Apple, Google contact-tracing technology considers privacy, but still carries risk

10 April 2020 10:05 by Mike Swift, Amy Miller

Apple and Google revealed plans today to turn iOS and Android smartphones into coronavirus threat-detectors, calibrated to avoid privacy risks as much as possible: The technology would be voluntary, anonymous and avoid the use of sensitive location data.

The list of people an iPhone or Android phone user came in contact with would stay on the owner’s phone unless she or he chose to release it, and the data would only be used for contact tracing by public health authorities to battle Covid-19, the companies say.

Nevertheless, technology — especially the initial phase of technology, developed under intense time pressure — is never perfect. To be successful, the apps and operating system changes Apple and Google hope to begin making by mid-May will have to win the trust of the majority of society, to share their personal health information in an unprecedented way. The stakes are high for Apple and Google to develop technology that is transparent, easy to use and effective.

Technology has limits, one of which is that it is operated by people. People lie. People forget. People mess up the settings on their phones so that they operate in ways they didn’t intend.

“The architecture still side-steps the HARD issue of how-to verify if a user is actually diagnosed,” Ashkan Soltani, a former chief technologist with the US Federal Trade Commission, said on Twitter in the wake of today’s Apple-Google announcement.

There are other basic problems: Not everybody has a smartphone, and a technology solution doesn’t replace the need for universal Covid-19 testing, observers said today. What about “false positives” generated when one user’s phone comes near the phone on an infected person, but there is no chance of transmission, perhaps because of a wall or protective equipment between people?

Still, despite all the concerns, privacy advocates acknowledged that the plan revealed by Apple and Google to engineer the world’s most-used mobile operating systems to trace the contacts of infected people does factor in privacy. Governments around the world are already weighing the privacy risks of using phone data to combat the pandemic.

The plan “appears to mitigate the worst privacy and centralization risks, but there is still room for improvement,” the American Civil Liberties Union said. “We will remain vigilant moving forward to make sure any contact tracing app remains voluntary and decentralized, and used only for public health purposes and only for the duration of this pandemic."

— How it would work —

Apple and Google say the technology will work by using Bluetooth signals emanating from cellphones to exchange anonymous identifiers that change on average every 15 minutes — making it highly unlikely that user location can be traced using the identifiers.

Someone confirmed to have the novel coronavirus can authorize the app to warn other smartphone users holding corresponding anonymous identifiers about the contact. Phones would exchange anonymous software “keys” — not identifying names, phone numbers or lists of contacts — to protect privacy. Only apps from official public health agencies will be able to mark someone as positive.

It’s unclear from the documentation that Apple and Google provided how the system will handle the problem of false positives — notifications that a person came into contact with an infected person, when in fact the contact was not dangerous. South Korea, which is using less-precise methods than Bluetooth to warn its populace about proximity to coronavirus victims, has seen citizens beginning to ignore the daily onslaught of smartphone warnings.

Experts warn that even with Bluetooth, it’s possible to generate false positives. Not allowing people to know the location of their contact with coronavirus victims makes the likelihood of false positives even higher.

Neighbors, particularly in urban areas, may be in close enough proximity to exchange Bluetooth signals without being in personal contact. Or the warning may come from an instance when the parties involved wore masks and gloves. Without knowing the location, it could be impossible to filter out the more risky from the less risky contact episodes. Too many false positives could cause people to discount proximity warnings they get.

An Apple spokesman didn't respond to MLex questions about false positives.

— Expect Scrutiny —

Even though the Bluetooth system proposed by Google and Apple wouldn’t collect a user’s location or other personally identifiable information, it will still receive intense scrutiny.

While Bluetooth contact tracing is better than GPS or cell-site information based on location, "it still needs strong privacy and security safeguards," said Kurt Opsahl, general counsel of the Electronic Frontier Foundation, in a written statement. "Apple and Google have said they will protect users' privacy — we will hold them to their word and take a close look at the protocol's specs and scrutinize safeguards built into public health apps that use the new protocol."

There also need to be privacy safeguards for all the apps that interact with the Google and Apple tracing apps, he said, and there should be full transparency about how they operate.

Soltani worries the new tech tools could become de facto compulsory, as they did in China. “While I suspect these tools will be framed as 'voluntary / opt-in' — they will eventually become compulsory once policymakers begin to rely on them in order to decide, for example, who can leave the house or who can return to work — setting an incredibly dangerous precedent,” he said.

For Google and Apple, which have been dealing like other Silicon Valley tech giants with the “techlash” over privacy and antitrust worries in recent years, an effective contact tracing system that makes people feel safer about returning to work and restarting the economy would be a huge boon to the companies and the industry.

Despite their worries about “Big Tech,” many Americans may be more comfortable with Apple and Google coordinating Covid-19 tracking than the federal government. But there could be regulatory risk as well. The FTC is closely watching tech companies’ privacy practices after recent privacy missteps and scandals, and Google is already under a privacy consent decree with the agency.

The announcement is “a huge step forward to assist the public health community with contact tracing while preserving user privacy,” said Albert Gidari, a lawyer who formerly represented Google and other technology companies, who is now at Stanford Law School’s Center for Internet and Society. “It has the huge advantage of scale and interoperability while giving users the choice to participate.”

Related Articles

No results found