Apple, Google in a 'standoff' with Germany and France over contact tracing privacy

Posted:
in General Discussion edited April 2020
Apple and Google are currently at loggerheads with German and French officials over security technicalities in iOS and questions of how to store contact tracing data.

The Apple and Google contact tracing system will allow apps to run in the background on iOS. But to use it, developers must agree to a decentralized approach.
The Apple and Google contact tracing system will allow apps to run in the background on iOS. But to use it, developers must agree to a decentralized approach.


The two tech giants on April 10 announced a joint initiative to develop a cross-platform, system-level framework for contact tracing -- a method to track and possibly mitigate the spread of COVID-19. Similar techniques are being explored by nations across the globe, but several European countries are in disagreement with Apple and Google on how to go about it.

Tensions over contact tracing implementation escalated on Friday as Apple and Google shot down demands by France and Germany to back their national endeavors or ease the stringent privacy restrictions the two tech companies are building into their own, Reuters reported.

The standoff was sparked by two major factors. For one, Apple's iOS software has a security feature that bars apps that send data over Bluetooth from using the short-range communications protocol in the background. Without the ability to run in the background, contact tracing apps are severely hampered as users would be required to keep the apps open and their phones unlocked.

Earlier in April, French officials urged Apple to drop that restriction in iOS to allow its own contact tracing app to work properly.

The ability to use Bluetooth in the background to track whether a smartphone user has come into contact with someone who tests positively COVID-19 is one of the core features of Apple and Google's contact tracing system, which will be a framework that public health agencies can use to build their own apps. But Apple and Google are requiring developers to handle data in a decentralized manner, with no information leaving a user's device until they receive a positive COVID-19 diagnosis. Both companies seem unwilling to waver on those protocols.

"Those privacy principles are not going to change," said Gary Davis, Apple's global director of privacy. "They are fundamental privacy principles that are needed to make this work."

That's the other part of the standoff. France and Germany, along with the UK's National Health Service, have apparently opted for a centralized contact tracing solution with user data stored on a central server. Because of that, they won't be able to use the Apple and Google API, which brings those apps back to the issue of Bluetooth in the background. Without that key feature, there are serious doubts about the efficacy of digital contact tracing measures.

European authorities, for their part, are expressing frustration over the dustup. One French official said that EU states "are being completely held hostage by Google and Apple."

Apple and Google on Friday announced refined technical details about its contact tracing endeavor, which is actually on-track to launch early on April 28.
«13

Comments

  • Reply 1 of 52
    apple ][apple ][ Posts: 9,233member
    Haha, good for Apple and Google!

    "Those privacy principles are not going to change," said Gary Davis, Apple's global director of privacy. "They are fundamental privacy principles that are needed to make this work."

    It's good news that Apple is not going to budge a single millimeter for those EU countries. 

    Decentralized is the obvious way to go. 

    I'm glad that I'm not in one of those countries. Centralized, with everything stored on a central server sounds extremely suspicious, a violation of rights and I don't trust those countries one bit. Privacy and fundamental rights are more important than whatever latest schemes and dastardly plans certain EU countries decide to concoct.

    If they don't like it, then they don't have to use the API at all. Let 'em do without contact tracing. It'll be their problem.
    edited April 2020 agilealtitudelkruppchaickasvanstromJanNLjdb8167
  • Reply 2 of 52
    mcdavemcdave Posts: 1,919member
    COVID is the perfect strawman for full public surveillance.
    redraider11JanNLjdb8167
  • Reply 3 of 52
    cpsrocpsro Posts: 3,022member
    The EU doesn't have to use it!  And I sure wouldn't want to live under their proposed tracking system.
    chaickasvanstromPetrolDaveJanNLjdb8167
  • Reply 4 of 52
    I’ll take the least privacy comprising option, please (Apple’s).
    svanstromPetrolDave
  • Reply 5 of 52
    chadbagchadbag Posts: 1,735member
    Being held hostage.  That's funny coming from France. 
    JanNLboxcatcher
  • Reply 6 of 52
    chaickachaicka Posts: 254member
    Singapore has actually developed the app TraceTogether and released for weeks to its nation, open sourced it as BlueTrace protocol (https://bluetrace.io/) and released to the world to use. It has the same fundamental privacy as Apple and Google API where the data stays encrypted and stored on the device until a 2FA code issued by the Govt/Ministry of Health for user to enter which only then sends the data to the Govt. Australia has signaled their interest to use the BlueTrace protocol.

