ACLU warns that Apple COVID-19 contact tracing encroaches on civil liberties
The American Civil Liberties Union has raised concerns over the Bluetooth-based contact tracing tool that Apple and Google are collaborating on, citing that the move could invade user's privacy-- if it even works at all.
The American Civil Liberties Union (ACLU), has released a statement on the joint COVID-19 contact-tracing collaboration between Apple and Google. In the report, they outline concerns about the efficacy and practicality of such technology, as well as how tracking apps could be used to identify those who use them personally.
Their main concern is that of adoption. Experts say that 60% of people would need to adopt the technology for it to be effective. Many people, though, may not trust a device that aims to track everywhere they go, especially if the data were easily able to be traced back to them.
The ACLU proposes rather than store information on a server, the data should be stored locally on a user's phone. Additionally, they worry that Bluetooth tracking may not be accurate enough to deem what is an epidemiologically relevant contact.
Google and Apple are jointly assuring potential users that the list of people a user comes into contact with is only stored locally on a device and isn't shared unless they opt to share it, such as after a positive diagnosis. The actual identities of people who test positive for COVID-19 aren't revealed to Apple, Google, or other users, and the companies can disable the system on a regional basis when it is no longer needed.
The ACLU has proposed a list of technology principles that users, policymakers, and developers can judge contract tracing apps. The ACLU's core tenets propose that a user must have control over their data, demand the ongoing protection of a user's privacy, and require the apps to obtain a user's consent at multiple stages. They also make it clear that the app should never be used for punitive or law enforcement purposes under any circumstances at all.
Google and Apple assure users that the program has been built from the ground up to respect strong privacy policies. No location data or personally identifiable information is collected as part of the system, and each device's Bluetooth identifier will change periodically to prevent unwanted tracking.
When implemented, the technology will use a device's onboard Bluetooth hardware to keep tabs on who the owner comes into close proximity with. Specifically, Bluetooth identifiers are exchanged and saved locally. Under the current proposal, the Bluetooth identifiers provide 24 hours of linkable data, which the ACLU deems unacceptable, as users cannot choose to redact location information for certain times of the day.
The Google and Apple joint contract tracing partnership has been both praised and scrutinized by the Trump administration and the president himself, with him noting that the system is "amazing" but raises "big constitutional problems." Trump failed to specify what specific concerns exist about Apple and Google's system, however.
The American Civil Liberties Union (ACLU), has released a statement on the joint COVID-19 contact-tracing collaboration between Apple and Google. In the report, they outline concerns about the efficacy and practicality of such technology, as well as how tracking apps could be used to identify those who use them personally.
Their main concern is that of adoption. Experts say that 60% of people would need to adopt the technology for it to be effective. Many people, though, may not trust a device that aims to track everywhere they go, especially if the data were easily able to be traced back to them.
The ACLU proposes rather than store information on a server, the data should be stored locally on a user's phone. Additionally, they worry that Bluetooth tracking may not be accurate enough to deem what is an epidemiologically relevant contact.
Google and Apple are jointly assuring potential users that the list of people a user comes into contact with is only stored locally on a device and isn't shared unless they opt to share it, such as after a positive diagnosis. The actual identities of people who test positive for COVID-19 aren't revealed to Apple, Google, or other users, and the companies can disable the system on a regional basis when it is no longer needed.
The ACLU has proposed a list of technology principles that users, policymakers, and developers can judge contract tracing apps. The ACLU's core tenets propose that a user must have control over their data, demand the ongoing protection of a user's privacy, and require the apps to obtain a user's consent at multiple stages. They also make it clear that the app should never be used for punitive or law enforcement purposes under any circumstances at all.
Google and Apple assure users that the program has been built from the ground up to respect strong privacy policies. No location data or personally identifiable information is collected as part of the system, and each device's Bluetooth identifier will change periodically to prevent unwanted tracking.
When implemented, the technology will use a device's onboard Bluetooth hardware to keep tabs on who the owner comes into close proximity with. Specifically, Bluetooth identifiers are exchanged and saved locally. Under the current proposal, the Bluetooth identifiers provide 24 hours of linkable data, which the ACLU deems unacceptable, as users cannot choose to redact location information for certain times of the day.
