Google and Apple are looking to get out ahead of a slew of privacy concerns by offering further technical details on how their joint coronavirus contract tracing system will work.
For starters, the term contract tracing is off the table, with the two tech behemoths preferring the wording ‘exposure notification’ for the Bluetooth-based system, which is designed to alert Android and iPhone users to if they’ve come into contact with anyone who has tested positive for the virus.
In new documents published today, Google and Apple say all of the Bluetooth metadata involved in the contact tracing will be encrypted and new keys for identifying smartphones will be randomly generated every day. This should make it harder for those with ill intentions to use the data to identify individuals by their Bluetooth sig.
The pair also say that there’ll a 30-minute time limit on measuring people’s contact with each other, with intervals rounded to five minutes, while the Advanced Encryption Standard (AES) will be used to keep all of the data encrypted. Google and Apple also say they’ll disable the technology when all this is over, to ensure there’s no unnecessary or continued usage.
The project involves creating the back-end technology that’ll enable consumer facing applications from public health authorities in various nations around the world. However, there are still obstacles pertaining to how the data will be stored to overcome before the system can come into use. Apple and Google favour a decentralised data storage model, while many governments are seeking centralised data that can be cross referenced with other data like test results and/or shared with local authorities.
The developers of the apps need Apple and Google’s infrastructure for the apps to work effectively, otherwise they would only collect the data if the handsets were unlocked, so it remains to be seen how this impasse can be solved.
Naturally, the applications will be opt-in rather than compulsory, but the more people who sign up, the better chance the nation in question has of limiting the spread of the coronavirus. Those who’ve come into contact with a covid-19 positive person will receive an ‘exposure notification’ and told to quarantine.
While the apps and the technology behind them will be a useful weapon in fighting the virus, winning the trust of a sceptical public will be difficult. Revealing its technical plans to protect data could offset some of the concerns of people worried tech could later be used to further surveillance efforts. The app does not use GPS to track the location of users, only Bluetooth to identify the proximity to other users.