Apple and Google announced a system for tracking the spread of the new coronavirus, allowing users to share data through Bluetooth Low Energy (BLE) transmissions and approved apps from health organizations.
The new system, which is laid out in a series of documents and white papers, would use short-range Bluetooth communications to establish a voluntary contact-tracing network, keeping extensive data on phones that have been in close proximity with each other. Official apps from public health authorities will get access to this data, and users who download them can report if they’ve been diagnosed with COVID-19. The system will also alert people who download them to whether they were in close contact with an infected person.
This is a clever use of technology, but as always, what can be used for good, can also be used for evil. A technology like this certainly seems useful in our current worldwide predicament, but it’s not hard to imagine what can be done with it that might be more nefarious. That being said, it’s refreshing to see these companies working together for the good of their users for once, instead of the constant hostility towards users to create platform lock-in and shareholder value.
In any event, the APIs for this new system will arrive in iOS and Android over the coming months – through a regular OS update on iOS, and through Google Play on Android.
With so much potential for misuse, and given that mistrust could lead to some people choosing not to use the system, it’s great Google and Apple have taken privacy and interoperability seriously.
My interest is implementing the system on an alternative OS. Based on the white papers, there seems to be enough detail there to do this. The catch is that the specs only cover half of the system: they say nothing about the service-side parts, presumably because Google and Apple are expecting these to be implemented by public health authorities. So the public health authority would also need to provide a remote API to allow upload/download of keys in order for a non iOS/Android app/phone to be able to participate.
The other part which seems vague, from the slide deck, is the following: “Alice’s phone periodically downloads the broadcast beacon keys of everyone who has tested positive for COVID-19 in her region.”. The restriction to a region is necessary to keep the amount of data sensible, but there’s no way to determine regions based on the spec. Presumably therefore the servers will be regional, which means the approach won’t identify contact between people travelling across regions.
I can’t wait to see how our grand amazing holy supreme sultan here in Turkey will use this system next year to put his critics and opponents into jail on the grounds of “congregating with terrorists.”
With all the potential for abuse and serious privacy issues surrounding technology today, is this something we really need? I feel like this is just one more way for corporations and governments to track individuals. I personally have no intention of participating, assuming opting out will be an option if this happens.