Apple, Google Join Forces To Create Free Tools For Coronavirus Tracking

from the stepping-up-when-the-gov't-won't...-or-at-least-shouldn't dept

Fortunately, the US government hasn’t decided (yet!) to opt everyone into some sort of tracking program to mitigate the spread of the coronavirus. This doesn’t mean you can’t opt yourself into tracking to head off possible infections and/or gauge your risk level.

Apple and Google are working together to build a set of tools that can be used to track the spread of the virus, and it’s all purely voluntary. Obviously, there are some concerning aspects about the use of these tools by public health agencies, but the companies have done a pretty good job lowering the risk of these being turned into always-on surveillance apps.

This is from Apple’s press release, which is light on details but gives a broad overview of what’s happening.

First, in May, both companies will release APIs that enable interoperability between Android and iOS devices using apps from public health authorities. These official apps will be available for users to download via their respective app stores.

Second, in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms. This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities. Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders. We will openly publish information about our work for others to analyze.

These will allow for voluntary contact tracing using Bluetooth signals. A unique signal would be broadcast by participants to nearby devices, including those within the CDC-recommended six feet minimum for social distancing. Users would self-report their COVID status, broadcasting that info as well. No one’s location data is gathered and their movements aren’t tracked. All processing of signals occurs on users’ devices.

More details can be found in spec sheets released by the companies. Apple’s notes that device privacy is protected by identifiers that change every 15 minutes, making it almost impossible to use the APIs for long-term tracking of people’s movements. If a user tests positive for COVID-19, they must opt in to sharing that data with the API servers.

There are no perfect solutions for this pandemic and this one isn’t. But it’s far more robust and more respectful of users’ privacy than most of what’s being pushed by governments elsewhere in the world. The addition of government fabric to the framework doesn’t undercut the protections built into the system. The upside for public health agencies is better, faster tracking of viral spread — something that’s almost impossible at this point in time.

The downsides are mostly related to the tech itself and the nature of human beings. Bluetooth signals don’t necessarily indicate human contact — especially when lots of people live in close proximity but are rarely face-to-face, like in large apartment complexes.

Also worrying is the potential for abuse by the worst human beings, of which there are far too many. Ashkan Soltani suggests the apps could be misused to troll the system into uselessness.

MOST IMPORTANTLY there’s a REAL risk of abuse from these apps — generating false alarms and Denial-of-Service attacks from people falsely flagging that they’re infected with COVID19 (crying ‘wolf) — thereby potentially affecting the others they’ve digitally been in contact with

Finally, there’s the problem with our healthcare system in general. There supply of reliable tests is still limited and it seems unlikely heading to your primary care provider with a Bluetooth positive (but no symptoms) is going to persuade them to test you for the virus. Hopefully the availability of tests will increase as time goes on, making this tool more useful to more people.

Even the ACLU seems cautiously supportive of the tech companies’ joint effort:

“To their credit, Apple and Google have announced an approach that appears to mitigate the worst privacy and centralization risks, but there is still room for improvement. We will remain vigilant moving forward to make sure any contact tracing app remains voluntary and decentralized, and used only for public health purposes and only for the duration of this pandemic.”

As always, the biggest drawback of this effort is also its greatest strength: it’s entirely voluntary. In a nation of rugged individualists (which unfortunately includes people who believe this isn’t actually a pandemic or that the 5G rollout is somehow linked to the coronavirus), it’s tough to get people to buy into voluntary health efforts, no matter how beneficial they may be to themselves or anyone else around them. Mandatory tracking would provide better data faster, but our government hasn’t shown it can be trusted to handle this much power responsibly. So, voluntary it is and whatever buy-in there is will be better than the nothing we’re doing now.

Filed Under: , , , , ,
Companies: apple, google

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Apple, Google Join Forces To Create Free Tools For Coronavirus Tracking”

Subscribe: RSS Leave a comment
15 Comments
Ehud Gavron (profile) says:

Privacy Policy + Anti TypeI/TypeII error tech needed

Preempt: I understand the press release just came out and the API isn’t complete, won’t be implemented till May, and it will take months to get it to the handset. (Emojis take 8 months, so figure a real app takes longer.)

