Tech Expert on Apple & Google’s Plan to Track Coronavirus: ‘We Can’t Underestimate Privacy Risks’

Articolo pubblicato su SputnikNews il 12/04/2020

Software developers have been increasingly throwing their weight behind the efforts of governments and health authorities as they accelerate efforts to find ways of slowing the spread of the COVID-19 virus, to save lives, protect people and get economies up and running amid the fallout from the pandemic.

Apple Inc and Alphabet Inc’s Google announced on 10 April they would work in collaboration to create contact tracing technology in a bid to enhance efforts to slow the spread of the COVID-19 pandemic.

As their operating systems power 99 percent of the world’s smartphones, the two Silicon Valley companies are in a unique position to accelerate usage of apps allowing users to opt into logging other phones they have been in proximity to.

Tracing based on Bluetooth technology would be vital to track down potentially infected individuals for testing or quarantine, particularly after rigid lockdown protocols introduced due to the coronavirus epidemic are eased.

Apple and Google will be launching a comprehensive two-step solution to enable contact tracing that includes application programming interfaces (APIs) and operating system-level technology.

Both companies will release APIs in May that enable interoperability between Android and iOS devices, which will be available for users to download via app stores.

Subsequently, in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform, allowing more individuals to participate, if they choose to opt in.

Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders. We will openly publish information about our work for others to analyze,” said a joint statement by the two companies.

Privacy Risks

From a technical point of view, Pierluigi Paganini, Chief Technology Officer at Cybaze and member at ENISA Threat Landscape Stakeholder Group, applauds the news that Apple and Alphabet are joining forces to work to create contact tracing technology. However, the expert underscores the risks for privacy of users, especially in some countries.

“It is essential to understand the way the two giants will gather the data and how they will use them. Governments worldwide must define a global accepted framework to regulate the collaboration of the two companies and the way they will use the collected information,” said Pierluigi Paganini.
The mobile app to track individuals, says the expert, would have to be designed with bullet-proof requirements regarding security and privacy.

The expert points out that for the tracing model to work it would need to cover all the population worldwide, while in some countries like China the services of the companies are blocked over US sanctions, installed over alleged security threats.

Finally, the Chief Technology Officer at CSE questioned whether enough people would be prepared to place their trust in the new technology and wondering whether it would become a mandatory app, while stressing that time is of the essence in the current conditions of a pandemic.

Pros and Cons of New Tracing App

When asked about the potential benefits of the collaboration between Apple and Google, Petri Krohn, a Finnish cyber security analyst, believes that speedy test results and contact tracing are essential.

On the technology proposed by Apple and Google, the expert says it will seek to address a problem that arose because of the requirement for privacy, when in line with Bluetooth specification 4.0 from 2011, modern smartphones would broadcast random addresses, changing several times an hour, without keeping track of them.

A COVID tracking app would store a list of all the MAC addresses viewed in the last two weeks, restoring a level of traceability without compromising privacy.

However, on the downside, the Apple / Google app may require too many opt-ins to be practically useful, says Petri Krohn.

First, the user must install an application, with possible contacts having a similar application running.

Secondly, anyone who tests positive must allow his daily keys to be uploaded to a public server.

Another contentious issue is the fact that the application may not be universally adopted, unless a green Qr code (like in China) becomes mandatory for access into public buildings or public transport.

Regarding data protection concerns, the expert said the strongest requirements for user privacy come from European Union data protection laws, with the proposed model attempting to comply with the EU GDPR rules for storage of personal data.

It is actually an implementation of the Bluetooth layer of a decentralized method of contact tracing proposed by a group of European privacy experts called Decentralised Privacy-Preserving Proximity Tracing (DP-3T),” says Krohn, concluding that it seems the app proposed by Apple and Google provides the best level of privacy protection possible.