Qatar: Mandatory Covid-19 tracking app raises serious privacy & security concerns, say NGOs
As part of Qatar's containment efforts to combat coronavirus, the government has rolled out a track-and-trace app, Ehteraz. The app is mandatory for download by those wishing to leave their residence; individuals who fail to do so face a severe fine of up to $55,000 and up to three years in prison. NGOs, journalists and technology experts have raised concerns regarding the app's privacy and security standards, and sanctions for non-compliance.
Amnesty International's Security Lab led an investigation into the efficacy of the app, identifying "critical weakness" in its security that would allow cyber hackers access to highly sensitive user information, including locations and medical facilities where the individual is being treated. After Amnesty alerted the Qatari authorities on 21 May, the government acted to address the weakness by 22 May. Amnesty stated it has been unable to verify if these changes meet security standards.
Nevertheless, concerns remain around privacy breaches. The app requires access to files on users' phones, GPS and Bluetooth for location tracking. The government has stated that the government has limited access to personal data and any data collected would be deleted after two months.
HRW Middle East researcher Hiba Zayadin also raised concerns that many migrant workers, who make up the majority of the workforce in Qatar, do not have phones for which the app is compatible
The head of the Security Lab, Claudio Guarnieri, has called for the Qatar Government to reverse the decision that the app is mandatory, and ensure all government apps align with human rights standards.