The COVID-19 contact tracking system on which Apple and Google are working together raises several doubts about privacy. Some American fans and President Trump himself wished to have more details. Apple has therefore clarified other aspects of this technology.
Contact tracking solutions are designed to control the spread of viruses by creating a complete history of people who have been in contact with an infected or potentially infected person for a specified period of time. Apple and Google are trying to digitize and then automate, which is traditionally a manual process.
How it works
The system will run on Android 6.0 and iOS 13 (or later) devices and will be released in two steps. In the first phase, in May, the two companies will publish APIs to allow interoperability between Android and iOS devices of applications developed by health authorities. These official apps can be downloaded by users through their respective app stores. During the second phase, in the coming months, Apple and Google will work on the provision of a broader contact tracking platform based on Bluetooth, integrating this functionality into operating systems. It is a more solid solution than an API and would allow more people to participate, always on a voluntary basis. It would also allow interaction with a wider application ecosystem and government health authorities.
at each stage, apple and google said the system was built on the principles of “privacy, transparency and user control”.
Once implemented, the technology will use a device's Bluetooth to keep an eye on those approaching the owner. In particular, the Bluetooth identifiers are changed and saved locally.
If a user subsequently tests positive for COVID-19 and agrees to share this information, their device will send the contact keys to a central server for the next 14 days. Phones periodically download positive broadcast beacons or user beacons that have reported positive test results to COVID-19 and look for matches in a list of anonymized identifiers stored locally. If a match is found, an alert is displayed with links to information provided by health facilities.
In practice, iPhone and Android users will be able to opt for a function that uses Bluetooth (practically always active because it is used for AirDrop, AirPods and more) to create a sort of temporary and private agenda. This log records proximity interactions with other users who choose to use the same function. If one of these people tests positive for COVID-19, any user who uses the system and who has been in contact with the infected person will be informed. The system does not use GPS, as it relies solely on Bluetooth without ever connecting it to specific users. The only relevant data is whether a user has been in contact with someone who has subsequently tested positive for COVID-19.
Apple and Google said the first phase of tracking will take place in mid-May, with specific updates for iOS and Android.
Confidentiality
Apple and Google have created the system from scratch to comply with strong privacy policies. No information or data on the identifiable personal position is collected by the system, moreover the Bluetooth identifier of each device will change periodically to avoid unwanted tracking.
The two companies have also confirmed that the system will require explicit user consent in several stages and that only public health authorities can use it to manage and monitor the current pandemic.
In addition, the list of people with whom a user comes into contact is only stored locally on the device and is only shared if the user chooses to share it, for example after a positive diagnosis. The true identity of people who test positive for COVID-19 is not revealed by Apple, Google or other users. In addition, both companies can deactivate the system on a regional basis when it is no longer needed.
To combat the potential for false positives, notifications will only be sent if a public health authority confirms a diagnosis.
The success of the initiative therefore requires high levels of participation, although the exact minimum percentages are not known given the unprecedented nature of this type of monitoring. Of course, a percentage of users will not opt ​​for contact tracking for various reasons, but there is always an incentive to participate: if you enable contact tracking, you will be notified when someone with whom you have been in contact was tested positive for COVID-19. After this notification, the user should always contact their doctor or the nearest hospital to request a sample and to have a certain diagnosis. If the test is positive, the authorities will be able to immediately inform all those who have been in contact with this user during the past 14 days, obviously only among those who have chosen to activate this function. We repeat: no notification will be sent with the user's self-diagnosis, since the official must always be waited for by a special test carried out by the health authorities in charge.
The critics
Four American users officially contacted Apple in a letter asking for clarification on the confidentiality of the application and the website already available for COVID-19 testing. The company claims that all information entered by users is saved locally and is not sent to Apple or third-party companies. Certain checks carried out by specialized technicians confirm the statements made by the company.
Apple also said it had “used its technical and clinical resources to help develop a new Covid-19 website and Covid-19 application” at the request of the US Department of Health and Human Services and highlighted the functionality for protection privacy in its agreement with the agency. Apple said the tools, available as apps and on the web, are not subject to HIPAA guidelines and do not collect personal data.
The only data collected are related to the frequency with which the instrument is used and if there have been abnormal problems, obviously completely anonymous.
President Trump also expressed his opinion on the joint initiative between Apple and Google:
It’s an amazing thing, but many people have different constitutional doubts. This is incredible technology, better than that adopted by other countries. The system developed by Apple and Google would be a very accurate way of tracking contacts, but we will have to make a decision in the next four weeks.
We have more a constitutional problem than a technical problem, but we will take the right decision for the good of the citizens. We will discuss this with many people in the industry.
Trump therefore welcomed the help of Apple and Google, but put on the plate some doubts on the constitutional side, first and foremost the private life of citizens.