Why do governments insist on ignoring Apple and Google’s tracing tech?
- maj
- 16
Governments have tried to reinvent Apple and Google's wheel, running themselves over in the process.
A few weeks ago, we took an in-depth look at contact tracing, an established medical practice used to track and minimize the spread of infectious diseases. Specifically, we took a look at Apple and Google's joint contact tracing (now called exposure notification) initiative, to see what it was, and how it could help.
Contact tracing can be done through smartphones, using Bluetooth to measure contact with other people running the same contact tracing software. The upshot is that if you or someone you've been in contact with contracts COVID-19, you, or they, can be alerted to this potential exposure, allowing you to take appropriate action.
Since the prospect of contact tracing through smartphones has emerged, several troubling headlines and stories have emerged, which all seem to point to the same thing. An alarming number of governments, health authorities, and "experts" have shown a stunning lack of understanding of even the most basic premises of this technology, and exceptionalism could cripple governments' chances to effectively use contact tracing to help quash COVID-19.
We told you so
One of the key pressing issues of our initial look at contact tracing was the use of centralized, or decentralized systems. The former holds user data about users, and some personal information in central databases, the latter exclusively on your device. The former is not supported by Apple and Google, the latter is. This means that apps which use centralized databases will not work on iOS. The same can be said of apps that do not use Apple and Google's API framework. The first government to embarrass itself on the world stage in this regard was Australia.
Australia pressed on with an app that eschewed Apple and Google's API framework. Everyone who knows a shred about apps knows that without the support of Google and Apple's API, these apps will not function properly whilst running in the background. Australian government services minister made repeated claims that the app would work "either in the foreground or background," despite facts and logic.
Of course, just a few days later, Australia's government was eating its words. Randall Brugeaud telling a Senate Committee that whilst the connection quality of the app in the foreground was "very good", the connection "progressively deteriorates" when the phone is locked and the app is running the background. Who knew? Australia, graciously, has pledged to update its app to include Apple and Google's framework, which will alleviate the problem.
Governments in the UK and France also continue to press on with contact tracing solutions that do not use Apple and Google's framework, no doubt a similar reckoning awaits both of them. Indeed, in the UK, a leaked report from the Financial Times that the UK is secretly exploring the feasibility of switching to Apple and Google's solution, much to the chagrin of an ethics board tasked with auditing the app in the UK.
Earlier this week, it emerged that a UK advisory board was split over the prospect. The board was set up to examine the ethical impact of a contact tracing app, however, it seems to have arrived at the prospect that UK's centralized effort will not work. From The Guardian:
The NHS coronavirus app's advisory board is split over whether it has the authority to tell the government to ditch its version and switch to a decentralized model proposed by Apple and Google.
Germany's U-Turn
Germany had previously joined France and the UK in trying to develop contact tracing technology without using Apple and Google's framework. Initially, Germany moved towards a centralized model developed by The Robert Koch Institute noting:
"This solution requires the central storage of anonymized data, but represents a workable approach in terms of data protection and security"
To its credit, Germany reversed course on this just over a week later, stating that it would indeed incorporate Apple and Google's contract tracing API. But why the sudden change? According to reports, an open letter from hundreds of scientists warned that centralizing contact data would allow "unprecedented surveillance of society at large". Germany says the Pan-European Privacy-Preserving Proximity Tracing failed to communicate this clearly in "a series of grave errors", causing damage and leading to this decision. Germany announced it would adopt a "strongly decentralized approach", and has since joined six other EU countries in championing a cross-border, decentralized system of contact tracing.
Lack of understanding
Despite the lessons of Australia, the epiphany of Germany, and the overwhelming body of evidence and information regarding contact tracing, a gross lack of understanding of Apple and Google's contact tracing solution still pervades government efforts and the media. Nowhere is this lack of understanding more evident, than in a recent article from The Washington Post. A seemingly scathing article labels Apple and Google's virus tracking system as "practically useless", and the article is propped up by "experts" who Daring Fireball's Jon Gruber rightfully points out, don't know what they're talking about."
Gruber notes a series of glaring errors in the article, for example, the reference to the technology as "virus tracking". No app can track a virus. Apple and Google are trying to help facilitate measuring exposure and contact between individuals. This is a technicality, but it gets worse. The report notes that strict rules from Apple and Google "will notify smartphone users if they've potentially come into contact with an infected person, but it won't share any data with health officials or reveal where those meetings took place." This pesky constraint that prevents data sharing and location tracking is more commonly known as "privacy." Apple and Google have put privacy at the forefront of its contact tracing efforts, even calling it Privacy-Preserving Contact Tracing.
Pure hypocrisy
One expert cited in the piece, Helen Nissenbaum of Cornell University, said that Apple's use of privacy in this context was a "flamboyant smokescreen". She further stated how ironic it was that two companies who had "tolerated the mass collection of people's data but were now preventing its use for a purpose that is "critical to public health." But ask yourself, which is the greater hypocrisy. Apple and Google making its privacy more stringent, or Nissenbaum, criticizing Apple and Google for "tolerating the mass collection of people's data", and then demanding they hand it over in the same breath?
Nissenbaum displays a further lack of understanding by stating:
"If it's between Google and Apple having the data, I would far prefer my physician and the public health authorities to have the data about my health status... At least they're constrained by laws."
To suggest that Apple and Google are not constrained by laws is frankly, absurd. Furthermore, the whole point of Apple and Google's technology is not that they get the data instead of the government, but that no one gets the data. It stays on your device so that nobody can see it. The only way any of your data leaves your phone is if you choose to share it. As Apple's own FAQ on the technology notes:
This system does not collect location data from your device and does not share the identities of other users to each other, Google or Apple. The user controls all data they want to share, and the decision to share it... The system was also designed so that Apple and Google do not have access to information related to any specific individual.
To sum up
The truth is that we are still in the very earliest stages of contact tracing technology. But what we've seen in Australia proves that governments who stray from Apple and Google's contact tracing technology risk wasting time, money, and effort on systems that will ultimately not work. The biggest tragedy is that missteps in this regard don't simply mean wasted resources, but lives as well.