In an effort to track the spread of COVID-19, more and more COVID-19 tracing apps have and will continue to emerge. Canadian jurisdictions are developing and deploying contact-tracing apps without sufficient technical review by independent security and privacy experts. We, the undersigned, believe this practice should change. Such reviews help identify potential flaws and provide indispensable input to a public debate about the balance between health safety, privacy and security. Reviews can enhance trust in the deployment of apps and help foster wider adoption. Reviews should be public because public technical specifications will enhance trust and acceptance.
The Canadian security and privacy ecosystem, including the academic community, consists of sufficiently many experts to provide such reviews. Such reviews should be made with the mandate of protecting civil liberties and held to the highest ethical and technical standards. We have compiled an evolving list of guidelines on the development, design and deployment of these apps that can enhance privacy and cybersecurity. These guidelines can be used as a reference in a review, albeit the need for interpretation in the context of a particular app.
Read more about this announcement.