Google, Apple tighten protections on contact tracing; Americans worry over privacy


As the likes of Google and Apple bolster privacy in the race to come up with contact tracing apps to get a handle on the spread of COVID-19, Americans are placing a premium on safeguarding their data with only 27 percent in one study saying they would give permission to an app to track their location.

Apple and Google have fast-tracked development of an API that can be used to build Bluetooth-based contact tracking app, which they’re now soft-pedaling as an “exposure notification” tool. The companies plan to release the API on schedule in May and offer a platform intended exclusively for public health agencies to develop apps in the next couple of months.

The duo released details of measures they’ve taken to ensure privacy, including limiting the time that devices should be in close proximity to exchange keys to 30 minutes and encrypting device metadata.

Google and Apple have agreed “to collect analytics from people’s dynamics in order to feed their epidemiology models to achieve two things: keep people aware of possible exposure to someone infected and predict how and where the curve of infection may develop,” said Gonzalo Raposo, tech manager at Globant, who noted that using technology to track dynamics in society has been successful. “There are still challenges to overcome, but this first step sounds promising.”

The latest steps to ensure privacy are intended to allay growing fears that contact tracing apps will expose users or be misused. A large majority of Americans – 89 percent – said they support or strongly support privacy rights, a survey found. The number of those willing to let an app display location if they were infected ticked up to 30 percent but most – 79 percent – worried that the government wouldn’t continue to use what they consider intrusive tracking measures well after the pandemic has been quashed.

Rights groups like the ACLU have stressed that coronavirus tracing apps should be limited to the confines of the current pandemic, with the APIs expiring once the health emergency has ended, and have cautioned against the development of general purpose apps that aiming to track any illness that might crop up.

The press to stop the spread of COVID-19, though, “has created a new justification to increase surveillance, an excuse that governments and businesses are exploiting,” said SaltStack CTO and cofounder Thomas Hatch. “When all is said and done, not only does this damage privacy, but I don't see a rollback without an aggressive push after COVID-19 to roll back these recent changes.”

Despite the promise of the Apple/Google initiative, the BBC said the U.K.’s NHS has nixed the plans in favor of a centralized contact tracing model instead, raising privacy concerns.

“With all the discussion that is taking place worldwide about ways to ensure public health and safety, guidelines would certainly provide a useful starting point for the tracking, tracing and testing so necessary to fight the Coronavirus pandemic,” said Steve Durbin, managing director of the Information Security Forum. 

“The fundamental issues for me that need to be addressed are transparency and building in privacy to any technology solution or approach from the outset – privacy by design in other words,” said Durbin. “The notion of only storing data for as long as you need it and protecting it at all stages of the information lifecycle will strike a chord with information security professionals worldwide who for many years have been adopting this mantra to safeguard confidential data.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.