Getty
When Apple and Google updated their operating systems to include an Exposure Notification API, they demanded a privacy approach first for any government that wanted to access the framework. Those who don’t comply can use basic technology on phones, but it’s fraught with technical challenges. If you are a virologist or epidemiologist arguing that you need data to combat the spread of the infection within your country, you are out of luck. Apple and Google have said no.
Australia has now rejected the Apple and Google framework built into the latest versions of Android and iOS, and decided to keep its COVIDSafe app separate. The reason is simple, the Apple / Google model “fundamentally changes the place of control and eliminates the middle person,” complains Australian Deputy Chief Medical Officer Nick Coatsworth. That middle person is critical: He is the manual contact tracker, the expert, “the people who have kept us safe,” as Coatsworth says.
COVIDSafe has technical challenges given its lack of access to the technology that Google and Apple control. But the government has judged this to be better than the data commitments involved in following the line of the American giants. That is a powerful statement. The population is inevitably less secure given the confrontation.
France has always insisted on a sovereign contact tracking app, rejecting the Apple and Google alternative. She claims to have made the technology work, despite the decision to go it alone. Unfortunately, just as France has rejected Apple and Google, the French population has rejected the application. Deployment is always a challenge for applications that need an installation base the size of WhatsApp to be effective. But in France, adoption is regrettable and, what is worse, many of those who to have installed the app is now removing it.
Earlier this month, the UK government made headlines when it appeared to be ditching its own digital contact tracking app for the Apple / Google alternative. But that is not what happened at all. The UK has rejected the first privacy approach mandated by the US tech giants. It wants a more expansive Australia-style system. But with restrictions from Apple and Google you can’t make this work. And, therefore, you have essentially prioritized your tracking application in favor of manual alternatives.
A much more noticeable rejection from Apple / Google has come from Singapore. Recall that it was Singapore that started tracking privacy-friendly Bluetooth contacts in the first place. His Trace Together scheme came first and was the first to find the limitations of such schemes: lack of acceptance and compliance, and more critically a lack of data for virologists and epidemiologists to work to combat the virus.
Even compliant Singapore was unable to get it working. And therefore, the city state has now expanded its program to be much more invasive than it was before, a far cry from the anonymous, outstretched, anonymous, and arms-length approach demanded by Apple and Google.
First came SafeEntry, a registration scheme for Singapore citizens to provide their identification when visiting places including workplaces, schools, outlets, hotels, and even health centers. There are penalties for companies that do not comply with the plan. It is a complete rejection of anonymized digital scanning as an effective means by which coronavirus infections can be contained.
Now Singapore has gone one step further, adding Bluetooth tokens to its Trace Together scheme. These are designed to fill the gap in adoption, where citizens do not have capable smartphones, especially the elderly and the vulnerable. The government ensures that the data captured by the devices will be encrypted and saved for only 25 days, that the tokens cannot record GPS locations or transmit data. But it is a government-issued device outside of the Apple / Google privacy framework.
You can see where this is going. It is another initiative that has been introduced in the real world, but that is far from the fantasy world where 80% of smartphone owners install and comply with a decentralized application that does not provide health authorities with any context or data from modeled, and which excludes any form of monitoring or compliance.
Ironically, the Trace Together tiles sound more dystopian than they really are. They carry no more privacy threats than smartphone apps. But they are highly symbolic of a real-world deployment of digital contact tracking where lessons have been learned and technology has been adapted. And ultimately, the real failure of the Apple / Google mandate is that there is no room for debate, rules have been set, and governments have lost the space to maneuver as they see fit.
It would not have been difficult to create a centralized cloud-based framework that would allow data collection and modeling, that would provide the ability for some levels of monitoring and even some forms of enforcement if necessary. This could have been open source, outside the scope of those regimes whose surveillance aspirations pushed the decentralized model of privacy first.
That has not happened. I live in the UK, where the first wave of coronavirus caused chaos. The digital contact tracking application was seen as a significant security measure to help the country return to its new normal safely. Now those plans are in tatters, so the country is coming out of its blockade without any established security measures. Apple and Google may have safeguarded the world’s population from the purely theoretical risk of a COVID-19 surveillance nightmare, but at what cost?
.
