Say yes if you like Tim Cook and Sundar Pichai!
Just when you were wondering why the world’s biggest tech companies weren’t doing more to fight the coronavirus pandemic, Apple and Google made a big announcement: They are joining forces to build an opt-in contact-tracing tool using Bluetooth technology that could help public health officials track the spread of Covid-19, the disease caused by the novel coronavirus. The new tool brings with it not only hope for a quicker end to the pandemic, but also a host of privacy and security concerns.
The contact-tracing tool Apple and Google want to create would have your smartphone log when you’ve come into close contact with other people. If one of those people later reports Covid-19 symptoms to a public health authority, your phone would receive an alert about the diagnosis. It works a bit like exchanging contact information with everyone you meet, except everything is designed to be anonymous and automatic.
Once it’s equipped with this new contact-tracing software, your smartphone will periodically exchange anonymized tracing keys with nearby devices via Bluetooth. The phone maintains a list of keys collected from people you have come in contact that with stays on your device, not a server, unless you test positive for coronavirus and report your diagnosis. If that happens, your phone will then upload those keys to a server that will send alerts to the owners of recently collected keys. The alert will not reveal who’s infected — in this example, that’s you — but it will share information for what people who were in proximity to you should do next.
Those are the broad strokes of what’s sure to be a very complex public-health-focused surveillance system. It represents an unprecedented partnership between two competing tech giants, one that could forever change the way our devices talk to each other. (Apple and Google say that the new contact-tracing tool will work between iPhones and Android phones.) The Bluetooth-based approach also draws on beacon technology that’s already in use in retail environments — and is already a concern for privacy advocates. Understanding the privacy and security implications of this new coronavirus contact-tracing technology will take time. The tool will start rolling out in May.
How it’s built
An important thing to understand about this system is that Apple and Google aren’t doing this by themselves. The two companies are building a set of tools, known as an application programming interface (API), that lets iOS and Android apps communicate with each other. The companies are also partnering with public health organizations to build apps for contact tracing, though they haven’t revealed exactly which ones are participating just yet.
In the first phase of the tool’s release, which will start around mid-May, Google and Apple will push updates to their mobile operating systems that will let iOS and Android apps become interoperable. The companies will also release the APIs so that public health authorities can then build apps that support Bluetooth-based contact tracing through the exchange of anonymized keys. People can choose to download those apps, which will be free and publicly available in the Apple App Store and Google Play Store. And again, these apps will be built on updated operating systems that let iPhones and Android devices talk to each other, so contact tracing won’t be restricted if you’re near someone who has a different kind of phone. The whole system is opt-in.
The tool’s second phase will involve another update to iOS and Android which will allow the device to broadcast anonymized keys through Bluetooth without needing an app. While Apple and Google still say that users opt in to broadcast your anonymized key, the only way to opt out of having this functionality on their phone in the first place is not to download the software update at all. This might not be ideal for people who want to update their software but don’t want this functionality in their devices, but building it into the phones’ operating systems was necessary to ensure that the contact-tracing system can run 24 hours a day, rather than only when a particular app is open. Either way, if someone tests positive for the coronavirus, they must download an app to notify their recent contacts that they’ve been exposed. So it’s safe to say that the more sensitive aspects of the system are opt-in.
“This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities,” Apple and Google in a press release. “Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders.”
To protect users’ privacy, Apple and Google say they will build this system while keeping people’s identities anonymous throughout the process. That’s because the companies say they won’t build a database of who has Covid-19 and with whom those people been in contact. That information will be stored on the users’ phones only, except for the server a coronavirus-positive user uploads their status to. The cryptographic keys are temporary and anonymous, refreshing every 15 minutes. Meanwhile, both companies say they plan to release regular reports on the program’s progress.
Only public health authorities will be allowed to access the API to build these apps. Apple and Google did not respond to request for comment on which public health authorities they are working with or which expect to take advantage of the new feature, but it seems it will be limited to governing bodies only. Britain’s National Health Service is rumored to be working with the companies on its own app.
