Apple and Google are redoubling their efforts to create the technology that public health officials will need to develop apps that assist in contact tracing. On a call today with reporters, the companies detailed changes they're making to increase privacy protections for users who choose to participate in Covid-19 contract tracing apps that help with exposure notifications.
Knowing about exposures is an important aspect of being able to safely reopen the economy and get workers back to their jobs while continuing to contain the spread of Covid-19.
You might remember that a few weeks ago, the companies announced that they would build technology into both iOS and Android that would allow for proximity tracing using Bluetooth. The challenge is to do that in a way that protects user privacy and doesn't allow individuals to be tracked or identified.
I think that first, it's important to mention that what Apple and Google are actually building isn't a service or an app. Those will be built by public health organizations that are seeking to automate the process of contact tracing and exposure notification in different communities.
What Apple and Google are doing is making it possible for those apps to take advantage of Bluetooth to determine when an individual has had close contact to someone who has indicated that they were diagnosed with Covid-19.
Second, it's helpful to remember that anyone can choose to opt-in or -out. In fact, you don't even have to opt-out, you can simply not download any of the forthcoming apps onto your device, and nothing will change. Future versions of iOS and Android will simply make it possible for people to choose to participate.
Of course, one of the important steps to encouraging people to do so is to assure them that participating won't put their personal health information at risk. To that end, the companies are making changes to provide better protection for users.
First, the companies have changed the way tracing keys are generated. Those are what devices use to track whether you've been in contact with someone who indicates they are positive for Covid-19. Those are now generated randomly on the device, transmitted by Bluetooth beacons, and stored only on the device.
Only the key associated with a device that tested positive is uploaded to the server for the health organization, and those are then downloaded to be compared locally on user devices. The tracing keys are randomly generated every 10-20 minutes to further prevent individual user tracking.
Those keys are also now using AES encryption, which prevents someone from intercepting personal information that could be used to identify the device or individual. Apple and Google also indicated that the keys don't include location information, which provides another layer of privacy protection.
The companies are also building an interface into their mobile operating systems to give users simple control over when the beacon function is active. For example, if you wanted to have it on when you're out shopping in the grocery store, you could turn it on. Then, once you've returned home, if you were concerned about your phone transmitting any information, you could simply turn it off.
The efforts of both Apple and Google show not only how important this technology will be to help contain this pandemic as we seek to loosen social distancing, and especially stay-at-home orders, across the country. It also shows that protecting user privacy is imperative to actually convincing people they should use the technology.
That's going to matter even more as we try to figure out what "normal" looks like on the other side of a pandemic. It's especially important as we recognize that the way we get there is with the help of technology that we've come to depend on, but haven't always trusted to have our best interests in mind. Right now, however, we're counting on just that. These steps are at least moving us in the right direction.