Published on April 14th, 2020 📆 | 7003 Views ⚑
0Google, Apple collaboration on Bluetooth-based Covid-19 contact tracing prioritizes privacy
A collaboration between Google and Apple that leverages Bluetooth technology could help health and government officials curb the COVID-19 pandemic and kickstart economies around the world by offering vital contact tracing while still ensuring data security and privacy.
Contact tracing is a critical â but challenging â part of controlling the spread of disease and location-based technology clearly has a place in relieving the burden.
âTo further this cause, Apple and Google will be launching a comprehensive solution that includes application programming interfaces (APIs) and operating system-level technology to assist in enabling contact tracing,â according to an Apple update explaining the plan will roll out in two steps, the first the May release of âAPIs that enable interoperability between Android and iOS devices using apps from public health authorities.â
The companies expect to roll out the second step â âenabling a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms,â the update said â over the next few months. This solution is more robust âthan an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities,â they said, pledging to build âfunctionality in consultation with interested stakeholdersâ as well as âopenly publish information about our work for others to analyze.â
Location-based surveillance has been floated for everything from tracking past movements and tracing contacts of infected persons to enforcing quarantines and social distancing.
âTracking exposure is an effective way to identify people that are at risk and limiting the spread of infection by having people exposed quarantine themselves,â said Chris Hazelton, director of security solutions at Lookout.
âSupport by Apple and Google means essentially all mobile phones can be used, as together iOS and Android make up 100 percent the smartphone market of the worldwide,â he said, noting a phone essentially will become a digital passport. âA userâs status in tracking apps and services will be used to permit and prevent them from entering public or private spaces.â
The limitations of mobile surveillance technology â Â and potential for abuse â Â have raised the hackles of privacy advocates. Apple and Google, though, stressed that âprivacy, transparency, and consent are of utmost importance in this effort.â
Jennifer Granick, ACLU surveillance and cybersecurity counsel, said the two companies have taken a step in the right direction when it comes to privacy. âTo their credit, Apple and Google have announced an approach that appears to mitigate the worst privacy and centralization risks, but there is still room for improvement,â Granick said, noting that the rights organization would nevertheless âremain vigilant moving forward to make sure any contract tracing app remains voluntary and decentralized, and used only for public health.â
Even with assurances by Apple and Google, Hazelton is concerned that users will be identified. âWhile Apple and Google state they will not capture user identities this does not prevent public health authorities or any other government agency from doing so,â he said. And, it is not clear if the companies will share location data other than GPS âderived from cell towers or nearby WiFi networks,â he explained. âEven if this is anonymized, it can be paired with other data, like mobile analytics, to still identify users and their health status.â
Hazelton said âmedical privacy could go out the windowâ with users alerted to being exposed wanting to identify who exposed them. âMany easily be able to do so if they only interact with a small number of people,â he said.
Privacy concerns could compromise the technologyâs usefulness. Contact tracing systems âcanât be effective if people donât trust them,â said Granick, and that trust would only come if the systems âprotect privacy, remain voluntary and store data on an individualâs device, not a centralized repository.â
Gloss