|
Potentially a huge step forward in the fight
against COVID-19. Apple and Google announced a system for
tracking the spread of the new coronavirus, allowing users to share data
through Bluetooth Low Energy (BLE) transmissions and approved apps from
health organizations.
The new system, which is laid out in a series
of documents and white papers, would use short-range Bluetooth communications
to establish a voluntary contact-tracing network, keeping extensive data on
phones that have been in close proximity with each other. Official apps from
public health authorities will get access to this data, and users who
download them can report if they’ve been diagnosed with COVID-19. The system
will also alert people who download them to whether they were in close
contact with an infected person.
Apple and Google will introduce a pair of iOS
and Android APIs in mid-May and make sure these health authorities’ apps can
implement them. During this phase, users will still have to download an app
to participate in contact-tracing, which could limit adoption. But in the
months after the API is complete, the companies will work on building tracing
functionality into the underlying operating system, as an option immediately
available to everyone with an iOS or Android phone.
Contact tracing — which involves figuring out
who an infected person has been in contact with and trying to prevent them
from infecting others — is one of the most promising solutions for containing
COVID-19, but using digital surveillance technology to do it raises massive
privacy concerns and questions about effectiveness. Earlier this week, the
American Civil Liberties Union raised concerns about tracking users with
phone data, arguing that any system would need to be limited in scope and
avoid compromising user privacy.
Unlike some other methods — like, say, using
GPS data — this Bluetooth plan wouldn’t track people’s physical location. It
would basically pick up the signals of nearby phones at 5-minute intervals
and store the connections between them in a database. If one person tests
positive for the novel coronavirus, they could tell the app they’ve been
infected, and it could notify other people whose phones passed within close
range in the preceding days.
The system also takes a number of steps to
prevent people from being identified, even after they’ve shared their data.
While the app regularly sends information out over Bluetooth, it broadcasts
an anonymous key rather than a static identity, and those keys cycle every 15
minutes to preserve privacy. Even if once a person shares, that they’ve been
infected, the app will only share keys from the specific period in which they
were contagious.
Crucially, there is no centrally accessible
master list of which phones have matched, contagious or otherwise. That’s
because the phones themselves are performing the cryptographic calculations
required to protect privacy. The central servers only maintain the database
of shared keys, rather than the interactions between those keys.
The method still has potential weaknesses. In
crowded areas, it could flag people in adjacent rooms who aren’t actually
sharing space with the user, making people worry unnecessarily. It may also
not capture the nuance of how long someone was exposed — working next to an
infected person all day, for example, will expose you to a much greater viral
load than walking by them on the street. And it depends on people having apps
in the short term and up-to-date smartphones in the long term, which could
mean it’s less effective in areas with lower connectivity.
|
Comments
Post a Comment