The American Civil Liberties Union said Friday it is cautiously encouraged by a commitment to privacy by Apple and Google as they develop Bluetooth-based contact-tracing technology to track the spread of COVID-19.
But the civil liberties group says the two tech giants must resolve “certain important privacy-related questions” key to winning trust from a public growing wary about who sees their data.
Jennifer Stisa Granick, the ACLU’s surveillance and cybersecurity counsel, said the system will not be effective unless it is widespread, free and stores data on a person’s device rather than “a centralized repository.”
Privacy by design a must
Apple and Google say the program will be private and voluntary, with data shared only with public health officials. The technology will use Bluetooth to track users’ locations and their proximity to others. A user will have to agree to share if they test positive for COVID-19, but the name of the person will not be transmitted.
A user will have to opt in to share the data. If a match is found, a user would be notified that they were near someone infected with the virus.
In a news conference today, the ACLU outlined six “technology principles” that would prevent overreach or abuse. Cult of Mac was provided an advance copy of a white paper that outlines the principles written by Stisa Granick.
Privacy principles
“The Apple/Google proposal offers a strong start when measured against the (principles),” Stisa Granick wrote in a paper scheduled for release Friday afternoon. “The Apple-Google protocol aims to use Bluetooth technology to record one phone’s proximity to another…. Like location histories, however, proximity records can be highly revealing because they expose who we spend time with. To their credit, the developers have considered this a privacy problem.”
The principles include:
- Voluntariness and consent – The decision to use a tracking app should be voluntary and uncoerced. Use or reporting must not be a precondition for returning to work or school.
- Limited use of data – Data should not be used for purposes other than public health. The ACLU says data should not be used for “punitive or law enforcement purposes.”
- Minimization policies – Clear written guidelines that only necessary information should be collected. The data should not be shared with anyone outside of public health workers.
- Data destruction – Technology and public health officials must ensure data will be deleted when it is no longer needed.
- Transparency – Government must be transparent when it acquires data, and about the kind of data and how it is being used.
- “No mission creep” – Policies must ensure tracking stops once COVID-19 concerns subside.
Apple-Google COVID-19 contact tracing
Stisa Granick said Apple-Google protocol currently does not define what the program considers an “epidemiologically relevant” contact. She said the tool could collect more personal information than necessary. There also could be false alarms, since a Bluetooth signal can be picked up through windows or certain kinds of walls.
The user should also have control over when to share their data as a way to reduce false positives. The user may be well aware of coming into contact with someone with COVID-19 but may have done so while in a car or wearing protective gear.
Users also should be able to redact parts of their proximity logs that are sensitive and not relevant to the coronavirus.
