Apple/Google Privacy-Preserving Contact Tracing
Link to Apple’s page announcing Privacy-Preserving Contact Tracing
Across the world, governments, and health authorities are working together to find solutions to the COVID‑19 pandemic, to protect people and get society back up and running. Software developers are contributing by crafting technical tools to help combat the virus and save lives. In this spirit of collaboration, Google and Apple are announcing a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design.
As part of this partnership Google and Apple are releasing draft technical documentation:
Contact Tracing – Bluetooth Specification
Contact Tracing – Cryptography Specification
Contact Tracing – Framework API
All of us at Apple and Google believe there has never been a more important moment to work together to solve one of the world’s most pressing problems. Through close cooperation and collaboration with developers, governments, and public health providers, we hope to harness the power of technology to help countries around the world slow the spread of COVID‑19 and accelerate the return of everyday life.
Apple and Google to Build COVID-19 Contact Tracing Tech
Apple CEO Tim Cook and Google CEO Sundar Pichai announced the partnership today. The aim of the partnership is to build a new contact tracing tech that will make use of Bluetooth to help reduce the spread of the virus, with privacy and security in mind.
Can You Say "Big Brother" for 2020?
The companies will be working on a “comprehensive” solution that will include APIs and OS-level integration that will enable contact tracing via Bluetooth. The solution will be rolled out in two different phases. In May, Apple and Google will release APIs to enable interoperability between Android and iOS devices. The APIs, which can be used by public health authority apps, will allow devices to broadcast anonymous identifiers to devices that a person meets. This way, if a user tests positive for COVID-19 on an app from a public health authority, the people that they meet will be notified via these new APIs used by the apps.
What Could Go Wrong?
Consider GIGO Leading to False-Postives (and False-Negatives), Folks . . .
Later in the year, Apple and Google will enable much deeper, OS-level integration. The companies plan on building a Bluetooth Low Energy-based contract tracing platform to their own operating systems. “This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities,” the companies said in a joint press statement.
When does "Opt-In" Change to "Mandatory?" Think This Through . . .
The following two images explain how the technology would work:
Apple and Google are pledging to openly publish information about this new technology. The companies have released information on how the APIs would work, as well as the specification for the actual contract tracing technology. More can be found here.
COVID-19 Could Provide Cover for Domestic Surveillance Expansion
The use of location data to help track and manage the pandemic should come with meaningful safeguards and expiration dates, privacy experts say.
In the days and months to come, unprecedented global solidarity will emerge as the world battles the COVID-19 outbreak. But experts also worry the surging pandemic will provide cover for those looking to expand already problematic domestic surveillance practices.
Consumer cell phone location data has proven to be hugely lucrative for the marketing sector and law enforcement community. It’s also useful to urban planners and other researchers hoping to track the movement of a population in sophisticated detail.
When it comes to pandemics, such data can help researchers identify which areas an infected individual may have traveled, and which person or persons in their friend circles they may have had contact with before or after falling ill. Such data was used during the Ebola outbreak in West Africa to predict where the next cluster of infections would emerge. But some of these efforts may also come with troubling privacy ramifications.
In Israel, the New York Times reports that Prime Minister Benjamin Netanyahu has authorized the country’s internal security agency to tap into “a vast and previously undisclosed trove of cellphone data” to better track the behavior and movement of infected COVID-19 patients. The effort has yet to be formally approved by Parliament’s Secret Services Subcommittee.
"The Israeli government is searching for technological solutions to monitor the coronavirus. The Solution it chose is using technological tools that until now served the Shin Bet (Israel Security Agency) to fight terrorisim, and to use them on the Israeli population, specifically citizens sick with the virus," said Anat Ben-David, a lecturer at the department of Sociology, Political Science and Communication at the Open University of Israel, and one of several privacy experts in the country who wrote an open letter to the Prime Minister seeking clarity on the government’s new surveillance methods. "Employing these monitoring tools could disproportionately hurt all citizens’ privacy."
While location data may prove fruitful in tracking and controlling a pandemic like COVID-19, history holds some warning flags, US privacy experts say.
“Governments are prone to overreach in an emergency,” Gaurav Laroia, Senior Policy Counsel and privacy expert at consumer group Free Press told Motherboard. “Especially when they feel the situation is slipping out of their control.”
“There’s certainly a possibility that the government may seek to expand domestic surveillance powers under the guise of protecting the public,” he said.
Sara Collins, Policy Counsel at digital rights group Public Knowledge, told Motherboard that it would be difficult to implement Israel’s specific policy under US law.
“Right now, the only way for the US government to receive geolocation data is either through the warrant/subpoena process, the purchase of geolocation data, or voluntary partnerships with entities that collect geolocation data,” she said.
“None of these methods would be easy to implement quickly or would cover the entirety of the US population, but they are possibilities,” she added. “The ease with which entities can acquire vast amounts of geolocation data is one of the many reasons we need federal privacy legislation.”
Late last month the FCC said it would be fining four major US carriers after they were caught selling access to consumer data to all manner of dubious middlemen. But the penalties paled in comparison to the money gleaned off this data by wireless carriers over the last decade, and wireless carriers like T-Mobile say they’ll be fighting the fines.
Authors like Author Naomi Klein have long warned that disasters provide handy cover for major corporations or governments pushing controversial policies. Such a threat is particularly pointed here in the U.S., where the expansion of barely transparent domestic surveillance programs operates at a brisk pace even under normal circumstances.
On Monday, Senate leadership plans to push through a vote on the USA Freedom Reauthorization Act of 2020, legislation that renews many of the more problematic aspects of the controversial Patriot Act. The Act had already passed the House on a 278–136 vote despite widespread condemnation by privacy and civil liberties groups.
Doctor Linnet Taylor, a data researcher at Tilburg Law School, took to Twitter to warn that any new surveillance efforts established during the COVID-19 crisis should include sunset clauses ensuring they’re rolled back once the threat has abated. Access to the data should also be restricted to avoid Cambridge Analytica-esque abuse, she warned.
“It’s more than possible for the government to be active and responsive in the face of this public health crisis while being respectful of people’s civil liberties and privacy,” Laroia said.
“Public health measures should be driven by science and not used opportunistically to reverse the progress we’ve made in rolling back the government’s domestic surveillance powers since 9/11,” he added. “We must be vigilant about our community’s health — and rights as well.”