Companies like Google and especially Apple have tried to prove their privacy commitments to anxious consumers in the past. But with nothing less than the public’s health at stake, expectations that they’ll honor those commitments are now higher than ever.
The prospect of large-scale pandemic surveillance has many privacy advocates wary, saying it could ultimately open the door to more intrusive spying, even if it begins with good intentions.
Still, in recent weeks, academics and industry have coalesced around Bluetooth-based proximity tracking over GPS location tracking, largely because geolocation data can often be reverse-engineered to deduce a person’s identity.
There’s still a privacy risk with the Bluetooth solution (no system is foolproof) but it’s far lower by comparison, because it doesn’t track where a smartphone goes — only that it’s come into contact with other devices, said Vi Hart, lead author of a recent Harvard University white paper on digital contact tracing methods. And, she told CNN, the system becomes even safer if the phones are tracked using randomly generated numbers rather than being linked directly to their owners’ accounts or identities.
“The version we’re recommending is where your phone basically yells nonsense, it’s gibberish,” Hart told CNN in an interview. “Everyone’s phone is just yelling random nonsense, and your phone collects the nonsense it hears.”
In their announcement last week, Apple and Google said their system follows those principles. Users who test positive for the coronavirus will then have their random nonsense automatically uploaded to a server, where it can be read by other phones.
But even if Apple and Google can win over privacy skeptics, the plan still raises other challenges in implementation. How will health officials ensure no person is falsely reporting a positive test? Will the system record two people as having been in close contact even if they are on opposite sides of a wall in separate apartments?
The companies said they are still looking into how test results should be reported to the contact tracing system, but told reporters on Monday that the answer will likely come from the health officials who are authorized to report cases and make public policy decisions.
One proposal under consideration, company officials said, was to have hospitals and test centers issue special, authorized QR codes with each positive test result. Then, people who receive the code could scan it as part of their self-reporting in the tech platforms’ contact tracing system. That approach could limit false positives, experts say.
Because of how greatly the contact tracing method depends on testing and public health reporting, many experts say Apple and Google’s solution can’t be viewed as a silver bullet. More testing will be critical.
“Without testing, these apps are going to be of limited value,” said Faiza Patel, director of the Liberty & National Security Program at New York University’s Brennan Center for Justice. “We’re hoping to reach 500,000 tests per day over the next few weeks, but we need in the millions.”
The companies did not respond to questions about how the technology will handle instances where people may be in close proximity but not in actual contact. Researchers said it may be necessary to assume that more people have been in contact with each other than in reality, even if that means more people staying home than actually needed.
The alternative would be precisely the disaster some public health experts fear: A reopening of the economy, followed by a second wave of mass infections that could overwhelm the health care system.
And then there’s the massive scale at which people will need to adopt Apple and Google’s digital contact tracing if it’s to scale effectively. Even assuming the companies can solve the technical details and persuade people the tool is safe and private, they and public health officials must still convince millions — if not billions — of people to participate and heed its notifications.
“Problem is, you need a large data set,” said Christian Boos, a technology executive leading a digital contact tracing effort in Europe. “If you wanted this to be the only measure to bend the curve, then you’d need 60% participation [in every country it’s deployed].”
A similar study from Oxford University concluded last month that if app-based contact tracing were the only intervention applied, participation would need to be “near-universal” and that compliance with public health guidelines would have to be “near-perfect.”
That’s consistent with other mathematical calculations, according to the Harvard white paper, citing one study that concluded adoption would need to hit at least 40% and others saying it may need to be as high as 80%.
Successfully reaching that target might be complicated by another messy byproduct of the real world: inequalities of technological access.
“My in-laws, for example, are still using a flip phone. They’re in the most at-risk population, but they’re not going to use this app,” said Patel.
Other barriers keeping people from opting in could include limited battery life on older devices, reluctance to try new apps, or even simple confusion about how to join the program.
That’s where the second stage of Apple and Google’s plan comes in. In hopes of getting more people to use the underlying tech, the plan calls for integrating the contact tracing more deeply into iOS and Android’s user interface over the coming months, so that users can opt into the program straight from their devices without needing to download a separate app first.
It’s too early to say whether that tactic may successfully boost adoption of the tool. But Apple and Google have decades of experience studying user behavior and trying to make it as easy as possible — or in the industry lingo, minimize the friction — to use their products.
If it works, experts say, it could lead to a bonanza for the companies once the pandemic is over. They will have established more credibility in the health services sector in just a few months than over years of acquisitions, announcements and initiatives in the space.
“There’s a level of altruism here, but there’s also a tremendous amount of opportunism to place themselves in a very favorable light,” said Jeffrey Chester, executive director of the Center for Digital Democracy, a privacy rights group.
Even if their efforts don’t pan out, the companies will get credit for having tried, according to Chester, especially given concerns that the federal government’s response has been sluggish.