COVID-19 Tracing Apps and Measuring the Impact of Government Overreach

As the COVID-19 crisis continues, government oversight and information gathering is at an all-time high. To track and control the spread, many governments are turning to COVID-19 tracing apps, which leverage a mix of user-supplied information and geo-location/proximity data from mobile devices to trace infected persons’ movements through the population and identify others who may be at risk of exposure. While some argue that these tools could prove to be vital in our effort to cope with the outbreak, others say they introduce significant privacy risks related to the collection and use of medical information and the use and potential abuse of location data for surveillance purposes.


COVID-19 Tracing Apps—Risking Privacy for Public Health

Fueling the fire of opposition is the zeal with which many governments are pursuing this tracing technology and their seeming unwillingness to consider the least restrictive options. There are basically two approaches to building such apps — one forces usage and shares user-identifiable information with a central authority (the centralized approach), and the other where users opt-in and share no identifying information to a central authority (the decentralized approach). Some countries have already mandated the centralized approach via executive order or industry regulation. Others are considering it. Few have publicly ruled it out. As a result, fears of government overreach are growing, especially in countries whose citizens are caught up in other data privacy and surveillance controversies like internet censorship and government-mandated encryption backdoors.

An interesting question around all of this is what impact is the fear of government overreach having on user behavior related to the use of technology in general?  So, we looked at usage numbers on our AWS Wickr/business collaboration platform over the COVID-19 epoch. We saw a big spike. It makes sense, since demand for remote work solutions has certainly increased over the past few months. We also noticed that some countries had much larger spikes than others and wondered if something else could be driving the increases.

AWS Wickr Use by Country During COVID-19

When we looked at the countries with the largest spikes, we found that there were significant factors in play for all of them relating to COVID tracing or government control and oversight in general. Here’s what we found:

Though not in our top 10, we also saw significant COVID-19 epoch increases from the United Kingdom, France, and Germany. In comparison, we saw 3x greater increases from the UK and France vs. those from Germany, which is interesting because if we compare the COVID tracing approaches being taken in those countries, we see the governments in UK and France favoring the centralized approach, while the German government is favoring the decentralized approach.

We will note that some of our most dramatic % increases in the COVID-19 epoch depicted in the above chart are skewed higher relative to the others due to smaller starting user bases in those countries. Despite this, the increases were still significant enough to warrant further analysis.

Past Government Overreach and AWS Wickr Use

We also took a look further back to usage data over the past year or so. Interestingly, we saw significant spikes in usage (measured by new users and increased use) from places and at times when there were also spikes in other types of government control and oversight. Here’s what we found:

  • Australia, December 2018. The Telecommunications Access and Assistance Act is passed, which allows the Australian government to compel cooperation and surveillance assistance from companies as wide-ranging as social media firms, telecoms, manufacturers, or even any retail establishment providing Wi-Fi to customers.  Our usage numbers in Australia increased 100% at this time.
  • India, February 2019. The Indian government announces a proposal to force tech companies to participate in government mandated surveillance. Our usage numbers in India increased 100% at this time.
  • Hong Kong, March 2019. A local government bill is proposed that would allow, for the first time, extraditions to mainland China. Our usage numbers in Hong Kong increased 200% at this time.
  • Russia, May 2019. The “sovereign internet” law is signed, which tightened Moscow’s control over the country’s internet infrastructure and aims to provide a way for Russia to disconnect its networks from the rest of the world. Our usage numbers in Russia increased 200% at this time.
  • Germany, May 2019. Government officials in Germany propose a law to force chat app providers to “backdoor” and hand over end-to-end encrypted conversations in plain text on demand. Our usage numbers in Germany increased 50% at this time.
  • Hong Kong, August 2019. Police and protesters clash and the Hong Kong garrison of the People’s Liberation Army releases video of anti-riot drills featuring tanks, snipers, and red warning flags. Our usage numbers in Hong Kong increased 20% at this time.

These spikes were distinct, which is to say they didn’t match what we saw on the platform on the whole during the same time periods. For example, usage in the US grew an average of 10% over each of the above time periods. What’s also interesting is that in general, these countries are among those in which our COVID usage spike was the most dramatic.

In summary, we found the correlations between new and historical usage spikes in our secure (end-to-end encrypted) AWS Wickr/business collaboration platform and spikes in other types of government control and oversight compelling. Clearly there are many reasons why an organization would favor secure collaboration solutions over traditional solutions in times of crisis. Threats to intellectual property, for example, particularly targeting medical and pharmaceutical companies, have been widely reported of late, as have attacks that specifically target remote workers. But these would tend to drive an “across the board” increase, which is not what a deeper examination of our numbers is showing us.

Our COVID-19 usage spike was also far more pronounced in our business platform than in our consumer platform. On one hand this makes sense, since a shift to remote work would naturally impact business communications more than it would personal communications. But on the other hand it doesn’t make sense, since users with a heighted need for communications security would likely have been more prepared than others and less caught up in the rush to solutions in order to cope with COVID-19 lockdowns. This is more fuel to indicate that something more is at work beyond an across the board need for secure teleconferencing in the business world.

Privacy is Important

The confluence of factors noted here leads us to believe the demand we’re seeing during this crisis and others before it is (and was) being influenced significantly by government actions which are (and were) perceived as threats to business privacy. The nexus between current actions related to COVID-19 tracing and the need for organizations to secure business communications may not be obvious, nor direct. But when we consider the downstream effects of sweeping, centralized approaches to data collection, particularly those involving mobile providers and other key infrastructure services, we can see how businesses would have legitimate concerns as to how the data might be used (or abused) beyond the goals of the current crisis.

In this unprecedented time, people are relying on government more than ever for critical health information and guidance. Our usage numbers seem to indicate that there are real concerns of government overreach lately and an apparent discomfort with putting privacy at risk for the sake of better COVID-19 tracing, in particular. Governments of the world should take note of this. As we learn more about the actual implementations and as more of these tracing apps roll out, it will be interesting to see how it impacts our numbers going forward.