The Google and Apple joint contract tracing partnership has been both praised and scrutinized by the Trump administration and the president himself, with him noting that the system is "amazing" but raises "big constitutional problems." Trump failed to specify what specific concerns exist about Apple and Google's system, however.
Comments
"Under the current proposal, the Bluetooth identifiers provide 24 hours of linkable data, which the ACLU deems unacceptable, as users cannot choose to redact location information for certain times of the day." The ACLU truncated their thought process.
As another publication put it "users cannot review data prior to upload. This should, (the ACLU) believes, offer a second opportunity for app users to review the contacts and delete any that did not carry any exposure risk... it (also) says that it isn’t satisfied that the amount of data captured can’t be used to identify people.
...These latter two points are effectively impossible to implement, however. Users can’t review the contacts recorded because the whole point of using Bluetooth codes is that individuals cannot be identified. So a user would have no way of knowing which codes to redact. And you cannot reduce the data without compromising the ability to identify exposure.
It would technically be possible to allow a user to exclude false contacts. For example, there could be a toggle that allows us to say we are alone in a room or vehicle, even if there may be people the other side of a thin wall or outside our sealed car. However, the more you rely on people manually toggling things on or off, the less reliable the apps would become."
It’s precisely because the US founders experienced the pain of tyranny that they made things the way they did. They would be appalled at those who would willingly give liberty up, and they fought to the death for it.
You can't just say "I'm positive" and that's that. I'm guessing, you have to enter your test result (probably a test serial number) that is then verified against a database of test results kept by the lab that ran your test. Only if that comes back positive is the person prompted to allow their info to upload to a centralized server.
If you don’t fear the government... you should, and should question its every move. Today’s federal government is nothing like it was when the country was founded. Over the history of the U.S. the federal government has usurped more and more power from the states. Today it uses federal tax money as a weapon to keep the states under its thumb. So talking about what the founding fathers intended is meaningless as today’s U.S. would be unrecognizable to them.
Again, thankfully you’re not in charge of anything.
How is this a violation of privacy when you have to agree to it before anything happens? Most people give up their right to privacy ALL THE TIME. Most of the services on the Internet take that right away when you use them. People post every damned detail of their personal lives (and of their friends) on Facebook and you consider randomly generated, untraceable numbers being passed around as a violation of privacy!?!?
You know why people don't trust these things? Because organizations like ACLU release these ignorant statements.
1. The purpose is NOT to track everywhere you go. It clearly states... You have to opt-in. You have to be "close" to another person that opted-in. And you have to "hang around" for more than a passing moment; several minutes in fact. After all that criteria is met, the only data that is exchanged is a randomly generated number - a number that changes after a certain amount of time, which means you cannot track that number beyond that amount of time. And the only way to "track" that number is to get ahold of every device that saved that number. Which would be impossible to check, since that saved number is securely stored on each "contact" device.
2. The data is NOT easily traced back to someone. It's a randomly generated number that's securely stored on the device. The ONLY time it gets beyond the device is when someone tests positive and that person allows their numbers to be uploaded to a central database - and that's all that gets uploaded. There's no reason for any other data to be uploaded. It's just a database so that others can check if they've been in the proximity of someone who tested positive. And by the way, all the "contact" numbers that your device has saved, STAY on the device. That information is secured and not shared. No one knows who've come into contact with.
On the other hand, these same entities function in complete secret and we have no access to their agendas, uses of the data, or any way to force accountability of these entities.
There really is a good reason to be able to contact trace during an epidemic. It's the only solution to surgically stop the transmission of this disease, rather than closing down the entire economy causing the massive damage we are experiencing.
The solution to the privacy conundrum is to ensure all entities live in glass houses.
I don't need or want to know which hand the politicians and CEO's wipe their asses with, but I want to know everything else.
“They also make it clear that the app should never be used for punitive or law enforcement purposes under any circumstances at all.”
My understanding is that’s how the framework is designed.
But, it should definitely be made clear when you install the app what data is available and to whom. There should also be an easy toggle to turn off the tracking, to encourage user adoption.