Last week, Apple and Google announced they were teaming up to build contact-tracing technology that could help track how the novel coronavirus spreads. The news was immediately met with questions from privacy and security experts, despite promises from Apple that “privacy, transparency, and consent [would be] of utmost importance in this effort.” Now, both companies are saying the forthcoming contact-tracing tool will require verification for positive covid-19 diagnoses, Bloomberg reports.
In a nutshell, the proposed contact tracing tech will use Bluetooth to track a person’s location and who they’ve been in contact with. If someone has come in contact with covid-19, the tech would then tell users they’d been exposed and give more information about what to do next. In further details provided on Monday, the companies said the system would be able to record when registered users have been within a few feet of each other for up to 10 minutes. The companies then said that folks who want to report themselves as covid-19 positive will need their results to be verified before they are included for analysis. According to Bloomberg, the results will be checked by public health agencies who are building apps that work with Apple and Google’s contact-tracing tech. They also noted that the program would be opt-in and that users would have to download a separate official app to input their test results.
It makes sense that Apple and Google would be quick to address the big privacy elephant in the room. When the program was initially announced, some experts pointed out spoofing and false positives were legitimate concerns that may unintentionally further overwhelm hospitals already operating at or beyond capacity in dense cities. Even President Trump had to get a word in, praising the proposed tool in a briefing as “amazing” while simultaneously noting it had “some very big constitutional problems.” (It’s unclear what’s unconstitutional about an opt-in tracking app.)
Verifying test results would help prevent jerks from abusing what’s meant to be a useful tool, and both companies have sworn up and down that no user names or locations would be shared or stored. According to Cult of Mac, Apple and Google say location details gathered via Bluetooth will change every few days to protect anonymity and that ideally, a user would never find out who exactly they caught covid-19 from. That said, time and time again privacy experts have warned anonymised data is not as ironclad as companies would have you believe.
Right now, the plan is to roll out the tech in two phases. The first will begin in mid-May and involves a developer API given out to public health institutions. In the following months, it’ll be updated so that the system runs directly on Android and iOS via software updates. That means billions of people could potentially receive notifications without ever downloading a separate app—that’s both impressive and potentially alarming given the practice of “covidwashing”, in which the location-data industry has been playing fast and loose with what is generally considered invasive products. But until the proposed tech has undergone extensive and public review by privacy experts, it’s a question of whether you trust Big Tech to keep their word and not slip workarounds into the fine print.