Health experts: Privacy policy will make apple-Google ‘exposure notification’ system worthless

As Apple and Google work to build a so-called “exposure notification” API and accompanying operating system-level assets to help monitor the spread of COVID-19, some U.S. health experts believe that the companies’ overly strict privacy policies will make the solution worthless in the first place. Experts in the field, including those who are currently building digital contact tracking apps for the government’s health department, expressed concern about the Apple-Google system in a revelation published Friday in The Washington Post.

Health experts: Privacy policy will make apple-Google 'exposure notification' system worthless

Specifically, officials have expressed concern about data sharing restrictions embedded in the exposure notification API. Some experts say public health agencies that build applications on the framework will be at a disadvantage because they cannot access geographic data and other important user information. In addition, Apple has blocked access to the iPhone’s Bluetooth communication stack, meaning contact tracking apps are forced to run in the foreground to be effective.

While they have condemned the Apple-Google solution, the experts interviewed seem to know little about the system’s functional design.

For example, Helen Nissenbaum, a professor of information science at Cornell University and director of the Digital Life Program, called the companies’ use of consumer privacy to defend PHA against smartphone technology as a “beautiful smokescreen.” Nissenbaum said it was ironic that two technology companies that “tolerated a large collection of people’s data for years” were now preventing people from accessing information that might be critical to public health, the report said.

“If I had this data between Google and Apple, I’d rather have my doctors and public health agencies have my health data,” Nissenbaum said. “At least they are bound by the law. “

Apple and Google have been positioning user privacy as a guiding feature of the exposure notification platform, which the companies argue will lead to more adoption. Instead of storing data on a central server run by Apple or Google, the system stores anonymous Bluetooth beacons — contact information — on the user’s device until participants choose to share information with the outside world. If the user is diagnosed as a COVID-19 virus carrier, they can choose to upload a 14-day list of recent contacts (also anonymous) to a distribution server, match the beacon ID, and notify them of close contact with the virus carrier. If allowed, the doctor can also view the data.

In fact, governments have complained that Apple and Google are reluctant to store exposure notification data on centralized servers, in part to protect sensitive information and partly to prevent potential task deviations. The NHS in the UK, for example, is testing its own contact tracking app with a centralized data storage scheme. However, without the help of Apple and Google, the system is in trouble.

“They’re exercising their right to be completely independent,” said Matt Stoller, director of research at the American Economic Freedom Project. It’s crazy. He added that Apple and Google “have decided for the whole world, it is not a public decision.” You have a private government that makes choices for your society, not a democratic government that can make those choices. “

The report also mentions North Dakota’s efforts to enhance traditional contact tracking apps with digital logs stored on users’ smartphones. State officials initially hoped the Apple-Google solution would power the app, but the constraints prompted developers to start from scratch. The state is building an application for contact tracking teams and another application that integrates the exposure notification API, rather than a single software.

“Every minute, maybe someone gets infected, so we want to be able to use everything we can,” said Vern Dosch, a contact tracking liaison in North Dakota. “I see.” They have a brand to protect…”

Confusingly, other health officials, such as Mike Reid, an associate professor of medicine at the University of California, San Francisco, are skeptical that technology companies can maintain a high level of privacy protection. “We’re going to go to great lengths to minimize the amount of data we get from people, and we’re going to get people’s consent on the phone.” We make considerable effort to ensure strong technical controls to ensure the anonymity of our platform. Reid. “Can you say the same thing to these powerful tech companies?” I’m not sure. “