The recently unveiled collaborative effort would use Bluetooth technology to automate contact tracing, a process of identifying and following up with people who may have come into contact with a person infected by a pathogen such as the COVID-19 virus. In mid-May, as Time reports, iPhone and Android users would be able to download the companies’ contact-tracing apps, which would share their data anonymously and be run by public health officials. In the subsequent months, Apple and Google would build a voluntary contact-tracing feature into their operating systems themselves, eliminating the need to download an app.
Governments across the globe have been trying out contact-tracing apps to stem the pandemic, including in Singapore and the United Kingdom. An MIT lab that developed a prototype Bluetooth contact-tracing tool had been calling on Apple and Google for weeks to streamline access to users’ location data. But privacy advocates have said they’re worried that the extra surveillance will continue long after COVID-19 subsides.
Jennifer Granick, surveillance and cybersecurity counsel for the American Civil Liberties Union, credited Apple and Google for “an approach that appears to mitigate the worst privacy and centralization risks,” but noted that “there is still room for improvement.” She said in a statement, “We will remain vigilant moving forward to make sure any contact tracing app remains voluntary and decentralized, and used only for public health purposes and only for the duration of this pandemic.”
Moxie Marlinspike, creator of the encrypted messaging app Signal, has also expressed concerns that the announced system could open up cybersecurity risks, as Ars Technica reports. Former Federal Trade Commission chief technologist Ashkan Soltani cautioned that the system could lead to both false positives and false negatives, notes TechCrunch.
Others raised further red flags, as Politico reports. “Phone data has NEVER been proven secure and the chance of release is above 0%,” noted Sergio Caltagirone, vice president of threat intelligence for cybersecurity firm Dragos. “In fact, this is so juicy I'd argue there will be lots of baddie[s] who are interested in finding ways to leak this.” University of Texas at Austin cyber fellow Matt Tait detailed an array of possible flaws in the system.
Josephine Wolff, an assistant professor of cybersecurity policy at The Fletcher School at Tufts University, told CNBC that “the really important question [will be] how do we limit this use of information so it doesn’t turn into a mass invasion of privacy long term?”
Both companies have insisted that they will not allow governments to force citizens to use the contact-tracing software.