The big tech news to end last week was that Apple and Google have agreed to a partnership that will enable health authorities to better track COVID-19 patients and alert people who’ve been in contact with them, which could provide significant help in containing the virus.
The process would work like this:
- Apple and Google will provide tools that will enable combined device tracing across both iOS and Android devices, which will mean that no matter what device a person is using, a central process will be able to track it, based on proximity signals via Bluetooth
- Health authorities will then be able to develop apps that can trace which users have been in close contact with others. The process will be opt-in and will require users to download a new, official app
- If a person is found to have COVID-19, they’ll be able to log that in the app, via a code from a health authority, which will then alert all other app users who’ve been in contact with them that they are at risk and need to self-isolate.
Google provided this visual overview of the proposed system:
It’s a good idea, which somewhat mirrors similar solutions in place in other regions – though there are some limitations to the process, and some concerns as to where it takes us, in terms of personal tracking.
First off, the good news – this system would enable significantly better tracking of COVID-19 patients on an individual level, and with 1.5 billion active iOS devices in circulation, and 2.5 billion active Android devices, the potential coverage base is massive.
These are the most popular mobile device operating systems in the world, by a big margin, and the capacity to be able to trace users on both will enable widespread alerting – which could, theoretically, significantly help to contain the virus’ spread, and enable us to get back to some semblance of normal life faster.
It’s also pretty amazing to see Apple and Google working together. Both companies have been notoriously critical of one another, with Apple CEO Tim Cook regularly taking aim at both Google and Facebook over their questionable privacy practices. To see the two come together to benefit the greater good is a significant development – but yet, there are some issues that could limit the effectiveness of the proposal.
One thing that will limit the effectiveness of this process will be the fact that people need to download another app, and it’ll require widespread take-up of that app to be effective.
Both companies are looking to respect user privacy, and the requirement to download a separate app is, essentially, a measure of consent. In doing so, you’ll be agreeing to let Google and Apple share your mobile identifier for this purpose – this is not your location data, as such, but a digital marker can be cross-matched against other devices that have been in your vicinity.
The extra step in this respect makes sense, but if only a small portion of people go to the effort of downloading the specific app, it will render the system largely irrelevant. If, for example, you go to the local shops, and you’re the only one who’s downloaded the app, that won’t be much help in an alerting sense.
So how, then, do health authorities ensure optimal take-up?
In China, they’ve seen some level of success with a somewhat similar system – though the difference is that they’ve integrated the process into existing apps WeChat and AliPay. These apps are used for everything in China, from buying groceries to doing your banking – which also provides Chinese authorities with an extra level of control. To limit the spread, they’ve assigned color codes to people based on their COVID-19 risk, which restricts their capacity to move freely as a result.
The integration with already popular apps enables Chinese authorities to better monitor and track citizens’ movements, and limit such through this process – though even then, it’s not foolproof, despite utilizing a far wider-reaching system.
Health authorities in other nations could look for similar options – they could, for example, restrict people’s movements based on them downloading and using the app, subject to random checks, but that likely won’t be as easy to implement in western regions.
It’s a challenge that will need to be thought through – but the thing is, Apple and Google are already tracking this type of data among the vast majority of their users, and could provide it without needing a separate app. It would open up a lot more privacy questions, of course, but the combined database would already have much of this info, without needing any extra steps.
Research shows that up to 90% of smartphone users have location services switched on at all times, as it comes in handy for maps, tracking your daily jog, interactive games like Pokemon Go, etc. That means that Google and Apple have this info already, and they could, theoretically, create a system that alerts all users within a certain proximity of someone found to be carrying COVID-19.
A more authoritarian system might see doctors require patients who are infected with the virus to register their condition via their device, which would subsequently alert all users who’ve been anywhere near them. A combined Google and Apple data net would see such an alert reach virtually everybody at risk, and they could do this without any extra steps – though it would significantly overstep the bounds of user privacy.
that leads to the next issue…
The concern here is that a combined Android/iOS data net covers pretty much everyone in most connected regions across the world, and would give whomever can access it the most advanced personal tracking tool in history.
That would be of significant interest to governments, who would be keen to use such to track criminal gangs, blackmarket rings – anyone that they might choose to hone in on.
Privacy advocates have been sounding the alarm bells about such tools being developed in times of crisis, because as The New York Times recently noted, once a privacy back door like this has been opened, it can be very difficult to close it again after the need subsides.
As per NYT:
“Ratcheting up surveillance to combat the pandemic now could permanently open the doors to more invasive forms of snooping later. It is a lesson Americans learned after the terrorist attacks of Sept. 11, 2001, civil liberties experts say. Nearly two decades later, law enforcement agencies have access to higher-powered surveillance systems, like fine-grained location tracking and facial recognition – technologies that may be repurposed to further political agendas like anti-immigration policies.”
In the case of granular location tracking, this could facilitate increasingly complex systems of tagging and monitoring citizens, with limited transparency as to how such are being utilized. Combining the Android and iOS systems is massive, and will have many looking for ways in, which is a risky proposition, despite its significant potential benefits.
This is where the proposal is somewhat uncomfortable. Yes, this system could be hugely beneficial if they’re able to prompt mass user take-up of the relevant health authority app, or apps. But it mightn’t provide much help if they can’t, while the creation of a process that provides connective access to both the iOS and Android networks, in any form, is a significant step towards the next level of potential mass surveillance.
That’s not to say Google or Apple will let that happen, but as the crisis goes on, there will be pressure on both to create tools that utilize their existing systems in this way, aside from this separate proposal.
It also underlines, once again, the massive data the tech giants have on us – and theoretically, Facebook could also create a similar alert system, tracking who you’ve been in contact with and when, and correlating that with positive COVID-19 tests.
Even if these tools don’t fall into the wrong hands, they do already exist, and they are being used by corporations for profit.
It’s a concerning situation, and one that could get significantly more so if this leads to enhanced data tracing as a result.