Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast_Blog_ViewPoints: Should you trust the Apple/Google contact-tracing app?
#1
Lightbulb 
Quote:
[Image: TVDumYE.png]

The tech giants are partnering on a tool for public good, but critics worry it will ultimately get used for predatory surveillance

If the devastating health and economic ramifications weren’t enough, individual privacy is also in the throes of being profoundly and permanently disrupted by the coronavirus pandemic.

Apple and Google are partnering up to bring technology to bear on COVID-19 contact tracing efforts. The tech giants are laudably putting aside any competitive urgings to co-develop a solution that combines mobile operating system, Bluetooth and GPS technologies to help us all get past the burgeoning health crisis. 

However, in an apparent effort to live down Google’s abjectly poor track record respecting consumer privacy, the Apple-Google partnership is treading lightly to avoid anything that might hint at an undue invasion of individual privacy. In doing so, their proposed solution has a number of glaring technical and privacy-protection shortcomings, according to several technologists I spoke with.  In fact, the Apple-Google project has exacerbated a privacy controversy that flared up in Europe in the early stages, one that has more recently been picking up steam in the U.S., as well. Here’s how technologists and privacy experts see things stacking up:

Bluetooth-based tracing

Infected persons will be able to use their iPhones or Android devices to make their status known to a central server, which then correlates an anonymized identifier of the infected person to anonymized IDs of non-infected persons who happen to be in close proximity. The server then alerts the non-infected persons to self-immunize.

“It is a ‘mostly de-centralized’ approach, where most of the data never leaves the user’s device, in order to protect the user’s privacy as much as possible,” says Alban Diquet, the head of engineering at Data Theorem, a supplier of application security solutions. “The only data the server gets is a privacy-preserving ‘Bluetooth ID’ of the users who agrees to share their Bluetooth ID with the server. And the data is deleted after 14 days.”

“The core idea is pretty simple,” says Ambuj Kumar, CEO of  Fortanix, a supplier of advanced encryption systems. “All smartphones are constantly transmitting their identities using Bluetooth. Each Bluetooth ID is represented by a set of random numbers, and there is no easy way to reverse map the Bluetooth IDs back to specific phone users. And each phone keeps a log of all of the Bluetooth IDs of phones that come within its range.”

“When a person gets sick, they can choose to reveal that information via their phone identity,” Kumar says. “Viola! That phone identity checks in and Bluetooth communication is used to send alerts to anyone who came into close proximity of the infected person.”

Third-party app designs

The Apple-Google project is proceeding on two tracks. First, the Apple-Google team released an API to the development community and invited any and all software developers to design contract-tracing apps leveraging Bluetooth IDs. Meanwhile, the Apple-Google team is focusing on designing systems that will be needed to embed a variety of contact-tracing apps into Apple’s iOS and Google’s Android platforms. Presumably this will get done for all of the models in wide use, not just the latest models.

Chloé Messdaghi, vice president at Point3 Security, a supplier of workforce training systems, notes that third party developers can include local government agencies, as well as for-profit software developers.

“Apple-Google is trying to help the pandemic by creating a solution that brings better transparency and the development community together at this time,” Messdaghi observes. “But I’m not the biggest fan of third parties creating the app. In general, many companies and government agencies do not have great security. We are also trusting they will not store the data themselves and/or sell the data.”

Furthermore, technology and privacy experts say it’s not a sure thing that iPhone and Android users will even trust the Apple-Google solution. Some might be all too familiar with Google’s long standing campaign to collect and monetize health data. Google, for instance, got sanctioned by the UK’s Information Commissioner’s Office (ICO) after the search giant scooped up records for 1.6 million patients of London’s Royal Free hospital. This too appeared to be for a good cause – it was part of creating a Google healthcare app, called Streams, designed to assist persons recovering from acute kidney injuries. However, the ICO ruled that Google continued deploying the app, even after patient data was transferred. 

Caitlin Gruenberg, a privacy and cybersecurity analyst at CyberGRX, which supplies risk assessment tools, told me she believes a lot of folks might be hesitant to voluntarily use the Apple-Google contact tracing app. “Unless the population is properly educated about this solution and the app is executed properly, the general population may be hesitant to opt in,” Gruenberg says. 

Even if a public awareness campaign is carried out effectively, Gruenberg wonders about limitations of the app, as described thus far. “Once all of the privacy concerns have been properly addressed and security controls implemented, I wonder if the data the app collects will be enough?” she ponders. “Or will the solution require more detailed personal data to be effective?”
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54
GFYI [Official] EaseUS Data Recovery Wi...
I utilize EaseUS Par...zevish — 08:10

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>