In a surprising turn of events, tech giants Apple and Google have joined forces to develop a contact-tracing tool aimed at notifying individuals who have come into contact with someone carrying Covid-19. This collaboration raises questions about privacy, security, and the effectiveness of the tool. Let’s dive into the details and explore whether we can trust this initiative.
Contact-tracing, a pivotal strategy in curbing the spread of pathogens like Covid-19, involves identifying and isolating individuals who have been in contact with an infected person. Typically, someone who tests positive reports their recent whereabouts to a health authority, which then notifies those who may have been exposed. The digital version of this process, facilitated by apps, has proven successful in East Asian countries like Singapore, South Korea, and Taiwan.
How It Works: The Tech Behind It
Apple and Google’s tool, inspired by Singapore’s TraceTogether app, utilizes Bluetooth to estimate the distance between phones with the app. Notably, it doesn’t collect GPS or Wi-Fi data.What it does is, it encrypts anonymous IDs, which are exchanged between devices, stores locally and decrypts by a public-health authority only with user consent. Privacy measures include changing IDs every 15 minutes.
Privacy Concerns and Safeguards
While Google and Apple have made efforts to prioritize privacy, certain vulnerabilities exist. The voluntary nature of the process and decentralized storage of information are commendable, but potential issues persist.
- Bluetooth Insecurity: Bluetooth signals can be imitated or harvested, compromising the system’s trustworthiness.
- Exposure Criteria: The criteria for what constitutes exposure remains unclear, impacting the tool’s effectiveness.
- Testing Challenges: The success of the tool depends on widespread testing, an obstacle currently faced, particularly in the U.S.
Can We Trust This Contact Tracing System?
Undoubtedly, user trust is crucial for the success of this contact-tracing app. Google and Apple have emphasized privacy, voluntariness, and decentralized data storage. However, addressing the existing vulnerabilities is vital for winning public confidence. As Jennifer Granick from the ACLU rightly pointed out, “People will only trust these systems if they protect privacy, remain voluntary, and store data on an individual’s device, not a centralized repository.”