PRIVACY POLICY
The A/G companies have indicated they will anonimyze data tokens. This unfortunately no longer is of sufficient benefit. See https://www.nytimes.com/2019/07/23/health/data-privacy-protection.html

To the end of ensuring both HIPAA compliant patient privacy, as well as geolocation data being judged 4thAM stuff, there should be a strict privacy policy by G/A to

  • ensure that individuals cannot be found after indicating valid CV19 results.
  • ensure that no entity can "round up people" based on who someone has come into contact with — only that they can send a message which will eventually route to those people. (In other words, an app popup is fine, but a call telling you "Hey Alice, you came into contact with Bob… and he’s C19 positive. Cops are enroute to pick you up for your test" is bad

TYPE I errors
That’s also known as a "false negative". So if the person doesn’t indicate they have CV19… then none of this will work. I’m not sure how to resolve that without some national system where your health services provider ‘tags’ your special code (that changes like an Authenticator and isn’t static like a BC wallet).

TYPE II errors
That’s also known as a "false positive". That’s where I go meet lots of people I don’t want around and then tag myself as CV19 positive. Think, for example, of my attending Republican hearings, Trump Dinners (or Mar-A-Lago "Trump Trains") and then tagging myself as CV19 positive. The damage is incalculable.
https://www.usatoday.com/in-depth/news/investigations/2020/04/09/instead-prepping-coronavirus-trump-partied-golfed-held-fundraisers/2941076001/
This too could be solved by having health care providers do the tagging.

So in my ideal world we wouldn’t have these diseases. However, since we do my recommendation is:

  1. True anonymous user IDs/keys that are dynamic, and are provided by the individual’s cellphone*.
  2. The health-care provider has THEIR ID/key that they have to have to sign off on a POSITIVE or NEGATIVE test.
  3. Dates on everything and MANDATORY removal of obsolete data.
  4. Privacy Policy says this will ONLY be used for CV19 screening, data scrubbed after CV19 gestation period, and guaranteed that LEOs have no access to the data with no exception. It will be used to inform people they’ve been possibly exposed (and how many people away that is) not to allow LEOs/Govt to try and suss out who it is.

Happy Good Friday, Easter weekend, and best weekend wishes to all. Stay safe,

Ehud

  • Yes, the cellphone thing. Some companies give their employees cellphones. Some people have multiple cellphones. Some borrow their friend’s cellphone. Some HAVE NO CELLPHONE. I don’t know how to solve for all this. A cellphone is not a unique identifier even if there’s an Authenticator App and a password. I appreciate G/A trying to solve this one… but I think using a cellphone as a target designator is a poor choice.
Anonymous Coward says:

The upside for public health agencies is better, faster tracking of viral spread … the apps could be misused to troll the system into uselessness.

The platform looks like pretty good work, but we may be getting ahead of ourselves by declaring it useful. That’s something that would need to be supported by evidence. The people who use the app will be showing enough concern for their health that they’ll likely respect distancing guidelines; others who get close enough to cough on them won’t be using it. The self-selection bias could be strong enough to make trolling irrelevant.

This comment has been flagged by the community. Click here to show it.

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

If you want to avoid being tracked, just get a prepaid "burner" phone and pay using cash so your identify cannot be tracked.

Or, if are close to to the Mexican border, and are a USA/Mexico dual national, just go into Mexico and sign up for a Mexican cell phone provider that allows "roaming" in the United States.

Mexican cell phone providers are not subject to any American laws, even if someone close to the border is using a Mexican provider. Mexican cell phone providers only have to follow Mexican law, even if somoene on the US side of the border is using the service.

If you are Mexican citizen and show valid Mexican ID to get a cell phone, that provider does not have to follow US laws, even if you are also a US ciitizen or permanent resident and/or using the phone on the US side of the border.

Anonymous Coward says:

Sounds like Pepp-PT

This technology developed at Heinrich Herz Institute is remarkably similar to the one Google and Apple are presenting. Both use Bluetooth for tracing and a decentralized system with identifiers changing every 15 minutes. This and the known, trusted names in the European effort like Ulf Buermeyer give me hope that these will be fruitful efforts.

TRX says:

The spy app they’re talking about doesn’t provide any information the Feds can’t get directly from the cellular providers. That’s yer basic call data which they already subpoena huge volumes when the telcos don’t hand it over voluntarily.

The only difference is, the Google/Apple app data wouldn’t have even the telco’s minimal restrictions and oversight.

For that matter, given how iPhones and Android phone tattle back to their motherships, they’d have to prove they’re not already collecting that data "for quality control purposes" or some other justification.

It’s a nothingburger, COVID-wise.

Rockstar (profile) says:

Re: They Should, Its their Duty

and of course. They need to slow their work or put on automation. What’s more than human life. Even I have stopped working on developing apps, website (finexo.co.uk), halt my others work too. and become a volunteer to help doctors to the maximum.

I said so, because many may think what the comment writer done special.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...