Google and Apple have made a statement aimed to ease privacy concerns surrounding their joint contact tracing project. In addition to some revisions to their initial plan, the two tech giants both promised to disable the new technology once the COVID-19 coronavirus pandemic has subsided.
The joint project is designed to utilize Bluetooth technology to enable the sharing of digital keys between devices in order to track who has been in close proximity of each other. Those phones would be able to interact with each other regardless of operating system thanks to the API that Google and Apple are developing. That API would be used in third-party apps that would require users to opt-in to the service.
Once a user notifies the app that they have tested positive for COVID-19, the app would go through its database of shared keys and then notify those who match that they may have been in contact with an infected individual.
Focusing on Creating “Privacy-Preserving Contact Tracing”
The idea that this new technology would be able to retroactively track the movements of anyone with a smart phone sparked a lot of privacy concerns. Google and Apple addressed those concerns by making a few revisions to their project.
First, they are taking a step back from their original plan. After the companies’ pledged to deactivate the contact tracing capabilities when the pandemic subsides, their plan to integrate the technology into the framework of their upcoming phones seems to have been nullified. This is reassuring because it emphasizes the point that this is a project designed solely to combat the pandemic.
The second change revolves around encryption. The API is being designed in a way that, along with the digital keys, it would share the phone’s power level and the version of the app that is being used. Unwanted parties could potentially intercept that metadata in transit, then use it to identify users of the app. Google and Apple are now modifying the API so that it encrypts that metadata in an effort to keep users’ data private. To that end, the API will now be generating digital keys randomly rather than mathematically deriving them from a user’s private key.
The third big change is a branding one. In what seems like an effort to reduce anxiety surrounding the new technology, Google and Apple are now referring to it as an “exposure notification system.” The switch does do a good job of toning back the Orwellian vibes tied to the original name while reminding the population that the apps would be most effective when used “in service of broader contact tracing efforts by public health authorities.”
Questions Still Surround the Project
Everything that has recently come out surrounding Google and Apple’s “exposure notification” project has avoided addressing concerns surrounding the validity of self-reported diagnoses. The responsibility of verification may ultimately fall to the app developers and public health agencies that work with them; Google and Apple seem to be focused entirely on making the contact tracing tech both secure and available.
Possibly the biggest question is, will people use the apps when they become available? The increased assurances from Google and Apple should increase the likelihood that the contact-tracing apps are widely used. However, the Singaporean mobile contact tracing project’s lack of success is not a good sign for app developers. The small city-state’s government-sanctioned program only saw 1.08 million of its 5.7 million residents download the app—much less than their goal of 4.3 million.
While some Americans are emphatically protesting containment efforts, it is difficult to see a scenario in which a contact tracing app is used on a wide enough scale to be effective. If Google and Apple can back their promises to preserve personal privacy, the project still seems worth exploring.