to help halt the spread of the disease — and find themselves without the protections (or IT help) found in most offices and schools.
And in some countries, the virus has upped the ante on government surveillance of online activity.
On Second Thought spoke with both Brendan Saltaformaggio, professor at Georgia Tech specializing in cybersecurity, and Alfred Ng, senior reporter at CNET, about new concerns regarding data privacy and security during the pandemic.
“We’re seeing a substantial increase in malware using COVID-19 as a watering hole, to lure victims into getting attacked,” Saltaformaggio explained. “That’s primarily because everyone is really geared up and focused right now, trying to get as much information as they can on the COVID-19 virus. And that really leads people to being more susceptible.”
Ng, who has been reporting on how countries around the world are balancing public health with digital privacy concerns, shared how other nations have used both aggregate and individual data to track and mitigate the spread of coronavirus. While China, South Korea and Singapore have used individual smartphone data to do contact tracing for individuals infected with coronavirus, some countries in Europe have started using aggregated location data to determine if citizens are quarantining or not.
Ng noted that some experts are concerned that access to this kind of data is a lot of power for a government to have.
“It’s fair to say that we need to worry about protecting lives more than protecting data right now,” he said. “But the main concern from a lot of privacy advocates that I’ve spoken with is that surveillance infrastructure doesn’t just up and disappear once the threat is done. There [are] many times where it is repurposed and reused for things that it was not intended to [do] when it was first rolled out.”
While these data tracking measures to track the spread of the virus have not yet been introduced in the United States, Ng noted that Americans already give up troves of private data, citing the data we willingly provide to both the advertising industry and mobile carriers.
“The United States really lags behind a number of other countries in terms of data privacy,” he said. “That makes it very difficult for citizens to understand what they’re sharing, and who’s going to have access to it. And hopefully this pandemic sheds some light on that problem, and we can start passing more common sense online privacy laws in the future.”
On the most common digital attacks happening right now
Saltaformaggio: What we're seeing is a huge uptick in both emails and also online websites forging information about COVID-19 to try to lure people to click on links and visit websites that are infected with malware. And once you click on one of those links or visit one of those websites, attackers can pretty much get a window into your computer, stealing your information like credit card numbers or passwords.
On how governments around the world are using smartphone data to understand the spread of the virus
Ng: So, we were seeing this first in China and in South Korea and Singapore, where they were using smartphone location data to get a look at clusters where people were being quarantined, [to see] if people were obeying quarantine rules, and also to do contact tracing. [...] The technology has been a really helpful way to keep a log of that and to help manage health policies in a country. And we're starting to see that kind of data being used by governments in Europe as well. I believe last week in Italy that mobile phone providers [started] giving basically anonymized or aggregated data in the form of a heat map. [...] And if the heat map is not lit up, then it would mean that there's not that many people here. And that's a good thing, right? They want to keep people away from movie theaters. They want to keep them away from the streets — anywhere that they don't have to be, basically.
The concern around that, though, is that this is a lot of power for any government to be able to hold, to see all these people and all their location data in one area. And it's fair to say that we need to worry about protecting lives more than protecting data right now. But the main concern from a lot of privacy advocates that I've spoken with is that surveillance infrastructure doesn't just up and disappear once the threat is gone. There's many times where it is repurposed and then reused for things that it was not intended to [do] when it was first rolled out.
On how people around the world are responding to privacy concerns
Ng: Citizens are responding to it differently in different countries. In Singapore, for example, they released an app called Trace Together. And that's voluntary, where you have to download it yourself; you have to put it on your phone. The Singaporean government has been launching a public health campaign around it, urging a lot of people to download it. And I understand that the Singapore government is also aware of privacy concerns with its tracking app, and they even have a whole section on its F.A.Q. about it. One of their senior health officials talked about it when they first debuted the app, saying that, “We will delete this app once this pandemic is over, and we will tell everyone how to delete this data off of their phone.”
But yeah, a lot of citizens are either volunteering to give their data up, or they just don't know that their data is really being taken. I haven't seen a lot of uproar among civilians with [these] kind[s] of data requests. I mean, it's also fair to say that, you know, these data requests haven't really gotten large scale in the U.S. yet, partially because the pandemic hasn't hit the U.S. as badly as it has hit other countries. So, that is where one of the bigger challenges to privacy remains with tracking COVID-19.
On how the United States compares on data privacy to other countries
Saltaformaggio: The United States really lags behind a number of other countries in terms of data privacy, and specifically laws and creating individual units of the government that are responsible for protecting the online privacy of its citizens. This is a time where such an organization would step in and start to draw that line very clearly and transparently. But in the United States, it's pretty much left up to individual states or individual organizations to draw the online privacy line wherever they choose to. And so that makes it very difficult for citizens to understand what they're sharing and who's going to have access to it. And hopefully this pandemic sheds some light on that problem, and we can start passing more common sense online privacy laws in the future.
Get in touch with us.