Apple and Google has released technical specifications and other details about the project in press releases. Though it will take some time to sift through these details, the tool’s announcement has definitely caught the attention of privacy experts, who broadly seem hopeful about the anonymized, decentralized nature of what Apple and Google are building.
How it works, in theory
Which brings us back to how the tool might actually work. In their announcement, Apple and Google mapped out a hypothetical scenario that does a good job of explaining the broad strokes of the contact-tracing process. It involves two people named Alice and Bob.
Alice and Bob meet each other for the first time while sitting on a bench for a brief conversation. Because they’ve installed the new Apple and Google technology, their phones exchange anonymized tracing keys (think of these as contact info files with a unique identifier instead of a person’s contact info). These keys indicate that Alice and Bob have been in contact, and because they’ve opted in to the Apple and Google contact tracing system, this exchanging of keys happens automatically.
A few days later, Bob finds out he’s positively diagnosed with Covid-19, and he updates an app with that information. With Bob’s consent, the app then sends an alert to everyone with whom Bob exchanged keys in the last 14 days. Alice is one of these folks, so she gets a notification that she’s been in contact with someone who has Covid-19. The notification also includes information about what Alice should do next, like go get tested herself.
As captivating as these drawings are, they represent a complex marriage of technology and design. That doesn’t mean that the contact-tracing system can’t work as advertised, but there are, so far, an unknown number of caveats that will come with its potential success. One big hurdle: There will have to be a widespread adoption of the technology and the apps for it to be effective — at least 60 percent, according to one study. There are also plenty of people who don’t have smartphones or the know-how to download and use new apps who won’t be participating. And there are currently major issues with the availability of testing so people can know if they have coronavirus in the first place.
How privacy matters
In announcing this new initiative, both Apple and Google have stressed that users have to consent to participate in contact tracing, that the apps won’t collect personally identifiable information, and that people who test positive aren’t identified to anyone else. Still, organizations such as the American Civil Liberties Union (ACLU) have raised privacy concerns about such contact-tracing systems — which are already being widely used in other countries such as South Korea, China, and Singapore.
“To their credit, Apple and Google have announced an approach that appears to mitigate the worst privacy and centralization risks, but there is still room for improvement,” Jennifer Granick, ACLU surveillance and cybersecurity counsel, wrote in a public statement on Friday. “We will remain vigilant moving forward to make sure any contract tracing app remains voluntary and decentralized, and used only for public health purposes and only for the duration of this pandemic.”
And that’s another looming question: Just how long will Apple and Google leave these contact-tracing tools embedded in their mobile operating systems? After all, if this technology can be used to track who you’ve been in contact with, it seems possible that it could also be coopted for commercial purposes or even for government surveillance. As Bennett Cyphers, staff technologist at the Electronic Frontier Foundation, said to Recode, “We don’t want anything to be built into the OS that’s going to be turned on forever.”
There are also questions about the accuracy of Bluetooth. Some have worried that Bluetooth could yield false positive matches, though it’s not yet clear exactly how Apple and Google will implement the proximity features of Bluetooth LE technology. Others have raised concerns about the location accuracy of contact-tracing mobile apps in general. Furthermore, for the tool to be most effective, a plurality of people must opt in to using it. The big test of this project’s success will be how widespread the adoption of this contact-tracing tool becomes, and if that will be enough to impact the course of this pandemic’s trajectory significantly.
There’s still a lot we don’t know about how the Apple-Google tool will work in practice. We’ll learn more in the weeks to come, after the companies roll out the APIs and public health authorities start releasing contact-tracing apps. But regardless of potential drawbacks, this tool represents one of the most ambitious private-public partnerships in recent history. It’s the beginning of a new future where tech companies are injecting their resources into a public health crisis, not only leveraging their power in a tremendous way but also raising questions about how this power will change society for years to come.