Apple and Google are two of the richest, fiercest and most successful competitors in Silicon Valley, and they have been at it for more than two decades. But the COVID-19 pandemic has brought them together on a rare occasion for a common project: how to help health care experts track patterns of exposure to the coronavirus using Bluetooth, normally used to connect device owners’ wireless speakers and keyboards.
However, along with its important purpose, the project is fraught with potential snags involving personal health care and geo-tracking data that could become problems in the future, according to data privacy advocates.
Google and Apple are working on a platform to enable contact tracing, a way to quantify data that identifies people who have been exposed to the virus and with whom they have been in contact, the companies revealed April 10. Starting in May, the two IT giants will release application programming interfaces (APIs) that enable interoperability between Android and iOS devices using apps from public health authorities. These official apps will be available for users to download via their respective app stores.
APIs first, then mobile apps planned
The APIs will be followed by a comprehensive Bluetooth platform in the following months to which users will be able to opt in. This will be a robust application that would allow the public at large to participate, if they choose to do so; it also will enable interaction with a broader ecosystem of apps and government health authorities.
“All of us at Apple and Google believe there has never been a more important moment to work together to solve one of the world’s most pressing problems,” the companies said in a joint media advisory. “Through close cooperation and collaboration with developers, governments and public health providers, we hope to harness the power of technology to help countries around the world slow the spread of COVID-19 and accelerate the return of everyday life.”
Here’s how it would work, from a user’s standpoint:
- A smartphone owner who tests either positive or negative for the coronavirus can input their result into an app from a public health authority, which will feed into an anonymous "identifier beacon," according to an explanation from Google.
- Users then upload their identifier records to the cloud, following which they will receive a notification if they have been exposed to anyone who has tested positive for the virus.
- That identifier will then be anonymously exchanged with anyone the user comes into contact with who also has the service enabled.
So, if you’re sitting, standing or walking in the vicinity of a person with this information stored on his/her phone, you will get a notification of his/her infection or non-infection. It’s then up to you how you might want to interact with—or completely avoid—that person.
Multiple security concerns raised
An important question is this: How many people will use this app, and since there are always a high percentage of smartphone users who won’t opt in to something like this, how effective can it be, knowing that anybody can be carrying the virus and may or may not be identifiable with such an app? Of course, there’s no way to predict how many people will buy in to using an app like this, and neither company is volunteering to guess.
Health care authorities around the world have identified contact tracing as one of the key solutions to stop the rapid spread of the coronavirus, with several governments around the world, including Israel, Thailand and Hong Kong, using technology to track exposure and enforce quarantines, CNN reported. Still, an app such as this would need to be pervasive among the population to be successful.
Naturally, the project has raised the concerns of data privacy advocates and health care IT specialists because it does involve personal health information, mobile devices, security, public agencies and the internet—a potentially combustible security-risk combination at the least. They also have concerns in general with contact tracing technology, contending that it could potentially be used as a surveillance tool once the pandemic is over. Others have also expressed doubts about the effectiveness of Bluetooth-enabled contact tracing.
One also could legitimately wonder if a project of this kind could develop some security problems over time with personal health information that might be difficult at best to patch and repair. However, “privacy, transparency, and consent are of utmost importance in this effort and we look forward to building this functionality in consultation with interested stakeholders. We will openly publish information about our work for others to analyze,” Apple said in a media advisory.
What a legal data privacy expert contends
Attorney Andrew Pery of ABBYY has been researching and following ethical use of technology (AI, machine-learning data, etc.) and has written on the topic for the AIIM association and is currently writing a book on AI ethics for the American Bar Association. ABBYY is a multinational software company that specializes in document capture and optical character recognition.
“The use of tracing mobile apps could have far-reaching implications long after the curve is finally flattened and we’re back to ‘normal’ lives,” Pery told eWEEK in a media advisory. “Ethical use of AI and mobile apps ought to be considered not only a legal but as a moral obligation. It must be medically necessary and determined by public health experts.
“Additionally, processing of personal data must be proportionate to the actual need. Furthermore, if tech companies are going to develop tracing apps for ‘public interest,’ then they need to have ethical considerations to secure trust and adoption: guarantee equal access and treatment, address privacy concerns, and address data usage concerns.”
Apple and Google already track users with their phones if those users have their geo-positioning service turned on—and most users never turn it off.
The argument for mobile tracing apps for coronavirus data is that there is empirical evidence to suggest that the application of rigorous wide-scale testing coupled with the application of mobile technology can blunt and control infection and mortality rates associated with COVID-19, Pery said.
“For example, Facebook, by virtue of its 'Data for Good' project, is designed to track movements of people to measure and anticipate potential outbreaks, and in the coronavirus context, researchers and nonprofits can use the maps, which are built with aggregated and anonymized data that people opt in to share, to understand and help combat the spread of the virus,” Pery said.
“The argument against mobile tracking applications [is that they] represent an unwelcome intrusion to privacy, given that the proposed COVID-19 digital containment application will likely require wide-scale adoption and data subject consent. GDPR offers provisions to work around PII [personally identifiable information] when it is grounds for public interest,” Pery said.
“Apart from the balancing of privacy rights with public interest, it is incumbent on the technology sector and on policy makers to implement ethically sound, transparent and fair guidelines relating to the use of AI driven profiling and sharing highly sensitive health information.”
Data protection pro offers his take
Russell P. Reeder, CEO of cloud-based data protection company Infrascale, told eWEEK he believes the Apple/Google COVID-19 tracking technology will never work as an opt-in solution.
“It’s great to see Apple and Google come together to create a solution that we could all use to track when/if we’ve come in contact with someone that within two weeks tests positive with COVID-19," Reeder wrote in an email. "There are also encryption technologies available to help maintain ownership and privacy of your data. While all of the pieces seem to be in place and technically speaking, it is not complicated to do, it will never work as an opt-in solution.
“Partial location data of some people and partial COVID-19 data of others will create a system that could actually do more harm than good, as people will grow to trust incorrect data. As Americans, we have the Fourth Amendment that protects us from unreasonable search and seizures, as well as many statutory laws like HIPAA that protect our health information, and the FTC that enforces our consumer privacy rights. Our right to privacy will have to be balanced with the underlying threat posed to us in interest of public safety and improving the quality of life, much like our speed limits and seat-belt laws. Before people get upset about these potential digital solutions, they have to remember that most of us have been forced to stay at home by law for our own safety.”
Why Manual Contact Tracing Doesn't Work
In late March, a research team at the University of Oxford, writing in the journal Science, said the spread of the coronavirus is “too fast to be contained by manual contact tracing,” and a Bluetooth-like technology would be needed to complement it. Such an app could “replace a week’s work of manual contact tracing with instantaneous signals transmitted to and from a central server,” they wrote.
“The intention is not to impose the technology as a permanent change to society, but we believe it is under these pandemic circumstances [that] it is necessary and justified to protect public health,” researchers said.
eWEEK will keep a close eye on developments in this sector and file periodic reports.