Apple and Google announced a system for tracking the spread of the new coronavirus, allowing users to share data through Bluetooth Low Energy (BLE) transmissions and approved apps from health organizations.
The new system, which is laid out in a series of documents and white papers, would use short-range Bluetooth communications to establish a voluntary contact-tracing network, keeping extensive data on phones that have been in close proximity with each other. Official apps from public health authorities will get access to this data, and users who download them can report if they’ve been diagnosed with COVID-19. The system will also alert people who download them to whether they were in close contact with an infected person.
This is a clever use of technology, but as always, what can be used for good, can also be used for evil. A technology like this certainly seems useful in our current worldwide predicament, but it’s not hard to imagine what can be done with it that might be more nefarious. That being said, it’s refreshing to see these companies working together for the good of their users for once, instead of the constant hostility towards users to create platform lock-in and shareholder value.
In any event, the APIs for this new system will arrive in iOS and Android over the coming months – through a regular OS update on iOS, and through Google Play on Android.
With so much potential for misuse, and given that mistrust could lead to some people choosing not to use the system, it’s great Google and Apple have taken privacy and interoperability seriously.
My interest is implementing the system on an alternative OS. Based on the white papers, there seems to be enough detail there to do this. The catch is that the specs only cover half of the system: they say nothing about the service-side parts, presumably because Google and Apple are expecting these to be implemented by public health authorities. So the public health authority would also need to provide a remote API to allow upload/download of keys in order for a non iOS/Android app/phone to be able to participate.
The other part which seems vague, from the slide deck, is the following: “Alice’s phone periodically downloads the broadcast beacon keys of everyone who has tested positive for COVID-19 in her region.”. The restriction to a region is necessary to keep the amount of data sensible, but there’s no way to determine regions based on the spec. Presumably therefore the servers will be regional, which means the approach won’t identify contact between people travelling across regions.
I can’t wait to see how our grand amazing holy supreme sultan here in Turkey will use this system next year to put his critics and opponents into jail on the grounds of “congregating with terrorists.”
With all the potential for abuse and serious privacy issues surrounding technology today, is this something we really need? I feel like this is just one more way for corporations and governments to track individuals. I personally have no intention of participating, assuming opting out will be an option if this happens.
And opting out will automatically mean opting into a suspects group.
It wouldn’t surprise me if you’re 100% correct there. For that matter, it wouldn’t surprise me if anyone who ever voiced a semi-strong opinion about privacy was also placed in that group. You know, because if people “have nothing to hide”, they shouldn’t have a problem with the govt. and/or corporations tracking their every physical movement, interaction, habits, preferences, and sequence of their DNA strands. Privacy concerns and lack of trust for govt & corporations is only for `guilty people`.
I have my raspberry pi -> pihole running and openvpn app installed on my android 10 handset, this to me is the only way to stay safe from all the prying and spying that Google and others implement, everyone with the ability to do so should do the same asap.
I’m the total opposite – I’m a software developer since 15 years, and I did not use a smartphone so far. Just a 20-year-old Nokia if I really need to. I spend enough time on real (= big) screens with real (= tactile) keyboards, real (= cabled) networks and real (= Free Software) operating systems on real (= 10+ year lasting) hardware that smartphones just never felt like anything I’d want to have. A Pinephone with PostmarketOS, maybe.
But when the whole data tracking can finally be used for a good purpose like having a functioning society without Covid-19 bringing down health systems, then this is the first good reason that might make me actually get some kind of Android phone.
Put your simcard in a dumb-phone, no apps there.
For all the people worrying about privacy….isn’t the fact that this is being discussed actually good news? Doesn’t this prove that there were no such backdoors available yet?
Of course we should be very careful about this as well, but let’s see how this is going to work out. Let’s think about serious positive and negatives of such functionality and give feedback to such projects/companies instead of just “noping” it because privacy!
For Dutch people or people that know how to use translation services or subtitles: https://www.youtube.com/watch?v=S2g0GiCHyJE