As part of this new initiative, the companies are expected to release an API that public agencies can integrate into their apps. The next iteration will be a built-in system-level platform that uses Bluetooth low energy (BLE) beacons to allow for contact tracing on an opt-in basis.
The APIs are expected to be available mid-May for Android and iOS, with the broader contact tracing system set to roll out "in the coming months."
"Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders," the companies said.
The rare collaboration comes as governments worldwide are increasingly turning to technology such as phone tracking and facial recognition to battle the virus and contain the coronavirus outbreak.
Apple has also launched a new web page announcing the feature, which details the preliminary Bluetooth specifications, cryptography specifications, and the framework API, the contact tracing system will be based on.
Zero Use of Location Data
Unlike existing apps developed by different countries that use real-time location tracking to enforce quarantine rules, the proposed system doesn't involve tracking user locations or other identifying data.
Instead, it leverages BLE beacons to identify if an individual has been around other people who have tested positive COVID-19, thus ensuring that personal privacy is not compromised.
Both Apple and Google have emphasized that users will have to provide their explicit consent for it to work. This also means that for it to be effective, millions of people would need to opt-in, necessitating that Apple and Google build adequate privacy safeguards before it's rolled out to the masses.
According to a white paper released by Google, here's how such a system might work:
- When two people come in close contact for a certain period of time (say 10 minutes or more), their phones will exchange anonymous identifier beacons. The identifiers rotate every 15 minutes and have no personally identifiable information.
- If one of the two is positively diagnosed for COVID-19, that infected person can enter the test result into an app from a public health authority that has integrated the aforementioned API.
- Then, the infected person can consent to upload the last 14 days of his or her broadcast beacons to the system.
- Any other person who has been in close proximity to the individual tested positive will then be alerted if there exists a beacon on the device that matches the broadcast beacons of everyone who has tested positive for COVID-19 in the region.
- The app then provides the individual with information about the next steps.
"This model places less trust in a central authority, but it creates new risks to users who share their infection status that must be mitigated or accepted," the Electronic Frontier Foundation (EFF) said about the proposal.
"Full transparency about how the apps and the APIs operate, including open source code, is necessary for people to understand, and give their informed consent to the risks," it added.
Apple and Google's system is along the lines of TraceTogether, an app developed by Singapore government officials to enable contact tracing via Bluetooth.
The app, now open-sourced, uses Bluetooth Relative Signal Strength Indicator (RSSI) readings between devices to determine the proximity and duration of an encounter between two individuals. The records of encounters are stored in their respective phones for 21 days.
Apps like COVID-Watch and MIT's Private Kit: Safe Paths, likewise, rely on a mix of GPS and Bluetooth data to track people who've crossed paths with another over a rolling period of 14 days.
That's not all. A group of academics from European research institutions has proposed a decentralized system for Bluetooth-based COVID-19 contacts tracing, dubbed "Decentralized Privacy-Preserving Proximity Tracing" (DP-PPT), that aims to "minimize privacy and security risks for individuals and communities, and guarantee the highest level of data protection."
Privacy Concerns With Pandemic Surveillance
The need to single out infected individuals and maintain quarantines has led governments across the world to enact tough surveillance measures. So far, over 28 countries have adopted a mix of smartphone tracking, electronic tracking wristbands, and other measures that require citizens to send a picture of themselves at home within 20 minutes or face a fine.
In response to privacy concerns raised by the European Data Protection Supervisor, the European Union said it would adopt a "pan-European approach" to using mobile apps to track the spread of the coronavirus and include a common scheme for using anonymous, aggregated data to trace people who come into contact with those infected and to monitor those under quarantine.
Earlier this week, the American Civil Liberties Union (ACLU) raised concerns about tracking users with aggregated phone data, arguing that any system would need to be limited in scope and avoid any potential for invasions of privacy and abuse.
Although countries like South Korea have been able to minimize the outbreak through an extensive contact tracing program, it also raises questions about consent, such as whether users can opt-out before such data is collected and stored — not to mention the potential danger of turning a blind eye to its privacy risks.
Specifically, how long will the data collection go on, and when will it be deleted? It's also crucial to ensure that the gathered anonymized data cannot be reverse-engineered to track people.
Cybersecurity expert Bruce Schneier said that any data collection and digital monitoring initiative "must be scientifically justified and deemed necessary by public health experts for the purpose of containment. And that data processing must be proportionate to the need."
Urging the need to protect civil liberties during the crisis, the EFF said bypassing certain privacy protections is warranted, but warned that "any extraordinary measures used to manage a specific crisis must not become permanent fixtures in the landscape of government intrusions into daily life."
Put differently, these programs shouldn't pave the way for government overreach or draconian monitoring systems that will continue to live on even after the current outbreak has died down. Including strong privacy guarantees are the right means to make sure that emergency measures don't become the new normal.
No doubt, it's a slippery slope. In the race to stem its spread and control the situation, mobilizing a pandemic surveillance apparatus to help contain the outbreak requires an adequate balance between transparency, meeting public health needs, and civil rights.