Apple last week and Google announced a partnership to help users quickly choose a decentralized tracing tool to help determine if a person has come into contact with someone who has tested positive for COVID-19.
The opt-in system uses Bluetooth to transmit a random and anonymous identifier to nearby devices. A user can then upload their anonymized data, which is then sent to other devices. If a match is found based on the time spent and the distance between nearby devices, a user is informed that he or she may have been exposed to the virus by someone whose identity is not shared.
It is a system similar to that developed by MIT researchers, which also uses Bluetooth to anonymously inform others about possible infections. Like the new efforts by Apple and Google, the system also circumvents the use of location data.
Contact tracing has proven to be somewhat effective in some parts of the world and has helped authorities understand the hotspots of infections. Data protection groups and security experts fear, however, that privacy would put people's individual rights in the background to curb the spread of the virus. Apple and Google said the service is privacy-oriented. The system does not use location data, the user's random identifiers change every 15 minutes to prevent tracking, and all data collected is processed on the device and only leaves a user's phone when they release it.
Security and data protection experts quickly pointed out possible errors in the system. The former FTC chief technician Ashkan Soltani warned against false positive, but also false negative results. Moxie Marlinspike, founder of the signal-encrypted messaging app, also voiced concerns that the system could be misused.
theinformationsuperhighway participated in a media call with representatives from Apple and Google, during which reporters could ask questions about their efforts to trace corona viruses.
The following was discussed on the call.
Which versions of iOS and Android receive the feature update?
Apple has announced that it will transfer the update to the largest possible number of iOS devices. More than three quarters of iPhones and iPads are equipped with the latest version of iOS 13 and receive the update. Google has announced that it will update Google Play Services, a core component of Android, with this feature so that the contact tracking system can run on the entire fleet of Android devices (with Android 4.1 or newer) and not only on the most recently updated devices.
When will this tracking system be available?
Apple and Google announced mid-May software updates to support contact tracking support. Health authorities will integrate the contact tracking API into their apps, which can then be downloaded from the Apple and Google app stores. The companies announced that they would be integrating the contact tracking feature into iOS and Android in the coming months so users don't even have to install an app. The companies said this would help more people use the system.
Even if the system-level contact tracking feature were integrated into the operating system, any positive match detection would still prompt the user to download the appropriate public health app for their region for more information on the COVID-19 contact tracking process and Next Steps.
Can someone else use the API?
The companies indicated that only public health authorities have access to the Contact Tracking API.
This restricted API usage is restricted in the same sense that you limit individual healthcare to accredited medical professionals such as doctors. In the same way, the use of the API is restricted only to authorized public health organizations identified by the government responsible for naming such facilities for a particular country or region. In some cases, there may be conflict over what constitutes a legitimate public health agency, and possibly even disagreement between national and government agencies. So this seems to be a place where there can be friction, with Apple and Google as a platform on a difficult foundation operators.
Is the data stored in a central database?
According to Apple, the data is processed on a user's device and transferred via servers that are operated by health organizations around the world and not centralized. The technology giants said that because data is decentralized, it is much more difficult for governments to monitor.
Does that mean Apple, Google, or health officials can access the data?
Apple and Google admitted that no system is completely secure – it's a well-known concept in cybersecurity that nothing is "not hackable". Servers can be damaged and data can be lost. However, decentralizing the data makes it much more difficult for people with malicious intent to access the data.
How do you prevent people from creating false reports?
The companies said they worked with various public health organizations to confirm diagnoses such as health authorities and to perform validation. Apple and Google want users to trust the system. This also means that users know that the system is reliable.
How is a confirmed COVID-19 case identified?
Apple and Google point out that a positive test result is probably the best way to identify a case, but not necessarily the only way. It is true that a diagnosis by a doctor does not require a confirmed positive test result that specifically identifies the presence of the virus. In theory, a health agency could set a lower bar that, for example, only requires diagnosis based on symptom presentation.
Both technology giants admit that effective contact tracking requires a high level of case identification within a population, but left the door open to the possibility that high level of case identification may not necessarily translate one to one, if widely used, if others Means of case identification by local health authorities in a given area are considered reliable enough.
Should you trust this system?
There is no easy answer. Apple and Google seem to have developed a system that is better than nothing, but it is a system that requires considerable user trust. You have to trust that Apple and Google have developed a system that can withstand abuse – either by itself or by governments. But no system is foolproof or immune to abuse. If you don't trust the system, you don't have to use it.