Since COVID-19 can be transmitted through proximity to affected individuals, public health workers have identified contact tracing as an essential tool to flatten the curve of the pandemic. Several leading public health authorities, universities, and NGOs around the world have been ramping up efforts to undertake aggressive contact tracing of those who test positive for the coronavirus. But first, let’s understand what exactly is contact tracing.
What is contact tracing?
In the traditional process of COVID-19 contact tracing, health workers ask patients several questions about their activities, going as far back as the last two weeks, documenting all the places they have visited and the people they have met. Then, the COVID-19 volunteers or foot warriors reach out to all those people who may be at risk of infection and issue guidelines to them.
Fundamentally, the process of finding and reaching out to the contacts of someone who tests positive for COVID-19 not only requires massive physical labor but it also consumes a lot of time. And in the case of an infectious pathogen like the novel coronavirus, time is an extremely critical element.
What are Apple and Google doing?
In a partnership that is as rare as it is ambitious, Apple and Google have announced they are joining forces to create a contact tracing solution that would help governments and health agencies to reduce the spread of the novel coronavirus. The cross-platform, decentralized tracing tool will leverage Bluetooth technology to figure out if a person has come into contact with a COVID-19 patient.
The tech giants maintain that user privacy and security is central to their design and that all iOS and Android users would be able to choose whether they want to upload anonymized data to the system. The following images explain how Apple and Google’s opt-in contact tracing tool would work:
Apple and Google’s tool is not expected to completely replace the traditional contact tracing methodologies, but it can surely help to expand information outreach – if people en masse decide to participate in the system, that is.
For example, a patient may not remember all the places they had been to, or in the case of using public transport, they would not even know who all they traveled with. At least if some of the potential incubators were using a smartphone and decided to opt-in for Apple and Google’s tool, they will get informed they need to get tested for the virus. Moreover, this technology could also free up public health officials to focus on the most vulnerable groups or those who do not have smartphones.
But just for context, there are 2.5 billion active Android devices and 1.5 billion active iOS devices in circulation today.
When will Apple and Google start contact tracing?
Given the urgency of the situation, Apple and Google plan to commence or implement this solution in two steps:
First, in May 2020, both companies will release application programming interfaces (APIs) that enable interoperability between Android and iOS devices using apps from public health authorities. These official apps will be available for users to download via their respective app stores.
And then, in the coming months, the tech titans will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying iOS and Android platforms. This is a more robust solution than an API and would allow more individuals to participate if they choose to opt-in, as well as enable interaction with a broader ecosystem of apps and government health authorities. In this phase, users will no longer need to download any dedicated app to be notified of a COVID-19 positive contact. The alerts will be pushed automatically by the operating system.
Can smartphone-based contact tracing violate privacy?
Apple and Google’s contact tracing tool uses Bluetooth Low Energy (Bluetooth LE) radio technology at the core of the system. If you want to understand the technology in detail, we recommend this article by The Verge. For the TL;DR version, understand that the system doesn’t collect names, locations, or any other identifiable information. It works on the concept of proximity – just like your Bluetooth headphones need to be in a certain range to be discovered by your smartphone.
Also, both the companies have assured that only public health authorities will be allowed access to the contact tracing APIs. “This limited API use will be restricted in the same spirit that you restrict individual healthcare to licensed medical professionals like physicians. In the same way, use of the API will be restricted only to authorized public health organizations as identified by whatever government is responsible for designating such entities for a given country or region,” representatives from Apple and Google told TechCrunch.
The companies also explained that data stored in a user’s device will be ‘relayed’ through servers run by the health organizations across the world, and will not be centralized. Not storing the data in a central database would help to make it difficult for use in surveillance, should governments wish to do so.
That said, no system is ‘unhackable’. As security researcher Ross Andersen points out, “Anyone who’s worked on abuse will instantly realize that a voluntary app operated by anonymous actors is wide open to trolling. The performance art people will tie a phone to a dog and let it run around the park; the Russians will use the app to run service-denial attacks and spread panic; and little Johnny will self-report symptoms to get the whole school sent home.”
In an earlier post about using location data to tackle the coronavirus pandemic, we explored how location data, like all other data, can be used for more than one purpose. And maybe, in its current form, the system being developed by Apple and Google could help us. But, if we give in to personal data collection at scale in an effort to control the coronavirus pandemic, what guarantee do we have that the same embedded technology will not be used to undermine democracy or human rights next?