Apple and Google have unveiled an app – soon to be built into their mobile operating systems – that will trace users’ contacts to fight Covid-19. They insist it will be ‘opt-in’ and respect privacy, but we’ve heard that before.
The tech giants announced they were working together on a Bluetooth-based contact-tracing app on Friday. The platform will debut as an API – a tool programmers can use to integrate the functionality into their own apps – next month, the companies said, and will eventually be built into the iOS and Android operating systems themselves.
The app will work by sharing identifying information between nearby phones across a Bluetooth connection and notifying users when they have come into contact with an infected person, or one who later turns out to be infected. Its servers have a 14-day ‘memory’ of devices that have crossed paths. Both companies took pains to reassure the public that the identity and location of users will not be shared, insisting that the app works on proximity to other phones only rather than independent geographic position. Data decryption would occur locally, on the user’s phone, they explained.
“Privacy, transparency and consent are of utmost importance in this effort,” the corporations said in a joint statement , pledging to “publish information about our work for others to analyze” and work with “interested stakeholders” to expand the app’s functionality.
While both companies repeatedly insisted that the tech will be “opt-in” and respect users’ privacy and security, its eventual integration into the very operating systems that run the phones used by the vast majority of smartphone users is likely to concern privacy advocates. While Apple has framed itself as the ‘responsible’ Big Tech behemoth with regard to privacy, information-hungry Google is notorious for running every morsel of data it can get its hands on through thickets of algorithms and apologizing for intrusions later, if at all.
Contact tracing can help slow the spread of COVID-19 and can be done without compromising user privacy. We’re working with @sundarpichai & @Google to help health officials harness Bluetooth technology in a way that also respects transparency & consent. https://t.co/94XlbmaGZV— Tim Cook (@tim_cook) April 10, 2020
The companies’ statement explains its APIs will work hand in glove with apps built by public health authorities. While unofficial collaboration between Big Tech and Big Brother has reached new heights under the coronavirus epidemic, making the relationship official is not likely to sit well with users worried about hacks and leaks – or the potential information bonanza that would come from opening a data channel between the authorities and citizens’ phones.
I don’t like this, it’s starts voluntary, but will likely soon be mandated. We are moving towards a surveillance state at an alarming pace!https://t.co/T07sOFK4Kd— Young Dumb Crypto 🥛 (@youngdumbcrypto) April 10, 2020
The statement notably avoids mentioning what happens after a person is revealed to be exposed to an infected individual. Presumably they are expected to self-quarantine, but will the system notify authorities if they fail to do so? What about false positives, which are reportedly frequent with some Covid-19 tests?
The Google-Apple model is far from the only contact-tracing app on the market. Some 20 city and state governments in the US are in various stages of adopting a similar app called Private Kit developed at the Massachusetts Institute of Technology, while the Pan-European Privacy Preserving Proximity Tracing Initiative, another Bluetooth-based model that claims (as the name suggests) to preserve users’ privacy, has been touted by the EU as the solution to contact-tracing for the entire continent. Meanwhile, the US government is rumored to be using mobile advertising data to track individuals already.
The urgency of the coronavirus pandemic has been used by governments worldwide to justify unprecedented intrusions into their citizens’ privacy. While Google and Apple have promised the contact-tracing functionality that will soon be integrated into their operating systems can be remotely deactivated after the pandemic is over, their track record does not inspire confidence that they will keep that promise.