Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Financial Times
Financial Times
Business
Patrick McGee and Hannah Murphy in San Francisco and Tim Bradshaw in London

Coronavirus apps: the risk of slipping into a surveillance state

When Steve Jobs discovered that Google was developing a smartphone platform to rival Apple’s iPhone, he declared “thermonuclear war” on his Silicon Valley neighbour. 

Now, facing a global pandemic threatening millions of lives, more than a decade of hostilities between two of the world’s most valuable companies have been put on hold. In a new “spirit of collaboration”, Apple and Google are jointly developing a system for tracking the spread of coronavirus. 

“We view this an existential threat to large swaths of humanity,” says one person involved in the effort. “Rivalries have been set aside for the greater good.”

The tech giants are building a contact tracing system aiming to use wireless signals to inform people if they encounter someone who has — or is later diagnosed — with Covid-19. Testing of its first incarnation is set to begin this week and within months the tool will be built directly into two smartphone platforms used by billions of people. Their aim is to give health authorities the world over “track-and-trace tools” that would help isolate infected populations and reopen the economy. 

But by putting forward their own idea for a single, global system that emphasises privacy over centralised oversight, Apple and Google have set up a new confrontation between Silicon Valley and governments around the world. 

Many nation states have their own ideas of how best to harness technology to stem the outbreak, including by monitoring their population’s detailed movements and building vast databases of information about their citizens. 

If governments do press to get access to more data using these apps, they could find public opinion on their side. “[The extent to which] people are concerned about privacy depends on what the relative benefits are,” says Leslie John, associate professor at Harvard Business School, whose research focuses on the psychology of privacy decision-making. “In a time when people are concerned about life and death, people may be more willing to give up information for greater health.”

The core issue with the new apps is that there is a direct trade-off between how effective they might be in helping control new outbreaks and the potential invasion of privacy, whether that involves the type of information that is being used or the level of compulsion to use the technology. 

Some activists worry that the apps could start as a tool to help track the contacts of newly infected patients but end up as de facto “immunity passports”, with citizens required to show their health status on their smartphones before they can use public transport or attend a football match. 

Even President Donald Trump has outlined the debate ahead. Describing the Apple-Google solution as “amazing”, he warned earlier this month: “We have more of a constitutional problem than a mechanical problem . . . A lot of people have a problem with it.”

Apple and Google have insisted that their technology will be off-limits to public health agencies that do not abide by their privacy guidelines. In the hopes of persuading as many people as possible to use their tool, the companies are prohibiting more extensive surveillance and want individuals to be able to choose whether to use the scheme. Their tight control of the software gives already powerful companies huge influence over the success or failure of any public-health app. 

The outcome of this stand-off between governments and Big Tech could help determine how quickly the world can lift its lockdowns and return to normality during the long months before a vaccine for Covid-19 is ready. 

Yet critics also fear that holding out such lofty goals for these apps puts too much emphasis on a single solution to a complex problem like no other the world has faced in decades. 

“Everyone’s desperate. It’s technology utopianism; we’re looking for technology to save us,” says Ashkan Soltani, an independent privacy researcher and former chief technologist at the Federal Trade Commission. 

When combined with other measures, such as social distancing, widespread testing and isolation of affected individuals, contact tracing apps can help to “break the chain” of infection. But, Mr Soltani adds, “the goal and how they’re sold is that they are going to be silver bullets — which they’re not.”

Even without conscripting the devices that live in the pockets of half the world’s population, contact tracing is an inherently invasive practice. Traditional techniques involve tracking down every individual and location visited by someone diagnosed with an infectious disease. According to the WHO, infected people are encouraged to “identify every listed contact and to inform them of their contact status”. 

Now, faced with the challenge of scaling that process up to entire populations, dozens of tech companies led by Apple and Google hope to take this laborious process and turn it digital. By relying on digital connections instead of faulty memories, the hope is they can track the path of the disease with unprecedented clarity.

