On a recent IoT Podcast episode, we debated the idea of a phone-based method to track and trace COVID-19, which would certainly have some potential privacy implications. For example, South Korea has kept its number of COVID-19 cases lower than most countries by using such a centralized system. And in Taiwan, which has far fewer cases, the government took it one step further: Alerting police when quarantined residents leave their home as determined by their phone’s radio signals. The U.S. population doesn’t have the stomach for such intrusive measures (especially by the federal government) but today Apple and Google jointly announced a lighter version of those methods used in the east.
If I had to pick two companies to work together on this, it would be Apple and Google.
They essentially have the entire phone platform market with Android and iOS. Apple is considered better on personal data privacy but I figure that if Google goes along, Apple wouldn’t let such an effort devolve into a data-mining scheme for targeted ads. Put another way: I can’t think of any other large technology companies with the reach of Apple and Google that people trust with personal health data in some capacity.
The joint effort will have two parts. First, next month, the two companies will release APIs to bring interoperability between Android and iOS for official public health apps. Then, in coming months will be the more valuable part of the project:
Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms. This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities. Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders. We will openly publish information about our work for others to analyze.
This Bluetooth-based approach may sound familiar because we recently discussed a similar solution on this week’s podcast. An app called Coalition was expected to launch this week from the Nodle team; Nodle already has a Bluetooth-based distributed network for IoT devices, so Coalition would be a repurposed app using the same technology. Coalition didn’t launch, however, which has me wondering if the Nodle team knew in advance about the Apple and Google project. We’ve reached out to Nodle for information on that.
Update: Nodle responded to our query saying that Coalition for the Google Play Store has already been submitted and is in the review process. Coalition for iOS is expected to be submitted this week to the App Store. The API developed by Google and Apple is similar to the one Nodle has previously developed using its own protocol called the Whisper Tracing Protocol, which you can read about here.
Ok, so we know the track and trace apps will use Bluetooth, but how will they work? Based on the technical documentation provided by Apple and Google, it looks exactly how Coalition would. Everyone using the track and trace app on their phone would capture a small amount of data over Bluetooth as they came into contact with other users of the app. And if someone using the app was later diagnosed with COVID-19, the historical chain of those Bluetooth pings would send a notification to phones of people that person came in contact with, provided the user gives consent:
So this is similar to programs used in the Far East but with one key exception: It relies less on a centralized entity for gathering and using the data.
Instead, all data is held locally on the phone is very limited: There’s no personally identifiable information or user location data stored and the list of people you may have been in contact with never leaves your phone. This not only solves the track and trace problem but also protects personal data.
Is it a perfect solution? Perhaps not.
A “perfect” scientific or medical solution might be more like what China does. It requires every citizen to download an app that displays a QR code showing green, yellow or red, indicating if the person is sick, symptomatic or healthy. You can’t enter a building or take mass transit without showing the QR code in China. But that system is centralized and state-run; not what U.S. citizens would accept. The joint venture between Apple and Google is likely as close as we can get to a perfect solution that’s considered acceptable here.
Updated on April 11 at 5:52pm CDT with additional information from Nodle.