Private companies offer COVID-19-tracking tools to governments.
Apple and Google have released a developer-focused version of their COVID-19 contact-tracing API, TechCrunch reports. Those who currently have access to the API are app developers working for public health authorities around the world, and the two companies plan to release a public version in mid-May.
The system will be opt-in and decentralized, although some observers doubt it will achieve a high enough level of participation to make a difference in slowing the spread of the virus. The Washington Post reports that nearly three in five Americans say they wouldn't use the system being rolled out by Apple and Google. One in six Americans don't own a smartphone, and fifty percent of those who do say they would decline to use such an app, largely due to privacy concerns and mistrust of Big Tech. TechCrunch observes that Apple and Google have shifted their terminology to better describe the system's functionality, and now call the framework an "exposure notification" system as opposed to a "contact tracing" tool.
Meanwhile, Threatpost reports that the Electronic Frontier Foundation (EFF) has expressed concerns that Apple and Google's exposure notification system suffers from potential flaws and vulnerabilities. The EFF warns that there’s no reliable way of ensuring that the devices sending proximity warnings are in fact the devices they’re supposed to be, and that trolling can’t be ruled out. The EFF uses the example of "a network of Bluetooth beacons set up on busy street corners that rebroadcast all the RPIDs they observe." The organization also questions the effectiveness of the system, noting that Bluetooth wasn't designed to detect if "two humans are experiencing an epidemiologically relevant contact," and the technology might not be able to distinguish between two people kissing and two people sitting in traffic with their car windows rolled up.
Reuters reports that at least eight surveillance and spyware companies are marketing their tools to governments for contact-tracking and quarantine enforcement. Four of these companies said they're rolling out their products in "more than a dozen countries in Latin America, Europe and Asia," and Israel is seeking the help of NSO Group. These tools use various location tracking methods, but they come with the same concerns about precision as Apple and Google's Bluetooth-based system. Government-deployed surveillance tools could obviously see a much higher level of participation than an opt-in system, but such tools come with clear privacy downsides and greater potential for long-term misuse.
Read more in the CyberWire Pro Privacy Briefing.