Site icon IT World Canada

B.C. health officer cool on COVID tracing apps as Google and Apple release their API

Image source: Pexels

Google and Apple have released their API to help public health authorities design what is now being called a COVID-19 exposure notification app to help manual contact tracing.

The Google/Apple effort is one of several actions to leverage Bluetooth-enabled smartphone apps to help notify people that they have been in contact with someone who has tested positive for the disease. It has received a lot of attention because of its decentralized approach to storing data on mobile devices rather than other methods — like Alberta’s — which upload data to a central server so public health authorities can personally call and advise potential coronavirus victims. The Google/Apple concept is that app users who test positive would allow their apps to send a warning to other app owners that had recently been nearby that they should seek medical advice, but no health authority or government would know who those nearby people were.

A number of privacy experts are urging governments to either put the brakes or abandon these apps. However, work goes on in some jurisdictions. The U. S. state of Rhode Island, for example, launched its app on Tuesday.

However, there have been several developments this week that may slow the work:

Shortly after the centralized app was released, the U.K. began funding work on a decentralized app using the Google/Apple API.

Related:

 

Meanwhile, in an apparent effort to ease concern in the U.K. that personally-identifiable data collected by its app will end up in the hand of the government, the Ministry of Defence issued a statement saying one of its specialized units will “receive and review the data, removing any information which may inadvertently identify users, ensuring that only symptom and demographic data is included. The data will then be checked for any security issues, with any incorrect or duplicate data also being erased.” Only then will the remaining data will used by the National Health Service for research.

All this is going on as Ottawa, the provinces and the territories review a dozen proposed apps as part of a larger contact tracing strategy.

When Google and Apple first announced their partnership to create an interoperable API for their platforms, it was called technology to enable contact tracing. Now they use the phrase “exposure notification.”

Until now, beta versions of the API have been quietly available to select countries. What was released Wednesday was the first version that developers can work on.

“What we’ve built is not an app,” the two tech giants said in a joint release, but an API public health can incorporate into their own apps for download. “Our technology is designed to make these apps work better. Each user gets to decide whether or not to opt-in to Exposure Notifications; the system does not collect or use location from the device; and if a person is diagnosed with COVID-19, it is up to them whether or not to report that in the public health app. User adoption is key to success and we believe that these strong privacy protections are also the best way to encourage use of these apps.”

The technology “will enable apps created by public health agencies to work more accurately, reliably and effectively across both Android phones and iPhones.”

Briefly, the apps are aimed at taking advantage of the fact that most people carry smartphones, which can use short-range Bluetooth for issuing and capturing signals. Apps — whether centralized or decentralized — create random encrypted IDs that can be captured when people are close to each other over a specified period of time (in Alberta’s app its 15 minutes over a total of 24 hours, meaning one person beside another for 15 minutes, or, say, several five-minute encounters totalling 15 minutes). In a sense, this mimics the potential of a COVID-19 carrier to spread the virus to someone close by. The devices keep a list of those nearby encrypted IDs. Depending on the app, if a person tests positive for the virus and if they want that list can be uploaded to a health authority, which would have the ability to decrypt the IDs and contact those people for further advice or a warning would go directly to the apps of those on the list.

Last week the Electronic Frontier Foundation added its voice to those insisting that governments only approve decentralized apps after analyzing the pros and cons of both approaches.

The creation and use of COVID-19 apps have raised a wide range of issues. Generally, in Canada and the U.S., voices are loud that government-endorsed apps to help public health bodies must be voluntary and collect a minimum amount of data. Some demand that data be erased when the pandemic ends, although others want health authorities to have access to data for research purposes.

However, some privacy experts fear employers may demand staff to use an app, or they can’t return to the workplace. In some cases, that might cost people their jobs. There are two COVID apps before the U.S. Senate now. This blog notes one of them has an exclusion for employers.

Exit mobile version