The joint initiative between Google and Apple to combat COVID-19 by contact tracing “raises serious concerns” over privacy, outspoken Silicon Valley critic Senator Josh Hawley said Tuesday.
“The possible implications this project could have for privacy are alarming,” the Missouri Republican said in a letter to Google CEO Sundar Pichai and Apple CEO Tim Cook. “Your materials state that the data necessary for this project will be anonymized. But anonymity in data is notoriously unstable.” He is urging both executives to personally promise to keep users' data private.
“Make a commitment that you and other executives will be personally liable if you stop protecting privacy, such as by granting advertising companies access to the interface once the pandemic is over,” he writes. “Do not hide behind a corporate shield like so many privacy offenders have before.”
Hawley is responding to news that Google and Apple will revise their smartphone operating systems to enable contact tracing.
The new operating systems will use Bluetooth to determine when smartphone users have come into close physical proximity to others who later tested positive for COVID-19. The contact-tracing function will only operate if the smartphone users have also downloaded certain public health apps.
The companies have said the system is voluntary, and doesn't collect data from users -- although users who test positive reportedly will be able to upload information to the cloud.
The technology is viewed as relatively privacy-friendly, but not foolproof, according to Wired.
“Bluetooth-based Covid-19 contact-tracing schemes are designed to upload no data from most users, and only anonymous data from people who are infected,” the magazine writes. “But it still uploads some data from users who report themselves as positive. That raises the question of whether the upload can truly be anonymous, given how hard it is to move any data across the internet without someone learning where it came from.”
Hawley says in his letter to the companies that privacy glitches could occur if the Bluetooth data is paired with other geolocation data.
“Combining the data from this project with GPS data (or other data, such as Wi-Fi positioning), could greatly erode privacy by making precise surveillance much easier,” he writes.
He adds: “Americans are right to be skeptical of this project. Even if this project were to prove helpful for the current crisis, how can Americans be sure that you will not change the interface after the pandemic subsides?”