To get a sense for how the Apple-Google exposure notification system works, it is useful to consider a hypothetical system involving raffle tickets instead of Bluetooth beacons. Imagine you were given a roll of two-part raffle tickets to carry around with you wherever you go. Each ticket has two copies of a randomly-generated 128-digit number (with no relationship to your identity, your location, or any other ticket; there is no central record of ticket numbers). As you go about your normal life, if you happen to come within six feet of another person, you exchange a raffle ticket, keeping both the ticket they gave you and the copy of the one you gave them. You do this regularly and keep all the tickets you’ve exchanged for the most recent two weeks.
If you get infected with the virus, you notify the public health authority and share only the copies of the tickets you’ve given out—the public health officials never see the raffle tickets you’ve received. Each night, on every TV and radio station, a public health official reads the numbers of the raffle tickets it has collected from infected patients (it is a very long broadcast). Everyone listening to the broadcast checks the tickets they’ve received in the last two weeks to see if they’ve “won”. Upon confirming a match, an individual has the choice of doing nothing or seeking out a diagnostic test. If they test positive, then the copies of the tickets they’ve given out are announced in the broadcast the next night. The more people who collect and hand out raffle tickets everywhere they go, and the more people who voluntarily announce themselves after hearing a match in the broadcast, the better the system works for tracking, tracing, and isolating the virus.
Alec Stapp & Eli Dourado
Nice analogy for explaining how the exposure notification system jointly developed by Apple and Google is supposed to work. It also highlights its most glaring flaw, something I had overlooked in my previous article on the subject: for an automated system, it relies too much on manual input from end users, first to seek out a doctor for testing, then to release positive results into the decentralized network. What happens if people fail to check in for testing, or delay the test because it is too expensive or the procedure too complicated? What happens if they forget to share the result in the app, or they fall ill before they get the chance? If nobody else can access the data stored on the phone and the users neglects to share it, then the information is lost and the system utterly ineffective.
Another issue I identified last time is, unfortunately, already in full display: even based on a common base, variations between countries make it hard to create interoperable systems. In the absence of clear leadership, the same problem affects the United States, with individual states launching different, sometimes incompatible contract tracing apps.
With the Apple and Google approach,
Reed Albergotti & Drew HarwellWe’ve overcompensated for privacy and still created other risks and not solved the problem, said Ashkan Soltani, the former chief technologist of the Federal Trade Commission.I’d personally be more comfortable if it were a health agency that I trusted and there were legal protections in place over the use of the data and I knew it was operated by a dedicated security team.
I find myself agreeing more and more with this statement. I think a centralized system would be more effective: collect both contact and location data, upload it regularly to a server, to be analyzed for patterns and identify places and people with high risk. Medical professionals would update this database with newly identified cases, for a faster response time, and reach out to suspected infections directly. To ensure popular trust, the system should be developed with maximum transparency, preferably open-source, audited by multiple independent security teams, and with strict controls around data retention (deleting all collected data older than 21 days for example).
I get the sense that, with all the recent privacy scandals, tech companies and government officials are overly cautious precisely at a time when data collection would help us through the crisis. Let’s be frank: both Apple and Google constantly collect location data on our smartphones for ‘diagnostic purposes’ without any form of user consent. Somehow this is trivial when done in their commercial interest, but for a public cause it suddenly becomes extremely problematic and they remember their commitment to ‘privacy’. This situation reminds me of the constant frictions between Apple and the US government about encryption: the two tech companies controlling the majority of smartphone operating systems have decided the policy around contact tracing without any input from democratically elected governments – as a long term trend it worries me almost as much as the rise of authoritarian societies.
Post a Comment