But the effort faces an enormous ethical dilemma. Arguably, the most effective contact-tracing tools would ignore privacy concerns altogether: apps would be mandatory, every user would be identified, and people would be traced constantly wherever they go. 

The system would rely on every means possible to track a person’s location including credit card transactions and surveillance cameras. One tech start-up has even suggested using artificial intelligence to monitor via CCTV whether people are remaining a safe six-foot distance apart as they walk the streets. 

China’s ability to dramatically flatten the curve of Covid-19 infections is partly testament to how an authoritarian government can deploy such technology to contain the virus. 

The west is seeking to replicate the success of these efforts — but without turning into a totalitarian state. So when Apple and Google unveiled their scheme in mid-April, their emphasis was placed squarely on privacy. 

The proposed solution uses Bluetooth to send and receive anonymous signals that change every 15 minutes. If an infected person informs the software they tested positive, any other smartphone user that had a recent encounter would be alerted and given information about what steps to take. Most of the data is kept on people’s phones, to minimise the potential for “de-anonymisation” by either hackers or an overeager government. 

Users can just as easily opt out as opt in, the companies say. And if any government tries to make participation mandatory, collect the information in a central database or overlay additional trackers such as location, the tech companies simply would not let them. 

Even so, privacy activists and some politicians have warned about over-reach. Last week, Democratic senator Edward Markey wrote to the US vice-president, Mike Pence, urging strict limits on data use. “Contact tracing efforts should collect only the information from individuals that is absolutely essential to achieve specific, evidence-based, pre-determined public health objectives,” he said. 

However, some believe that an extensive surveillance system is justified in the current situation, as Covid-19 kills hundreds of thousands of people and paralyses the global economy. A survey by pollster Ipsos Mori, commissioned by the FT, found that two-thirds of Britons are in favour of government phone tracking to help tackle the pandemic. 

Chris Yiu, executive director of technology and public policy at the Tony Blair Institute for Global Change, says the severity of the situation justifies measures that would normally be “out of the question” for democratic societies. 

“This is quite different from the traditional debate about whether confronting security threats to our way of life merits sacrificing the values of freedom and privacy that define us,” he says. “Covid-19 is not an ideology, and rebalancing the contract between citizens and the state to take advantage of new technologies is not capitulation.”

Apple and Google’s leverage stems from their control over how any third-party apps can access the sensors in their smartphones. In their current configuration, iOS and Android make it difficult for developers constantly to access Bluetooth when their apps are running “in the background” — such as when a device is locked or the owner is using a different app for a long period of time. Google and Apple have said they would lift these restrictions for public health authorities to do contact tracing, using new tools for developers that would allow near-constant access to Bluetooth. 

However, that also means any contact-tracing app that is developed without adhering to Apple and Google’s guidelines would face severe technical and practical limitations. To be effective in tracking other nearby users, the smartphone would have to be unlocked with the screen left on for extended periods — likely running down the battery in a matter of hours. 

An Australian contact tracing app that was launched without using Apple and Google’s new tools tries to get around these limitations by sending users push notifications reminding them to refresh the app. Despite these issues, almost 2m people downloaded it within just a few hours of its release. 

The Silicon Valley groups are walking a fine line between privacy and efficacy — and many governments fear they have not got the balance right. The French government is pressing the two firms to relax their position on background Bluetooth usage. 

The crux of the matter is whether contact tracing in the digital era can truly be anonymous and effective at the same time. Unlike GPS, Bluetooth does not track a person’s location, only the proximity between users. 

Moreover, Apple and Google have been vague about what constitutes “an encounter” with someone who is infected in terms of the length of time the two individuals are close together. 

If the required duration of contact on the app is set too narrowly — to just a few seconds, say — users might be pinged repeatedly. 

A grocery clerk or a public transit rider might come within 10 metres of an infected person multiple times in a single hour. Each alert is likely to be read as a personal doomsday message direct from the health authority. The result could be numerous false alerts that create total havoc and paranoia — or just lead to people opting out.

