S.T.O.P. Contact Tracing App Scorecard: Illinois
Overview
Updated September 11, 2020
App: Illinois
Developer: Rokmetro
License: Apache 2.0
Summary: In 2019, the University of Illinois introduced Illinois, a branded deployment of the Rokwire app, providing a point of entry for campus services.[i] Rokmetro continues to develop the Illinois app while also marketing Rokwire to additional educational institutions. In 2020, Rokmetro added a “ROKWIRE COVID-19 solution”,[ii] including COVID-19 symptom tracking, locating testing locations, receiving test results, communicating with medical officials, and monitoring for COVID-19 exposure.[iii] Rokwire also assigns users a “COVID-19 Status” of green, yellow, orange, or red.[iv]
Tracking Technologies
Rokwire primarily relies on QR code scanning and Bluetooth proximity detection.[v]
i. QR Codes
QR Codes are a series of black and white squares arranged in a machine-readable pattern. Rokwire uses QR codes to store and verify COVID-19 test results from participating labs. Preliminary documentation indicates that QR codes will provide a cryptographic key that confirms the authenticity of the test results entered into the app.[vi] Without further documentation, it’s impossible to fully assess the potential risk of this feature, but the combination of limited data collection and local storage suggest the risk is comparatively low.
i. Bluetooth
The Illinois app uses a custom Bluetooth Exposure Notification System (ENS), for which they had not released the details upon time of this publication. Without documentation, it is difficult to assess the potential privacy risks of this custom API.
The development team for Illinois has described the ENS as similar to the the Apple / Google Bluetooth Exposure Notification System (ENS) API, which is in use by many, similar apps. This software allows the apps using it to track the proximity of nearby smartphones using the devices’ Bluetooth transceiver. By measuring the relative strengths of nearby Bluetooth, the app attempts to track those devices in proximity for an extended period of time. As detailed here, this technology raises numerous privacy, efficacy, and equity concerns, putting the risk at medium to high.
ii. Wi-Fi, Cell Tower, And GPS Tracking
Alarmingly, the Rokwire app already collects location data using GPS, cell tower triangulation, and Wi-Fi network data.[vii] Layering location data on top of Bluetooth proximity data has the potential to completely defeat the purported privacy benefits of the ENS API.[viii] Further analysis of this functionality is needed once software and documentation is finalized, but risk is potentially high.
Policies and Development
Despite licensing Rokwire under an Apache 2.0 open source license, Rokmetro has refused to make their source code accessible to the public to date.[ix] Rokmetro officials have pledged to “privilege privacy” and provide source code access in the future, but it’s unclear how meaningful these promises are.[x] Similarly, Rokmetro makes vague and unenforceable promises about data retention, “robust security”, and data anonymization, but it fails to provide the operational details needed to understand the security value of these claims.
For example, Rokmetro states that user data will be anonymized using the company’s Rokwall product, but the term Rokwall is found nowhere in Rokmetro’s privacy policy or January 2020 whitepaper, but is solely referenced in Rokwire’s 2020 Privacy Principles. Similarly, Illinois app’s Privacy Policy allows personally identifiable information to be shared to the extent permitted by the University of Illinois, which, in turn, allows user data to be accessed upon request by the university.[xi]
Equity And Inclusion
The Rokwire app and associated documentation are currently available exclusively in English, creating a massive barrier to adoption by English language learners and non-native English speakers. Even those students, staff, and visitors who are proficient in English as a second language may face significant difficulties with medical terminology in their non-native language. Rokwire will also fail to serve older and lower-income individuals, as they have comparatively lower smartphone ownership rates, [xii] a disparity that is particularly pronounced for the subset of more recently manufactured phones capable of running the Rokwire app. These concerns are compounded by the apparent lack of prior outreach to staff and faculty, and who may have very different rates of smart phone adoption.
These concerns are partially offset by the fact that University personnel and the Champaign Urbana Public Health District (CUPHD) will also contact manual contact tracing interviews. Greater information is needed on whether the Rokwire app will merely supplement or partially displace planned investment in manual contact tracing.
Conclusion
Additional research is needed to fully evaluate the privacy implications of the Rokwire app’s proposed contact tracing functionality, but preliminary data shows pronounced privacy risks, significant equity concerns, and a lack of structural protections for user data.
* An earlier version of this scorecard mistated how the Illinois app detects user proximity. Illinois employs a proprietary, unnamed, Bluetooth tool, not the Apple / Google Exposure Notification System. We regret the error.
[i] Illinois1867, COVID-19 Briefing Series: SHIELD - Target, Test, Tell | University of Illinois at Urbana-Champaign, YouTube (Jun. 19, 2020), https://youtu.be/UA8jQ2laR80?t=1214.
[ii] Illinois App, COVID-19 Secret QR Code, Technology Services at Illinois (Jul. 9, 2020), https://answers.uillinois.edu/illinois/103844.
[iii] COVID-19 Solution, Rokmetro, https://www.rokmetro.com/covid-19-solution.
[iv] I Rokwire, COVID-19 Capabilities, Rokmetro (May 20, 2020), https://static1.squarespace.com/static/5ed6d6a28f61427034717f9b/t/5efba640247faf024e6502cf/1593550403363/COVID-19_Presentation_May20.pdf (“For each user, the app displays their COVID-19 status: characterizes each individual as Green, Yellow, Orange or Red; local health authorities define what test results or symptoms result in each status; the system provides granular controls to change COVID-19 Status on a county by county basis.”).
[v] Id.
[vi] Technology Services at Illinois, supra note ii.
[vii] Illinois App, Google Play, https://play.google.com/store/apps/details?id=edu.illinois.rokwire&hl=en_US.
[viii]See: I Rokwire, supra note iv (“We built our own service using Bluetooth low-energy that is compatiblewith
the Apple-Google SDKs.”); Illinois App, supra note vii.
[ix] COVID-19 Briefing Series: SHIELD – Target, Test, Tell, supra note i.
[x] Ben Zigterman, Coronavirus Response | UI planning to test all students when they return to campus, The News-Gazette (May 28, 2020), https://www.news-gazette.com/coronavirus/coronavirus-response-ui-planning-to-test-all-students-when-they-return-to-campus/article_fbd9f8ae-1e17-52f6-bdc2-edfe0288e521.html.
[xi] University of Illinois Board of Trustees, Privacy Policy, Illinois Mobile App Privacy, https://privacy.rokwire.illinois.edu/home/.
[xii] Mobile Fact Sheet, Pew Research Center (Jun. 12, 2019), https://www.pewresearch.org/internet/fact-sheet/mobile/.