The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics

Digital Guardian's Blog

Senators Question Apple About New COVID-19 App Privacy

by Chris Brook on Monday April 6, 2020

Contact Us
Free Demo

Senators, just like they did when Google announced plans to use its technology to screen for COVID-19, have some privacy questions for Apple, which recently said it will do the same, via a website and app.

Just like what transpired with Google two weeks ago, a group of Senators are now concerned with how much and what kind of data Apple may be harvesting with new tools the company has rolled out to track and screen COVID-19 patients.

The same four senators who questioned Google three weeks ago, Robert Menendez, D-New Jersey Richard Blumenthal, D-Connecticut, Kamala Harris, D-California, and Cory Booker, D-New Jersey, sent a letter to Tim Cook, Apple’s CEO, on Friday. In the letter, the politicians outline their concerns with Apple's plans to help the White House Coronavirus Task Force and the U.S. Department of Health and Human Services with a coronavirus app and website.

Apple announced the news, with a press release on its site and a COVID-19 app on its App Store, a week prior, on March 27.

The goal of the app is provide individuals with guidance on COVID-19, via the CDC, and through a series of questions, screen whether a test is recommended or whether the invidual should contact a medical professional for further guidance.

Apple made a point in its press release to stress that neither tool requires users to sign in or link their Apple ID, that all user data will be kept private and secure, and that responses won't be seen by Apple or any government organization. Still, the Senators are doing their due diligence by requesting further information on the screening app and website.

According to the letter, the politicians are seeking further information on how Apple plans on safeguarding the data it collects from hackers and nation-state attackers. It also wants Apple's word that any data it collects via its tools won't be used for commercial purposes in the future and some further clarification that the data it collects will be in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

The Senators are hoping to hear answers to the following eight questions of Apple by Friday:

1. Please provide the specific terms of any agreement between your company and the federal government and/or state governments.

2. Are the Apple screening site and app governed under the terms of the HIPAA? If not, please explain why.

3. What are the specific data retention policies regarding any and all information entered into the website and app by individuals?

4. Can individuals who use the website and app access and monitor the data that Apple collects about them?

5. Will Apple commit that it will refrain from using data collected on the website and app for commercial purposes?

6. Will Apple commit to refraining from sharing or selling the data collected on the website and app to third parties?

7. What specific cybersecurity safeguards will be utilized to ensure the security of the data entered on the website and app?

8. Will the website and app be accessible to those with disabilities?

Like Apple, Google, which has been monitoring location data in 131 countries as it relates to COVID-19, understandably drew its fair share of critics last month

Google’s site, developed with Verily Life Sciences, provides appropriate medical services and up-to-date information on the pandemic. While the Verily terms of service states no data will be shared with insurance companies or for targeted ads, it didn't stop critics - lawmakers included - from questioning Google's plans for monitoring patients.

Last week the same group of senators, along with Sherrod Brown, took issue with how the site required users to either link an existing Google account or create a new one.

“Going forward, will Verily provide an alternative method of authentication for individuals unwillingor unable to sign up for a Google account?” the senators asked, “Will Verily consider making a portion of the COVID-19 test screening website available without authentication if individuals wish to take the screener and find testing clinics anonymously?”

Lately, Google's COVID-19 mobility reports, which track how communities move and respond to COVID-19, have shown changes in traffic to stores, parks, transit stations, and more. Google's addressed privacy concerns by using aggregated, anonymized data to feed into charts, leaving out personally identifiable information like location, contacts, and movement.

Academics, like those from London’s Imperial College’s Computational Privacy Group, have stressed caution needs to be taken when it comes to collecting vast masses of data: "Large-scale collection of personal data can quickly lead to mass surveillance.... Users’ identities should be protected. Special measures should be put in place tolimit the risk that users can be re-identified by the authority, other users, or external parties."

Tags: undefined

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.