This week, a lawsuit was filed in the U.S. District Court of Massachusetts against the Commonwealth of Massachusetts for its use of a COVID-19 contact-tracing app for residents’ mobile phones. However, very few residents voluntarily downloaded the app. The solution? The lawsuit alleges that Massachusetts caused the app to be downloaded to certain residents’ mobile devices without consent or knowledge. The complaint alleges that “on June 15, 2021, [the Massachusetts Department of Public Health (DPH)] worked with [a third party application developer] to secretly install the Contact Tracing App onto over one million Android mobile devices located in Massachusetts without the device owners’ knowledge or permission.” The complaint further alleges that “[w]hen some Android device owners discovered and subsequently deleted the App, DPH would re-install it onto their devices. The App causes an Android mobile device to constantly connect and exchange information with other nearby devices via Bluetooth and creates a record of such other connections. If a user opts in and reports being infected with COVID-19, an exposure notification is sent to other individuals on the infected user’s connection record.”

The complaint also alleges that the app collected information about the user’s travel, social interactions and internet usage. The app was installed as a “settings feature” instead of an “applications file” in order to remain unnoticed.

The lawsuit alleges violations of the Fourth and Fifth Amendments to the U.S. Constitution, Articles XIV and X of the Massachusetts Declaration of Rights, and the Computer Fraud and Abuse Act. The class seeks an injunction against continued use of the spyware and an order requiring the DPH to remove the spyware from users’ mobile devices. The class also seeks to recover attorneys’ fees and $1 for symbolic damages.