Privacy tensions could turn Apple-Google contact tracing tech into a non-starter

by Caroline Bottger

The pandemic has created two unlikely Silicon Valley bedfellows: last week, tech giants Google and Apple unveiled the contact-tracing application programming interface (API) that they co-developed to help governments track the spread of COVID-19.

The tracking API uses a phone’s Bluetooth to track a user’s location against confirmed cases of the coronavirus, and notifies public health workers, who then notify the user with next steps. So far, 22 national governments and three U.S. states have signed up to build contact tracing apps using the API. But the partnership is already running into issues with government and public health officials alike.

On paper, the partnership makes sense: Apple’s and Google’s software is run on 40 percent of mobile phones worldwide. Furthermore, contact tracing is labor-intensive, requiring significant people power and hours to conduct in-person or telephone interviews. It’s “part public health work, and part investigation,” wrote Alejandro de la Garza in TIME. The opportunity to automate such a process would be a boon to fighting the virus.

But one challenge to successful implementation is privacy — with a twist. Traditionally, the European Union has been highly critical of these tech giants and their perceived casual attitude to data privacy. The day after the EU’s General Data Protection Regulation went into effect in May 2018, Facebook and Google were hit with $8.8 billion in fines for “coercing users into sharing personal data.” Now, with public health and safety at the top of the agenda, countries like France and the United Kingdom find themselves in a strange position: asking the tech giants to lower their privacy standards so they can collect more information from these contact-tracing apps so it can be stored in a central database to predict future outbreaks. Apple and Google say no: they want to process notifications on the user’s phone, not through a database. Such a misalignment, coupled with Apple’s history of not bowing to government pressure, could make collaboration difficult.

From a user perspective, there is also cause for concern: even when the outbreak ends and user need decreases, the software will live on. In China, public health officials are trying to figure out how to use collected health data to create a “personal health index” of its citizens, but were not clear about how the data would be used.

Furthermore, from a public health perspective, contact tracing is more than just asking questions. Tom Frieden, the former head of the US Centers for Disease Control and Prevention and the New York City Department of of Health and Mental Hygiene, told WIRED that “it [contact tracing] means actually talking to someone and answering their questions, addressing their needs and concerns, and building, earning, and maintaining their trust and confidentiality.” He doubted that software could replicate this relationship.

Lastly, the timing of the API’s release is not optimal. The coronavirus has moved too quickly and too widely for contact tracing to be useful during the virus’ peak. Contact tracing is most effective when the number of cases is low, and fewer people need to be interviewed. Shelter-in-place measures, which have restricted everyone to their homes, make contact tracing moot — at least for now. According to Dr. Frank Esper, a pediatric infectious disease specialist at the Cleveland Clinic Children’s Hospital, it will be more effective to reestablish contact tracing once the U.S. is on a “downslope”, and potentially counteract a second wave of infections in the fall.

Caroline Bottger is a freelance writer who writes on issues of technology, privacy, and security. 
The information and opinions reflected in this post have been gathered from news outlets around the web and do not reflect those of Patriot One Technologies. Likewise, representation of any person, technology, company or political view or opinion in this post should not be interpreted as an endorsement by Patriot One Technologies.
Many of the articles within the media pages of the website are 3rd party in origin and have been included for informative purposes only. Decisions to include articles are solely based on the timely nature of the storyline as it applies to the security industry in general and to the proliferation of threats to public safety in particular. The inclusion of these articles does not imply that PATRIOT ONE its management, agents or employees endorses any statements expressed. The public is advised to fully investigate any contentious claims or assertions prior to arriving at any conclusions. Any hyperlinks included in these articles does not imply that PATRIOT ONE monitors or endorses these websites. Accordingly, PATRIOT ONE accepts no responsibility for such websites. Additional information regarding exclusions and liability limitations are outlined here.