This article is part of Privacy in the Pandemic, a Future Tense series.
In debates over digital privacy, American tech companies are often branded as the villains, with European policymakers cast in the role of savior. Big Tech is out to steal your privacy, but European governments are stepping in to protect it. Or so the narrative goes.
But the new exposure notification system released by Google and Apple on Wednesday has turned these roles on their head, albeit in ways that at least some public health authorities say will make their job more difficult. It stands as a clear warning against type casting in this debate.
In Europe, countries like France and the United Kingdom are pushing for aggressive digital contact tracing efforts that involve government collection of broad new caches of location data. They’d store user data in new, government-run centralized databases in order to give public health officials the ability to monitor and warn residents in support of better “test, trace, and isolate” policies.
But Apple and Google have refused to cooperate, despite pressure to do so. As Matthew Green described in Future Tense, they have designed a system that will work only with contract tracing apps that employ a decentralized model for data storage—meaning that data is held on individual phones, rather than in a centralized database. Your phone will know who you crossed paths with in the park, but Google and Apple won’t. This system won’t work with apps that log location information or reveal the identity of those who tested positive. Apple and Google have made assurances that compatible apps will delete data after it’s no longer needed, and they’ve issued technical white papers so that experts can review the design specifications.
The Apple and Google initiative responds to a widespread push to use digital contact tracing to support the fight against the virus. But what looks good on a whiteboard in a product planning meeting may look very different once it’s being used by hundreds of millions of people. With respect to digital contract tracing, success depends on at least four factors—four factors that suggest the Apple and Google system is not likely to be particularly effective in meeting the stated public health goals.
First, people must use the apps. Apple and Google have repeatedly emphasized that the use of their contract tracing systems will be opt-in only, meaning that they won’t be used unless people download compatible apps and them on. That is also true for a range of separate apps that don’t depend on the Google and Apple system. But in Singapore, only about 20 percent of people are using the country’s Trace Together app, which means that there’s only a 4 percent chance that two people who are exposed to each other will both have the app. Even usage in Iceland, which is the highest in the world, is only at 39 percent, a far cry from the 60 percent that many experts say is required to make the apps sufficiently useful. In the U.S., surveys suggest that most, people won’t opt-in.
Second, the technology must be accurate, meaning that it correctly identifies people who have been within a certain proximity of each other for a certain period of time. But Bluetooth—the technology of choice—can read signals through walls and closed windows. It won’t be able to distinguish between those who shared a meal and those stuck in cars next to each other in a traffic jam with their windows rolled up for that same amount of time. As a result, there will be people who are notified even though they haven’t been exposed (false positives) and people who have been exposed but aren’t notified (false negatives). In a country as large as the United States, that means millions of errors, even if there’s an incredibly small error rate.
Third, people who receive an alert must be able and willing to test and isolate. That means we need enough tests at sufficiently low cost so that people who receive an alert can get tested—something we do not yet have. And if people ignore notifications, the apps will have a limited effect. In other words, the apps only work as one part in a larger containment strategy.
Fourth, the health benefits should outweigh any collateral costs in terms of privacy and security. Decentralized systems that track proximity rather than location data—like those supported by Google and Apple—minimize the risk. But no matter how well designed, they are not risk-free. As Google and Apple build the possibility of perpetual Bluetooth signaling into their latest operating systems, threy create at least the possibility that, even if small, the system could be remotely and surreptitiously activated. To minimize this final risk, Apple and Google should commit to updating their operating systems after the crisis to delete this newly created tracking capacity; other app providers should do the same.
Despite these challenges, the hype around contract tracking apps has been remarkable. And while the Apple and Google system may not do much, the companies should be applauded for resisting new systems of centralized surveillance—and for turning the classic United States versus Europe story on its head. Europeans as privacy protective and Americans as privacy violative has always been a simplistic caricature. The reality is much more complex. In fact, despite widespread characterizations to the contrary, the United States imposes many more protections with respect to government (as opposed to corporate) access to data than most other countries in the world.
Meanwhile, we shouldn’t place all our eggs in the digital contract tracing basket, which has proven to be far less effective than one would hope. We should couple any digital effort with increased funding and support for human contact tracing. We should expand New York’s efforts to send EMTs into public housing units to do door-to-door screening and health education. Most importantly, we need to focus efforts on developing and disseminating low-cost and fast-report tests-rather than being distracting by the mythical contact tracing knight in shining armor.