The French government has asked Apple to relax a Bluetooth privacy standard that is hampering the development of a mobile application being designed to track the spread of COVID-19. The government is building an app due to be deployed by May 11, according to Bloomberg. However, there are delays due to one of the inbuilt features designed to protect Bluetooth that stops the communications protocol from constantly running in the background when data is being transferred from an iPhone.
"The French government has asked Apple to relax a Bluetooth privacy standard that is hampering the development of a mobile application being designed to track the spread of COVID-19."https://t.co/iTarkQOOUY
— Dennis C. Dietrich (@denniscdietrich) April 21, 2020
No one could disagree with the aim of the app proposed by french government: to limit the virus spread by determining contact and alerting people who have potentially come into contact with an individual who has tested positive. However, the contention with this app, and many others like it that have been proposed by governments around the world, is whether they sacrifice the privacy and security of individuals. The conflict between France and Apple in this case is over the privacy protecting protocol the application will use, and whether the French government goes far enough to protect the identity of individuals who have been notified about being in close contact with someone who is COVID-19 positive.
This case raises many of the key considerations that need to be made as these applications are hastily developed and deployed by governments: will these applications have time restrictions on how long the application is in use? Are governments being transparent enough on what data is being collected and the goal of collecting that data? What is the right of deletion – i.e. can the data be revoked once it is given?
Technology has an incredibly important role to play in resolving this crisis, but it is important that in trying to solve a public health emergency we don’t make sacrifices on public privacy and security that cannot be taken back. Moreover, from the government’s perspective, if they want these applications to be effective they will need to buy in from a large proportion of the public. So it is in their interest to do everything they can to assure the public of their privacy to encourage adoption and acceptance of these applications
I doubt Apple will grant France\’s request given that it\’s already working on a contact tracing solution in partnership with Google. Apple has a history of not giving into government demands to weaken security. I don\’t think the French government has any ulterior motives, but removing the restriction on background data transfer via Bluetooth could open iOS users up to other attacks, or authorities could surreptitiously use it for surveillance after the pandemic comes to an end.
Interestingly, however, it seems Android does not have the same policy by default. Bluetooth data transfers can take place in the background on an Android device (or there is at least a workaround).
Google and Apple\’s contact tracing system allows users to be anonymous. While this is better for privacy and can be effective for tracing COVID-19, it makes it more difficult to verify confirmed diagnoses because identifying user data is not recorded and stored. That makes it more vulnerable to abuse and false positives, which can skew the data.