But set the parameters too wide — to say, half an hour, as Singapore has done for its app, TraceTogether — and the tech giants risk lulling populations into complacency. If people go several weeks without their phone ever pinging them, they could end up feeling safe and opt to relax their social distancing.

Apple and Google have proposed that smartphones could send and receive Bluetooth signals every five minutes for tracing purposes.

Even that could be far too long a time. Covid-19 can spread from the briefest of encounters, inhaling mist from a stranger’s cough at the supermarket or touching surfaces that, according to Harvard Health, can remain infected for up to 72 hours.

“None of them has put a stake in the ground in terms of how long the duration is going to be,” says Marc Rogers, executive director of cyber security at Okta, a software group. To be effective the tools need to be refined to only short distances and include interactions of under 30 seconds, “because someone just needs to cough, and you walk through the mist, and that’s it — you’re at risk”.

Around the world, apps are already being developed with clear backing from governments and public health authorities before the Google/Apple platform is ready. In the UK, the innovation arm of the National Health Service, NHSX, is already trialling its country-wide app. Europe has two competing groups exploring what they call “proximity tracing”, PEPP-PT and DP-3T. 

In the US, a patchwork of different apps are emerging, some of which plan to dovetail with the Apple/Google proposal, while others plan to remain independent. Many have started to collaborate to ensure they are interoperable. 

But only one app is expected to be selected per state. Among the frontrunners for the most widespread adoption is Safe Paths, a protocol and app by Massachusetts Institute of Technology. Ramesh Raskar, an associate professor at MIT who leads the initiative, says the group was “in conversations with 40 different jurisdictions” including individual cities, states and countries. The group is exploring the use of WiFi and GPS location tracking technology, arguing that Bluetooth alone is not scalable or reliable.

Mr Raskar also flagged data security issues related to the use of Bluetooth. “A third party app can snoop on these [Bluetooth] signals,” he said. “Why would you carry a phone that’s constantly emitting a beacon?”

France also argues its system is more secure from hacking because it uses a central server to maintain a list of devices belonging to people exposed to the virus (without identifying them by name). That is in contrast to the “decentralised” approach adopted by Apple and Google, which primarily stores those details on individual devices, using a central server as a mere “relay” to update the network of participants on the latest infections. 

“Our scheme does not follow this principle because we believe that sending information about all infected users [to everybody’s smartphones] reveals too much information,” the French researchers developing the app, known as “Robert”, wrote in a recent paper. Europe’s PEPP-PT follows a similar approach. 

But many privacy activists, including those belonging to PEPP-PT’s rival DP-3T, disagree. Last week, nearly 300 academics endorsed Google and Apple’s approach in a letter, saying that any central database risked “mission creep” and could “catastrophically hamper trust in and acceptance of such an application by society at large”. “It is vital that, in coming out of the current crisis, we do not create a tool that enables large scale data collection on the population, either now or at a later time,” the international group of researchers warned. 

The UK has been wary of the tech giants’ approach, favouring a centralised database, whereas privacy-centric Germany has come out in support of it.

Some privacy activists also fear that the tech companies’ reassurances that the apps will remain voluntary will be hard to enforce in practice, if contact-tracing apps evolve into “passports” that are demanded to enter supermarkets or other public places. 

“We need to keep a really sharp eye as a society to make sure that they don’t become effectively mandatory,” says Daniel Kahn Gillmor, senior staff technologist at the American Civil Liberties Union. “Voluntariness is really a feature and not a bug. We don’t need to get to 100 per cent participation if the goal is simply to be able to flatten the curve somewhat.”

The ACLU has also urged health authorities to build in something that many might forget in their rush to deploy a solution: a promise not to let contact tracing apps quietly slide into being a part of every day life, even after the pandemic is over. 

“If these systems turn out to not be effective in helping to flatten the curve, then we also want a commitment to shut them down,” Mr Kahn Gillmor says. 

Copyright The Financial Times Limited 2020

2020 The Financial Times Ltd. All rights reserved. Please do not copy and paste FT articles and redistribute by email or post to the web.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.