Just when you were wondering why the world’s biggest tech companies weren’t doing more to fight the coronavirus pandemic, Apple and Google made a big announcement.
They are joining forces to build an opt-in contact-tracing tool using Bluetooth technology that could help public health officials track the spread of Covid-19, the disease caused by the novel coronavirus. The new tool brings with it not only hope for a quicker end to the pandemic, but also a host of privacy and security concerns.
The contact-tracing tool Apple and Google want to create would have your smartphone log when you’ve come into close contact with other people. If one of those people later reports Covid-19 symptoms to a public health authority, your phone would send you an alert. It works a bit like exchanging contact information with everyone you meet, except everything is designed to be anonymous and automatic. Instead of contact info, your smartphone will periodically exchange anonymized tracing keys with nearby devices. Both devices maintain a list of the keys they’ve collected on a cloud server, and when one person reports an infection, they have the option of sending an alert to people they’ve recently been in contact with. That alert will share information for what those people should do next.
Those are the broad strokes of what’s sure to be a very complex public-health-focused surveillance system. It represents an unprecedented partnership between two competing tech giants, one that could forever change the way our devices talk to each other. (Apple and Google say that the new contact-tracing tool will work between iPhones and Android phones.) The Bluetooth-based approach also draws on beacon technology that’s already in use in retail environments — and is already a concern for privacy advocates. Understanding the privacy and security implications of this new coronavirus contact-tracing technology will take time, but based on what we know now, the tool will start rolling out soon.
How it’s built
An important thing to understand about this system is that Apple and Google aren’t doing this by themselves. The two companies are building a set of tools, known as an application programming interface (API), that lets iOS and Android apps communicate with each other.
In the first phase of the tool’s release, which will start around mid-May, Google and Apple will release the APIs so that public health authorities can then build apps that will be publicly available in the Apple App Store and Google Play Store. People can choose to download those apps — and again, these apps will let iPhones and Android phones talk to each other.
The tool’s second phase will roll out over the next several months. Apple and Google plan to build contact-tracing functionality into the operating systems of the phones themselves, which might sound a little tricky for folks who worry about being tracked without their consent. As the New York Times points out, by building the tool directly into the operating system, Apple and Google effectively ensure that the contact-tracing system can run 24 hours a day, rather than only when a particular app is open.
“This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities,” the companies said in a press release. “Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders.”
To protect users’ privacy, Apple and Google say they will build this system while keeping people’s identities anonymous throughout the process. That’s because the companies say they won’t build a database of who has Covid-19 and whom they’ve been in contact with. Instead, they’ll store that information in temporary, anonymous cryptographic keys that refresh every 15 minutes. Meanwhile, all participation in contact tracing will be opt-in, and both companies say they plan to release regular reports on the program’s progress.
Apple and Google released technical specifications and other details about the project in press releases on Friday morning. Though it will take some time to sift through these details, the tool’s announcement has definitely caught the attention of privacy experts, who broadly seem hopeful about the anonymized, decentralized nature of what Apple and Google are building.
How it works, in theory
Which brings us back to how the tool might actually work. In their announcement, Apple and Google mapped out a hypothetical scenario that does a good job of explaining the broad strokes of the contact-tracing process. It involves two people named Alice and Bob.
Alice and Bob meet each other for the first time while sitting on a bench for a brief conversation. Because they’ve installed the new Apple and Google technology, their phones exchange anonymized tracing keys (think of these as contact info files with a unique identifier instead of a person’s contact info). These keys indicate that Alice and Bob have been in contact, and because they’ve opted in to the Apple and Google contact tracing system, this exchanging of keys happens automatically.
Originally Publish at: https://www.vox.com/