This post is also available in: עברית (Hebrew)
In an unprecedented move for the two tech giants, Apple and Google are now working together on a new technology to track the spread of the coronavirus. Both companies have reiterated that the system was being designed with privacy in mind. The joint effort is designed to help governments and health agencies track the spread of the coronavirus through Bluetooth technology.
The new Bluetooth protocol called Contact Tracing could alert people via their smartphone if they might have come into contact with a coronavirus infected person.
The partnership would enable iOS and Android devices to communicate using apps from public-health authorities.
The companies said they would do this by releasing a set of application programming interfaces, or APIs, in May that would enable interoperability between Android and iOS. Users could opt in to the technology.
Apple’s white paper said the user’s location would not be required for the technology to work. The document also said that proximity identifiers would be changed every 15 minutes, meaning it would be unlikely that a user’s location would be tracked via Bluetooth over extended periods.
Similarly, Google’s white paper said that explicit user consent would be required and that it would not collect personally identifiable information or location data.
According to businessinsider.com, the technology sounds similar to the Pan-European Privacy-Preserving Proximity Tracing project, or PEPP-PT, an initiative created by more than 130 European scientists and technologists to use smartphones’ Bluetooth low-energy signals to detect who has been exposed and alert people accordingly.
Apple and Google said only public health authorities will be allowed access to the contact tracing API. This limited API use will be restricted in the same spirit that you restrict individual healthcare to licensed medical professionals like physicians.
However, security and privacy experts were quick to point out the possible flaws in the system. Former FTC (Federal Trade Commission) chief technologist Ashkan Soltani warned of false positives but also false negatives. Moxie Marlinspike, founder of the Signal encrypted messaging app, also expressed concerns that the system could be abused.
Apple says the data is processed on a user’s device and that data is “relayed” through servers run by the health organizations across the world, and will not be centralized. The tech giants said that because the data is decentralized, it’s far more difficult for governments to conduct surveillance. Servers can get breached and data can get lost. But in decentralizing the data, it makes it far more difficult for anyone with malicious intentions to access the data, they said.
According to techcrunch.com, it is a system that requires considerable user trust. You have to trust that Apple and Google have built a system that can withstand abuses — either from themselves or governments. But no system is foolproof or immune to abuse. If you don’t trust the system, you do not have to use it.