Apple, Google Join Forces To Create Free Tools For Coronavirus Tracking

from the stepping-up-when-the-gov't-won't...-or-at-least-shouldn't dept

Fortunately, the US government hasn't decided (yet!) to opt everyone into some sort of tracking program to mitigate the spread of the coronavirus. This doesn't mean you can't opt yourself into tracking to head off possible infections and/or gauge your risk level.

Apple and Google are working together to build a set of tools that can be used to track the spread of the virus, and it's all purely voluntary. Obviously, there are some concerning aspects about the use of these tools by public health agencies, but the companies have done a pretty good job lowering the risk of these being turned into always-on surveillance apps.

This is from Apple's press release, which is light on details but gives a broad overview of what's happening.

First, in May, both companies will release APIs that enable interoperability between Android and iOS devices using apps from public health authorities. These official apps will be available for users to download via their respective app stores.

Second, in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms. This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities. Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders. We will openly publish information about our work for others to analyze.

These will allow for voluntary contact tracing using Bluetooth signals. A unique signal would be broadcast by participants to nearby devices, including those within the CDC-recommended six feet minimum for social distancing. Users would self-report their COVID status, broadcasting that info as well. No one's location data is gathered and their movements aren't tracked. All processing of signals occurs on users' devices.

More details can be found in spec sheets released by the companies. Apple's notes that device privacy is protected by identifiers that change every 15 minutes, making it almost impossible to use the APIs for long-term tracking of people's movements. If a user tests positive for COVID-19, they must opt in to sharing that data with the API servers.

There are no perfect solutions for this pandemic and this one isn't. But it's far more robust and more respectful of users' privacy than most of what's being pushed by governments elsewhere in the world. The addition of government fabric to the framework doesn't undercut the protections built into the system. The upside for public health agencies is better, faster tracking of viral spread -- something that's almost impossible at this point in time.

The downsides are mostly related to the tech itself and the nature of human beings. Bluetooth signals don't necessarily indicate human contact -- especially when lots of people live in close proximity but are rarely face-to-face, like in large apartment complexes.

Also worrying is the potential for abuse by the worst human beings, of which there are far too many. Ashkan Soltani suggests the apps could be misused to troll the system into uselessness.

MOST IMPORTANTLY there's a REAL risk of abuse from these apps -- generating false alarms and Denial-of-Service attacks from people falsely flagging that they're infected with COVID19 (crying 'wolf) -- thereby potentially affecting the others they've digitally been in contact with

Finally, there's the problem with our healthcare system in general. There supply of reliable tests is still limited and it seems unlikely heading to your primary care provider with a Bluetooth positive (but no symptoms) is going to persuade them to test you for the virus. Hopefully the availability of tests will increase as time goes on, making this tool more useful to more people.

Even the ACLU seems cautiously supportive of the tech companies' joint effort:

"To their credit, Apple and Google have announced an approach that appears to mitigate the worst privacy and centralization risks, but there is still room for improvement. We will remain vigilant moving forward to make sure any contact tracing app remains voluntary and decentralized, and used only for public health purposes and only for the duration of this pandemic."

As always, the biggest drawback of this effort is also its greatest strength: it's entirely voluntary. In a nation of rugged individualists (which unfortunately includes people who believe this isn't actually a pandemic or that the 5G rollout is somehow linked to the coronavirus), it's tough to get people to buy into voluntary health efforts, no matter how beneficial they may be to themselves or anyone else around them. Mandatory tracking would provide better data faster, but our government hasn't shown it can be trusted to handle this much power responsibly. So, voluntary it is and whatever buy-in there is will be better than the nothing we're doing now.

Filed Under: api, bluetooth, contact tracking, coronavirus, covid-19, privacy
Companies: apple, google


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 10 Apr 2020 @ 4:31pm

    Since sanity is only licensed out, and for a limited time:
    I hope they license the API with a permissive or good copyleft license.

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 10 Apr 2020 @ 4:52pm

    Y'all laughed at my crappy barely smrt phone....
    Now the new Typhoid Mary's are gonna get their flip phones out & be the unseen hand of infection slipping through the models undetected.

    TFW you once again think everyone has a smart phone just proving Uncle TAC's personal bubble theorem.

    reply to this | link to this | view in chronology ]

  • icon
    Ehud Gavron (profile), 10 Apr 2020 @ 5:22pm

    Privacy Policy + Anti TypeI/TypeII error tech needed

    Preempt: I understand the press release just came out and the API isn't complete, won't be implemented till May, and it will take months to get it to the handset. (Emojis take 8 months, so figure a real app takes longer.)

    PRIVACY POLICY
    The A/G companies have indicated they will anonimyze data tokens. This unfortunately no longer is of sufficient benefit. See https://www.nytimes.com/2019/07/23/health/data-privacy-protection.html

    To the end of ensuring both HIPAA compliant patient privacy, as well as geolocation data being judged 4thAM stuff, there should be a strict privacy policy by G/A to

    • ensure that individuals cannot be found after indicating valid CV19 results.
    • ensure that no entity can "round up people" based on who someone has come into contact with -- only that they can send a message which will eventually route to those people. (In other words, an app popup is fine, but a call telling you "Hey Alice, you came into contact with Bob... and he's C19 positive. Cops are enroute to pick you up for your test" is bad

    TYPE I errors
    That's also known as a "false negative". So if the person doesn't indicate they have CV19... then none of this will work. I'm not sure how to resolve that without some national system where your health services provider 'tags' your special code (that changes like an Authenticator and isn't static like a BC wallet).

