Just when you were wondering why the world’s biggest tech companies weren’t doing more to fight the coronavirus pandemic, Apple and Google made a big announcement: They are joining forces to build an opt-in contact-tracing tool using Bluetooth technology that could help public health officials track the spread of Covid-19, the disease caused by the novel coronavirus. The new tool brings with it not only hope for a quicker end to the pandemic, but also a host of privacy and security concerns.
The contact-tracing tool Apple and Google want to create would have your smartphone log when you’ve come into close contact with other people. If one of those people later reports Covid-19 symptoms to a public health authority, your phone would send you an alert. It works a bit like exchanging contact information with everyone you meet, except everything is designed to be anonymous and automatic.
Instead of contact info, your smartphone will periodically exchange anonymized tracing keys with nearby devices. Both devices maintain a list of the keys they’ve collected on a cloud server, and when one person reports an infection, they have the option of sending an alert to people they’ve recently been in contact with. That alert will share information for what those people should do next.
Those are the broad strokes of what’s sure to be a very complex public-health-focused surveillance system. It represents an unprecedented partnership between two competing tech giants, one that could forever change the way our devices talk to each other.
(Apple and Google say that the new contact-tracing tool will work between iPhones and Android phones.) The Bluetooth-based approach also draws on beacon technology that’s already in use in retail environments — and is already a concern for privacy advocates. Understanding the privacy and security implications of this new coronavirus contact-tracing technology will take time, but based on what we know now, the tool will start rolling out soon.
How it’s built
An important thing to understand about this system is that Apple and Google aren’t doing this by themselves. The two companies are building a set of tools, known as an application programming interface (API), that lets iOS and Android apps communicate with each other.
In the first phase of the tool’s release, which will start around mid-May, Google and Apple will release the APIs so that public health authorities can then build apps that will be publicly available in the Apple App Store and Google Play Store. People can choose to download those apps — and again, these apps will let iPhones and Android phones talk to each other.
The tool’s second phase will roll out over the next several months. Apple and Google plan to build contact-tracing functionality into the operating systems of the phones themselves, which might sound a little tricky for folks who worry about being tracked without their consent. As the New York Times points out, by building the tool directly into the operating system, Apple and Google effectively ensure that the contact-tracing system can run 24 hours a day, rather than only when a particular app is open.
“This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities,” the companies said in a press release. “Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders.”
To protect users’ privacy, Apple and Google say they will build this system while keeping people’s identities anonymous throughout the process. That’s because the companies say they won’t build a database of who has Covid-19 and whom they’ve been in contact with. Instead, they’ll store that information in temporary, anonymous cryptographic keys that refresh every 15 minutes. Meanwhile, all participation in contact tracing will be opt-in, and both companies say they plan to release regular reports on the program’s progress.
Apple and Google released technical specifications and other details about the project in press releases on Friday morning. Though it will take some time to sift through these details, the tool’s announcement has definitely caught the attention of privacy experts, who broadly seem hopeful about the anonymized, decentralized nature of what Apple and Google are building.
How it works, in theory
Which brings us back to how the tool might actually work. In their announcement, Apple and Google mapped out a hypothetical scenario that does a good job of explaining the broad strokes of the contact-tracing process. It involves two people named Alice and Bob.
Alice and Bob meet each other for the first time while sitting on a bench for a brief conversation. Because they’ve installed the new Apple and Google technology, their phones exchange anonymized tracing keys (think of these as contact info files with a unique identifier instead of a person’s contact info). These keys indicate that Alice and Bob have been in contact, and because they’ve opted in to the Apple and Google contact tracing system, this exchanging of keys happens automatically.
A few days later, Bob finds out he’s positively diagnosed with Covid-19, and he updates an app with that information. With Bob’s consent, the app then sends an alert to everyone with whom Bob exchanged keys in the last 14 days. Alice is one of these folks, so she gets a notification that she’s been in contact with someone who has Covid-19. The notification also includes information about what Alice should do next, like go get tested herself.
As captivating as these drawings are, they represent a complex marriage of technology and design. That doesn’t mean that the contact-tracing system can’t work as advertised, but there are, so far, an unknown number of caveats that will come with its potential success.
How privacy matters
In announcing this new initiative, both Apple and Google have stressed that users have to consent to participate in contact tracing, that the apps won’t collect personally identifiable information, and that people who test positive aren’t identified to anyone else. Still, organizations such as the American Civil Liberties Union (ACLU) have raised privacy concerns about such contact-tracing systems — which are already being widely used in other countries such as South Korea, China, and Singapore.
“To their credit, Apple and Google have announced an approach that appears to mitigate the worst privacy and centralization risks, but there is still room for improvement,” Jennifer Granick, ACLU surveillance and cybersecurity counsel, wrote in a public statement on Friday. “We will remain vigilant moving forward to make sure any contract tracing app remains voluntary and decentralized, and used only for public health purposes and only for the duration of this pandemic.”
And that’s another looming question: Just how long will Apple and Google leave these contact-tracing tools embedded in their mobile operating systems? After all, if this technology can be used to track who you’ve been in contact with, it seems possible that it could also be coopted for commercial purposes or even for government surveillance. As Bennett Cyphers, staff technologist at the Electronic Frontier Foundation, said to Recode, “We don’t want anything to be built into the OS that’s going to be turned on forever.”
There are also questions about the accuracy of Bluetooth. Some have worried that Bluetooth could yield false positive matches, though it’s not yet clear exactly how Apple and Google will implement the proximity features of Bluetooth LE technology. Others have raised concerns about the location accuracy of contact-tracing mobile apps in general. Furthermore, for the tool to be most effective, a plurality of people must opt in to using it. The big test of this project’s success will be how widespread the adoption of this contact-tracing tool becomes, and if that will be enough to impact the course of this pandemic’s trajectory significantly.
There’s still a lot we don’t know about how the Apple-Google tool will work in practice. We’ll learn more in the weeks to come, after the companies roll out the APIs and public health authorities start releasing contact-tracing apps. But regardless of potential drawbacks, this tool represents one of the most ambitious private-public partnerships in recent history. It’s the beginning of a new future where tech companies are injecting their resources into a public health crisis, not only leveraging their power in a tremendous way but also raising questions about how this power will change society for years to come.