Citizen, an app that lets you see unverified crime reports in your neighborhood, has often been used to advance false claims. One doozy: a tiger reportedly loose in Manhattan that turned out to be a raccoon. Now the company wants to help cities track cases of .
Los Angeles County on Wednesday said it’s partnering with Citizen for its contact tracing app SafePass. The app, unveiled in August, works as a digital pass for logging your symptoms and location. It uses Bluetooth and GPS to track your interactions with other people using the app.
If someone you’ve been in contact with later tests positive for COVID-19 and marks themselves on the app, the app notifies you about the exposure and provides details on when and where it happened.
The officials, including Mayor Eric Garcetti and public health director Dr. Barbara Ferrer, encouraged the area’s 10 million residents to download the app. Advocates, however, have warned that SafePass’ location-tracking features are a privacy risk.
The mayor’s office didn’t respond to a request for comment on privacy concerns with the app.
“We have to deploy every tool at our disposal to halt the spread of COVID-19 –– from wearing masks to keeping our distance to avoiding large gatherings –– and contact tracing is an absolutely essential part of our effort to track this virus and save lives,” Garcetti said in a statement.
Public safety experts and lawmakers have criticized Citizen for stirring panic in communities, accusing the app of inundating people with crime alerts while overall crime rates are at historic lows. The company’s shift to public health raises alarms that it could bring that practice into a global pandemic.
“For an app that’s pretty much designed to try to make you get a constant stream of dangerous situations to avoid, it’s not hard to imagine they would attach a public health lens on top of the unverified crime reporting that they do,” said Angel Diaz, liberty and national security counsel at the Brennan Center for Justice.
Diaz said he first started examining Citizen’s contact tracing app when the company was in talks to partner with New York City. He said he saw several red flags with the service, specifically with how it shows exposures and the amount of location data it takes.
The coronavirus pandemic has eroded many privacy protections, with companies using surveillance software to monitor social distancing while data brokers use location data to monitor people’s movements.
Contact tracing apps come with their own privacy concerns because they essentially require people to share their whereabouts at all times with an app. The apps work by notifying people if they’ve been around someone who tested positive for COVID-19, based on their location history.
Contact tracing is considered an effective tool for limiting the spread of the contagious disease, but there are still privacy concerns about how the data collected in apps is protected.
In July, lawmakers pushed for a privacy bill that would limit contact tracing data to health purposes only, blocking the data from being used by law enforcement agencies or for-profit companies.
Citizen CEO Andrew Frame said the company was committed to maintaining privacy in its contact tracing app, though there are a handful of concerns about what data SafePass collects, and how it can be used.
“We created SafePass to help slow the spread [of the] virus and give people the tools they need to keep themselves and their communities safe through collective action, including sharing information,” Frame said in a statement.
For Citizen’s contact tracing to work, the app takes your device’s location data through both its GPS and Bluetooth. You can turn off your GPS, but the company said the app won’t function without location data.
“While this information does not identify you, there are circumstances when a user could identify you based on the location,” the company said. “For example, this may occur if a user knows you personally and recalls that they met you at the location we specify on the map.”
Other apps for tracking COVID-19 exposures don’t require location data as a privacy protection. Google and Apple’s exposure notification tools don’t request GPS information, and only use encrypted Bluetooth signals to mark distance, for example.
The structure lets you know you were exposed to someone who tested positive for COVID-19 and that you should be tested and quarantine. But it doesn’t tell you where the exposure took place.
Diaz says that’s important for privacy and safety because knowing where a potential exposure happened is often enough to identify the person involved.
“If you got exposed near a restaurant or a school, it really opens up harassment that could have been avoided,” Diaz said.
Citizen said it’s valuable for people to know where the exposures happened, noting that it could help lead to better decisions for people potentially infected with COVID-19.
“If a potentially infected user, say at a birthday party, sees that they may have been exposed at the party and remembers that they weren’t wearing a mask or maintaining a social distance, he/she may decide to take different precautions than if they were,” a Citizen spokesman said. “Knowing where you may have been exposed can also give you the information you need to alert your friends and family who were at the birthday party who aren’t contact tracing.”
The company said it deletes location data from Bluetooth and GPS, as well as photos of your ID used for verification purposes after 30 days.
Citizen said in a statement it can conduct COVID-19 symptom surveys on behalf of a state or city government agency and share results, but doesn’t provide data to law enforcement agencies unless presented with a warrant or a subpoena.
“That gives them a lot of leeway in terms of what they decide is necessary to give over to the government,” he said.