    TYPE II errors
    That's also known as a "false positive". That's where I go meet lots of people I don't want around and then tag myself as CV19 positive. Think, for example, of my attending Republican hearings, Trump Dinners (or Mar-A-Lago "Trump Trains") and then tagging myself as CV19 positive. The damage is incalculable.
    https://www.usatoday.com/in-depth/news/investigations/2020/04/09/instead-prepping-coro navirus-trump-partied-golfed-held-fundraisers/2941076001/
    This too could be solved by having health care providers do the tagging.

    So in my ideal world we wouldn't have these diseases. However, since we do my recommendation is:

    1. True anonymous user IDs/keys that are dynamic, and are provided by the individual's cellphone*.
    2. The health-care provider has THEIR ID/key that they have to have to sign off on a POSITIVE or NEGATIVE test.
    3. Dates on everything and MANDATORY removal of obsolete data.
    4. Privacy Policy says this will ONLY be used for CV19 screening, data scrubbed after CV19 gestation period, and guaranteed that LEOs have no access to the data with no exception. It will be used to inform people they've been possibly exposed (and how many people away that is) not to allow LEOs/Govt to try and suss out who it is.

    Happy Good Friday, Easter weekend, and best weekend wishes to all. Stay safe,

    Ehud

    • Yes, the cellphone thing. Some companies give their employees cellphones. Some people have multiple cellphones. Some borrow their friend's cellphone. Some HAVE NO CELLPHONE. I don't know how to solve for all this. A cellphone is not a unique identifier even if there's an Authenticator App and a password. I appreciate G/A trying to solve this one... but I think using a cellphone as a target designator is a poor choice.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Apr 2020 @ 8:43pm

    The upside for public health agencies is better, faster tracking of viral spread ... the apps could be misused to troll the system into uselessness.

    The platform looks like pretty good work, but we may be getting ahead of ourselves by declaring it useful. That's something that would need to be supported by evidence. The people who use the app will be showing enough concern for their health that they'll likely respect distancing guidelines; others who get close enough to cough on them won't be using it. The self-selection bias could be strong enough to make trolling irrelevant.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    icon
    Anousheh (profile), 11 Apr 2020 @ 2:55am

    Free Tool

    Its is great for Google ads who want to track there conversion also for me because I going to start Google display campaign for https://rawdah.io.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    icon
    New silkroad (profile), 11 Apr 2020 @ 5:25am

    Buy Adderal 30mg Online without prescription from newsilkroad

    order now at https://newsilkroad.club/
    No prescription required.
    100% safe and discreet shipping.
    Overnight delivery is available.
    Moneyback guarantee.
    Best quality products.
    Worldwide delivery in just 7 days.
    US to US delivery in just 3 days.
    Best kind of Pills suppliers.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Apr 2020 @ 6:11am

    Oh yeah, it's free now. But after it is made mandatory there will obviously be a fee to pay. Watch the stocks rise. What a house of cards, no wonder it falls down so easily.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Apr 2020 @ 5:28pm

    If you want to avoid being tracked, just get a prepaid "burner" phone and pay using cash so your identify cannot be tracked.

    Or, if are close to to the Mexican border, and are a USA/Mexico dual national, just go into Mexico and sign up for a Mexican cell phone provider that allows "roaming" in the United States.

    Mexican cell phone providers are not subject to any American laws, even if someone close to the border is using a Mexican provider. Mexican cell phone providers only have to follow Mexican law, even if somoene on the US side of the border is using the service.

    If you are Mexican citizen and show valid Mexican ID to get a cell phone, that provider does not have to follow US laws, even if you are also a US ciitizen or permanent resident and/or using the phone on the US side of the border.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Apr 2020 @ 3:41am

    Sounds like Pepp-PT

    This technology developed at Heinrich Herz Institute is remarkably similar to the one Google and Apple are presenting. Both use Bluetooth for tracing and a decentralized system with identifiers changing every 15 minutes. This and the known, trusted names in the European effort like Ulf Buermeyer give me hope that these will be fruitful efforts.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Apr 2020 @ 8:34am

    How about you just don't carry a cell phone everywhere? They can't force you to carry a cell phone, or any other device unless court ordered. So opt out the old fashioned way.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Apr 2020 @ 7:37am

    -In comes the crisis (9/11, Coronavirus, cold hot dog water, whatever)
    -Out go our civil liberties

    reply to this | link to this | view in chronology ]

  • identicon
    TRX, 14 Apr 2020 @ 8:57am

    The spy app they're talking about doesn't provide any information the Feds can't get directly from the cellular providers. That's yer basic call data which they already subpoena huge volumes when the telcos don't hand it over voluntarily.

    The only difference is, the Google/Apple app data wouldn't have even the telco's minimal restrictions and oversight.

    For that matter, given how iPhones and Android phone tattle back to their motherships, they'd have to prove they're not already collecting that data "for quality control purposes" or some other justification.

    It's a nothingburger, COVID-wise.

    reply to this | link to this | view in chronology ]

  • icon
    Rockstar (profile), 14 May 2020 @ 7:41am

    They Should, Its their Duty

    Being a Leading Companies. It's their Duty To overlook personal issues and work for the community. It is not sufficient only to create an app for people. Jump into the war.

    reply to this | link to this | view in chronology ]

    • icon
      Rockstar (profile), 14 May 2020 @ 8:11am

      Re: They Should, Its their Duty

      and of course. They need to slow their work or put on automation. What's more than human life. Even I have stopped working on developing apps, website (finexo.co.uk), halt my others work too. and become a volunteer to help doctors to the maximum.

      I said so, because many may think what the comment writer done special.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.