On April 10, Apple and Google announced a partnership on a COVID-19 contact tracing technology. Their engineering teams have grouped to create a decentralized contact tracing tool that will help individuals determine whether they have been near someone who has been diagnosed with COVID-19. Apple’s iOS and Google’s Android operating systems together have around three billion users, more than one-third of the world’s population.
The system will transmit an anonymous ID over Bluetooth which will be picked up by devices you come into close contact with. If someone is diagnosed with COVID-19, they will be able to submit the IDs they have picked up over the past 14 days. Public health apps will then be able to notify who they consider at risk of having been infected based on the time spent and distance between devices.
The first phase of the project (ready in May) is an API that public health authorities can integrate into their apps. The second phase (which will take several months) will be an integration of this technology into the iOS and Android operating systems, albeit on an opt-in basis. The second phase will allow the contact tracing tool to improve battery life, effectiveness, and privacy.
Health code systems in China
Last week we introduced the health code systems in China. In brief, several apps in China can determine how at-risk you are of having COVID-19 through a simple signup process, assigning you a green-, yellow-, or red-coloured QR code. The colours indicate whether you are free to enter public spaces such as malls, office buildings, and bars, or whether you should quarantine for seven or 14 days.
Where does this data come from? It remains unclear. Although officials do not disclose the details of the data used, it appears to be a combination of the user’s communications data, GPS positioning data, telecom provider data, and purchasing records, among others.
More perplexing is that multiple health code systems are concurrently operating in China, with some unlucky individuals reportedly having to use up to six health codes. Wang Peng, Researcher at the Renmin University Intelligent Society Governance Research Center, explains how we got here.
The General Office of the State Council, the administrative agency which assists leaders with the day-to-day administrative operations of the Chinese government, since around 2017 has required provinces and cities to manage their online services and prepare them for integration with each other. The effectiveness of their efforts is yet to be seen, though. Wang points out both technical-level and business architecture-level challenges to effectively sharing and integrating data.
Wang points to one more fundamental issue; local governments often go to private companies to help them carry out informatisation projects. Private companies find it difficult to integrate their data for the same reasons local governments do. They also want to protect their corporate intellectual property; this leaves many companies unwilling to cooperate unless forced to do so.
Together, these challenges explain how China has ended up with multiple health code systems. China’s next five-year plan, a series of social and economic development initiatives issued every five years since 1953, has emphasised the concept of “sharing”. We can expect that from 2021 onwards there will be a massive push in China to connect as many data systems as possible.
Decentralisation vs centralisation
This is why the “American Health Code” comparison is misleading. Apart from the fact that the two systems’ purposes are to track those who are at risk of having been infected with COVID-19, the technology behind the two systems could not be more different. They are a representation of the stark differences in personal data use in China and the West.
The two systems have their drawbacks too. Whereas the Chinese systems lack transparency of how exactly colours are assigned, the Apple-Google system has the hardware constraints of Bluetooth technology.
For the Apple-Google system, health authorities will also have to carefully choose at what proximity and after what duration they consider someone to be of high enough risk to be notified. Too sensitive, and the system could flag many people who were not actually infected, too lenient, and the system might fail to flag many infected people. Both situations could quickly see a loss in public confidence.
With voluntary participation, no location records, all matches made on your device, and randomized identifiers changing every 15 minutes, apps based on the Apple-Google system will know much less about you than most apps on your phone already do. Although security and privacy experts should continue to scrutinise the system as it develops, from what we already know the Apple-Google tracking system is an example of decentralised technology and distinct from the highly centralised system in China.