 |
| © CATHERINE LAI An employee of Singapore's Government Technology Agency demonstrated a new contact-tracing app for smartphones last month. |
By Albert Fox Cahn and Evan Selinger, The Boston Globe
Since the beginning of the pandemic, it’s been clear that public health data can help us respond to COVID-19. But the quest for data can also create new threats that are alarming in their own right. We see that potential problem in a collaboration between two of Silicon Valley’s fiercest rivals, Google and Apple, which have joined forces to create a contact tracing platform to help contain the virus.
Contact tracing is the process of identifying people who might have a disease because they were physically close to a contagious person. It has become the first line of defense in epidemics when adequate testing is available and infection rates are low. In China, authorities use a centralized system, relying on data from cell phone towers, to enforce quarantines of infected people. But the system that Apple and Google are developing for deployment here — once testing has been ramped up to facilitate contact tracing — will use a decentralized tracking model: They’ll use Bluetooth signals to detect your proximity to other people.
Track the virus’s spread with smartphone apps? It’s apt to be harder than it looks
Bluetooth is the short-range wireless technology used in our wireless headphones and remote controls. Apple and Google plan to use it to create a log of your close contacts. Saying “hi” to your next-door neighbor? Well, your phones will be chatting as well. Using a unique coded identifier for each contact, your phone will build up an encrypted log of the people you’ve been near. This file won’t reveal anyone’s name or address, but if your neighbor later is diagnosed with COVID-19, her phone will send a warning to your device and the phones of every other contact she’s had from the previous two weeks, urging everyone to get tested.
Apple and Google say this technology can be effective and preserve people’s privacy. But it’s unclear it can deliver on both of those measures.
To make a real dent in the spread of the disease while respecting citizens’ autonomy, a large portion of the population has to choose to engage in contact tracing. But other countries that experimented with Bluetooth tracking have seen lackluster results. In Singapore, only 12 percent of the public used a contact tracing application.
Technological limitations can impede efficacy too. Not everyone has a cell phone. And not every mobile phone owner has a model that is new enough to constantly run battery-draining Bluetooth technology. This means that if technology is going to facilitate contact tracing at scale, many people will need upgrades. Companies like Google and Apple can help meet these needs by providing highly subsidized current phones, and we expect they will be incentivized to try. But while helping the disenfranchised can seem like beneficent philanthropy, we should be wary of technological corporations claiming to be altruistic. We would need laws that prevent them from pandemic profiteering — for example, by exploiting the crisis to bolster advertising revenue.
Although Google and Apple might win the public over by emphasizing that their contact tracing approach is voluntary, nothing guarantees this arrangement. In time, it might become not really voluntary. In order to secure the benefits of widespread participation, private sector employers will be tempted to mandate the technology. And public institutions like schools will be enticed to do the same for staff, and possibly even students. Should that happen, will people really have freely consented to turn their data into a shared resource?
Location data is uniquely hard to anonymize, because the places we live, work, and visit are so intimately tied to our identity. Unfortunately, this problem plagues the Bluetooth contact tracing model as well. Even with decentralized logs, encryption, and all the other safeguards, the system still can be reverse engineered to reveal infected people’s identities. This is a problem because if the Google and Apple program takes off, large organizations will be incentivized to install Bluetooth beacons at building entryways, subway stations, and other civic hubs to track COVID-19 hot spots. The same openness that enables health authorities to innovate with Bluetooth data will also permit everyone from advertisers to police to immigration officers to do the same unless new privacy laws are enacted to stop them.
Leadership at Google and Apple might have the best of intentions during these difficult times. Nevertheless, since contact tracing isn’t just a technological problem, protecting our privacy and civil liberties requires more assurances than they can provide.
Albert Fox Cahn is executive director of the Surveillance Technology Oversight Project at the Urban Justice Center and a fellow at the Engelberg Center for Innovation Law & Policy at New York University. Evan Selinger is a professor of philosophy at Rochester Institute of Technology.
See more at The Boston Globe
Since the beginning of the pandemic, it’s been clear that public health data can help us respond to COVID-19. But the quest for data can also create new threats that are alarming in their own right. We see that potential problem in a collaboration between two of Silicon Valley’s fiercest rivals, Google and Apple, which have joined forces to create a contact tracing platform to help contain the virus.
Contact tracing is the process of identifying people who might have a disease because they were physically close to a contagious person. It has become the first line of defense in epidemics when adequate testing is available and infection rates are low. In China, authorities use a centralized system, relying on data from cell phone towers, to enforce quarantines of infected people. But the system that Apple and Google are developing for deployment here — once testing has been ramped up to facilitate contact tracing — will use a decentralized tracking model: They’ll use Bluetooth signals to detect your proximity to other people.
Track the virus’s spread with smartphone apps? It’s apt to be harder than it looks
Bluetooth is the short-range wireless technology used in our wireless headphones and remote controls. Apple and Google plan to use it to create a log of your close contacts. Saying “hi” to your next-door neighbor? Well, your phones will be chatting as well. Using a unique coded identifier for each contact, your phone will build up an encrypted log of the people you’ve been near. This file won’t reveal anyone’s name or address, but if your neighbor later is diagnosed with COVID-19, her phone will send a warning to your device and the phones of every other contact she’s had from the previous two weeks, urging everyone to get tested.
Apple and Google say this technology can be effective and preserve people’s privacy. But it’s unclear it can deliver on both of those measures.
To make a real dent in the spread of the disease while respecting citizens’ autonomy, a large portion of the population has to choose to engage in contact tracing. But other countries that experimented with Bluetooth tracking have seen lackluster results. In Singapore, only 12 percent of the public used a contact tracing application.
Technological limitations can impede efficacy too. Not everyone has a cell phone. And not every mobile phone owner has a model that is new enough to constantly run battery-draining Bluetooth technology. This means that if technology is going to facilitate contact tracing at scale, many people will need upgrades. Companies like Google and Apple can help meet these needs by providing highly subsidized current phones, and we expect they will be incentivized to try. But while helping the disenfranchised can seem like beneficent philanthropy, we should be wary of technological corporations claiming to be altruistic. We would need laws that prevent them from pandemic profiteering — for example, by exploiting the crisis to bolster advertising revenue.
Although Google and Apple might win the public over by emphasizing that their contact tracing approach is voluntary, nothing guarantees this arrangement. In time, it might become not really voluntary. In order to secure the benefits of widespread participation, private sector employers will be tempted to mandate the technology. And public institutions like schools will be enticed to do the same for staff, and possibly even students. Should that happen, will people really have freely consented to turn their data into a shared resource?
Location data is uniquely hard to anonymize, because the places we live, work, and visit are so intimately tied to our identity. Unfortunately, this problem plagues the Bluetooth contact tracing model as well. Even with decentralized logs, encryption, and all the other safeguards, the system still can be reverse engineered to reveal infected people’s identities. This is a problem because if the Google and Apple program takes off, large organizations will be incentivized to install Bluetooth beacons at building entryways, subway stations, and other civic hubs to track COVID-19 hot spots. The same openness that enables health authorities to innovate with Bluetooth data will also permit everyone from advertisers to police to immigration officers to do the same unless new privacy laws are enacted to stop them.
Leadership at Google and Apple might have the best of intentions during these difficult times. Nevertheless, since contact tracing isn’t just a technological problem, protecting our privacy and civil liberties requires more assurances than they can provide.
Albert Fox Cahn is executive director of the Surveillance Technology Oversight Project at the Urban Justice Center and a fellow at the Engelberg Center for Innovation Law & Policy at New York University. Evan Selinger is a professor of philosophy at Rochester Institute of Technology.
See more at The Boston Globe
