After many questions were raised about the new Google/Apple contact tracing API, which will enable health authorities to send alerts to people who’ve potentially been in contact with someone who’s tested positive for COVID-19, the tech giants have announced some updates to the system, which they’re aiming to make available for use by regional health bodies early next month.
The new Google/Apple API will, potentially, be the largest data-tracking tool ever created, which understandably has put many privacy advocates on edge.
Through the process, all iOS and Android devices would be able to ‘communicate’ with one another for the purposes of contact tracing – so whomever you cross paths with in your day would be tagged in your phone’s history via anonymized data keys.
It’s important to note here that no personal information is exchanged in this process. As you can see above, the system tracks data through “anonymous identifiers”, which, when a person is found to have the virus, can be used to alert all of the people that they’ve been in proximity to that they also need to self-isolate and/or visit a doctor.
Responding to early concerns, the system has now been updated with enhanced encryption of the exchanged data keys in order to avoid the potential identification of users.
As explained bt The Verge:
“Under the new encryption specification, daily tracing keys will now be randomly generated rather than mathematically derived from a user’s private key. Crucially, the daily tracing key is shared with the central database if a user decides to report their positive diagnosis.”
The new measures will ensure more security for users, while the system’s also being stripped of certain additional data elements that could, potentially, also be used to identify individuals.
Apple has also published a new Q & A document on the process, which aims to address the key concerns raised around how the API will be used – and importantly, when it will be shut off.
As per Apple:
“Google and Apple can disable the exposure notification system on a regional basis when it is no longer needed.”
Both companies have separately pledged to turn off the process for each region as required, and in conjunction with local health authorities.
The roll-out of the process will be in two stages, the first involving the download of a separate app, and the second added at a system level in each device, meaning a separate app won’t be needed for the process to be effective. The key to maximizing the value of the process is scale, so both companies are working to establish a solution which won’t require users to download a new app, necessarily – though they will still need to agree to the usage of their data for such purpose.
The update clarifies many of the concerns, but the issue of widespread location tracking and monitoring will remain. Again, an app that can trace users across both iOS and Android will essentially cover more than 97% of mobile devices in the world, which, as you can imagine, many government and illegitimate actors will also be keen to get their hands on for alternative purposes.
The value of contact tracing for the sake of containing COVID-19 will only become more important as we look to shift back into some level of normal activity, but the power of this combined process is significant.
Again, the data is anonymized, there’s no way, really, for a Government to use it beyond its intended purposes, at least as its framed at present. But the system is a significant step up in tracking capacity, and it could, at some stage, facilitate increasingly complex systems of tagging and monitoring citizens, if it’s adapted from this initial process.
Google and Apple are very aware of such concerns, and they’ll be working to solidify their protections in this respect. But it remains a concerning proposal in various respects.
But then again, both Google and Apple are tracking the location data of most users via location services anyway, they technically have this information already. Maybe, it’s just that they’re being upfront about such that raises the alarm bells.
You can read the new “Exposure Notification FAQ” from Apple here.