Technology giants Apple and Google have joined forces to develop a compatible contact tracking tool to turn their phones into Coronavirus Contact Tracking Devices that helps people determine if they have contacted someone infected with COVID-19.
As part of this new initiative, companies are expected to publish an API that government agencies can integrate into their applications. The next iteration will be an integrated system-level platform that uses Bluetooth Low Energy (BLE) tags to track contacts based on consent.
The API is expected to appear in mid-May for Android and iOS, and a larger contact tracking system will be rolled out “in the coming months.”
“Confidentiality, transparency, and consent are paramount in these efforts, and we look forward to developing this functionality in consultation with interested parties,” the companies said.
This rare collaboration occurs when governments around the world increasingly turn to technologies such as telephone tracking and face recognition to fight the virus and curb the coronavirus epidemic.
Zero Use of Location Data
Apple also launched a new web page announcing this feature, which details the preliminary Bluetooth specifications, the cryptography specifications, and the infrastructure API on which the contact tracking system will be based.
Unlike existing applications developed in different countries that use real-time location tracking to apply quarantine rules, the proposed system does not provide for tracking user locations or other identifying data.
Instead, he uses BLE tags to determine if the person was next to other people who tested positive for COVID-19, thereby ensuring that privacy is not compromised.
Apple and Google have noted that users will need to give their explicit consent for this to work. It also means that for it to be effective, millions of people had to register, which forces Apple and Google to establish adequate privacy protection before it can be deployed on a large scale.
According to an official publication published by Google, here’s how such a system can work:
When two people come into close contact for a certain period (say, 10 minutes or more), their phones exchange anonymous identification tags. Identifiers rotate every 15 minutes and have no personal information.
If one of them has a positive diagnosis of COVID-19, this infected person can enter the test result into the application from the public health authority, in which the above API is embedded.
The infected person may then agree to download the last 14 days of their broadcast tags to the system.
Anyone close to a person with a positive result will be warned if there is a mark on the device that matches the broadcast marks of all those who gave a positive result on COVID-19 in the region.
The application then provides the person with information on the next steps.
“This model trusts the central authority less, but creates new risks for users who share their infection status, which should be mitigated or accepted,” the Electronic Frontier Foundation (EFF) said about the proposal.
“Full transparency about how applications and APIs work, including with open source, is necessary so that people understand and give informed consent to the risks,” he added.
Apple and Google are based on TraceTogether, an application developed by Singapore’s government to track contacts via Bluetooth.
The open-source application uses the relative signal strength indicator (Bluetooth) RSSI between devices to determine the proximity and duration of a meeting between two people. Meeting records are stored on their respective phones for 21 days.
Applications such as COVID-Watch and Private Kit: Safe Paths by MIT also use a mixture of GPS and Bluetooth data to track people who have walked each other for 14 days.
But that is not all. A group of scientists from European research institutes has proposed the COVID-19 Bluetooth-based contact tracking system called “Decentralized Proximity Tracking with Confidentiality” (DP-PPT), which aims to “minimize privacy and security risks for individuals and communities and guarantee the highest level of protection.
Pandemic Surveillance Privacy Issues
The need to distinguish between infected people and maintain quarantine has prompted governments around the world to take strict surveillance measures. To date, more than 28 countries have adopted a combination of smartphones and electronic wristbands for tracking and even require citizens to send their photos at home within 20 minutes or to expose themselves well.
Responding to confidentiality questions raised by the European Data Protection Supervisor, the European Union stated that it would use a “pan-European approach” to use mobile applications to track the spread of coronavirus and to include a common scheme using aggregated anonymous data to track people who come in contact with infected people and tracking those in quarantine.
Earlier this week, the American Civil Liberties Union (ACLU) expressed concern about tracking users using aggregate telephone data, saying that any system should be limited in scope and avoid any risk to life. confidentiality and abuse.
While countries such as South Korea have been able to minimize the epidemic through an extensive contact tracing program, it also raises questions about consent, such as whether users can opt-out before receiving this data. to be collected and stored, not to mention the potential danger of turning a blind eye to privacy risks.
In particular, how long will data collection continue and when will it be discontinued? It is also important to ensure that the collected anonymous data cannot be reconstructed to track people.
Cybersecurity expert Bruce Schneier said that any data collection and digital surveillance initiative “needs to be scientifically sound and recognized as necessary by public health professionals for localization purposes. And that data processing needs to be proportionate to what is needed.”
Expressing the need to protect civil liberties in times of crisis, the EFF stated that circumventing certain privacy protections was justified but warned that “all emergency measures used to manage a particular crisis should not become permanent functions in the landscape of government intrusions into everyday life.”
In other words, these programs should not pave the way for overruns of state or draconian surveillance systems, which will continue to exist even after the end of the current epidemic. With strict confidentiality, guarantees are the best way to ensure that emergency measures do not become the new standard.
Without a doubt, this is a slippery slope. In order to stop the spread and control of the situation, mobilizing a pandemic surveillance device to contain the epidemic requires an adequate balance between transparency, meeting public health needs and civil rights.