    Weird that on one hand EU has always pushed for stringent PDPA laws to protect privacy yet now contradict themselves to allow centralised storage of data without users’ permission.

    Honestly, I would prefer the BlueTrace and Apple+Google approach where until I give explicit permission to send the data on my device only when I become an infected person. If the app is going to become a massive public surveillance, people may just choose not to install. I know I won’t bother to install.
    svanstromPetrolDaveJanNL
  • Reply 7 of 52
    pujones1pujones1 Posts: 222member
    Got a question and anyone feel free to answer. If you have the app but I don’t and then you become positive and we have been in Bluetooth range of each other then your data and my identity both get sent to the government?
  • Reply 8 of 52
    mcdave said:
    COVID is the perfect strawman for full public surveillance.
    Turning out to be that way. People are giving into fear and actually believe something can be done to prevent this in the future. Also, people are mostly cowards and would rather sacrifice everyone else’s freedoms for some perceived security. These politicians have also forgotten that they are nothing but public servants. They are showing their true colors at the moment as nothing but power hungry tyrants. Of course Europeans are used to it and kind of expect to be ruled over since, what, the Middle Ages?
    edited April 2020 JanNL
  • Reply 9 of 52
    seanjseanj Posts: 298member
    chaicka said:

    Weird that on one hand EU has always pushed for stringent PDPA laws to protect privacy yet now contradict themselves to allow centralised storage of data without users’ permission.
    The EU bureaucracy pretends to care about its citizens but it's number one priority is protecting and promoting the plan for an EU superstate. Its ambitions wrecked the economies of Southern Europe by allowing them to join the euro, and it provoked the invasion of the Ukraine.

    The EU will undoubtedly use such centralised tracking resources to undermine and counter anti-EU political organisations in member states. Today's technology gives it the kind of survellience powers the KGB could only dream of.

    Thank goodness democracy prevailed in the UK and we managed to leave.
    PetrolDaveJanNL
  • Reply 10 of 52
    looplessloopless Posts: 262member
    seanj said:
    chaicka said:

    Weird that on one hand EU has always pushed for stringent PDPA laws to protect privacy yet now contradict themselves to allow centralised storage of data without users’ permission.
    The EU bureaucracy pretends to care about its citizens but it's number one priority is protecting and promoting the plan for an EU superstate. Its ambitions wrecked the economies of Southern Europe by allowing them to join the euro, and it provoked the invasion of the Ukraine.

    The EU will undoubtedly use such centralised tracking resources to undermine and counter anti-EU political organisations in member states. Today's technology gives it the kind of survellience powers the KGB could only dream of.

    Thank goodness democracy prevailed in the UK and we managed to leave.
    The same (imperfect) EU that has brought 75 years of peace and prosperity to Europe? Remember that WWII thing caused by a fractured Europe ?  The U.K. has comprehensively shot itself in the foot and damaged itself terribly economically for absurd  xenophobic reasons. Also to point out that  the U.K. has some of the most pervasive monitoring of its populace anywhere...it’s no beacon of privacy.
    bonobobavon b7dewmekudujoekewe
  • Reply 11 of 52
    rerollreroll Posts: 60member
    While I agree with Apple and Google’s approach don’t fool yourselves: if you are diagnosed as positive their protocol dictates to send your data to a centralized location. The centralized server then aggregates all the users data and send them back to the users participating in the program. While I believe we cannot do much better, it’s certainly not a fully decentralized solution. And I’m not quite sure why some countries do not want to follow this approach. I highly doubt the reason is one of the xenophobic conspiracy-like theories  I am reading on this forum, remember: never attribute to malice that which is adequately explained by stupidity.

  • Reply 12 of 52
    Given the appalling history of the U.K. NHS regarding security of their IT systems I will never install an app based on them having a central database for all people.

    Apple and Google should refuse to change their position.
    dewme
  • Reply 13 of 52
    apple ][apple ][ Posts: 9,233member
    loopless said:
    The same (imperfect) EU that has brought 75 years of peace and prosperity to Europe? Remember that WWII thing caused by a fractured Europe ?  The U.K. has comprehensively shot itself in the foot and damaged itself terribly economically for absurd  xenophobic reasons. Also to point out that  the U.K. has some of the most pervasive monitoring of its populace anywhere...it’s no beacon of privacy.
    I would disagree. The EU has not brought peace. The EU itself will lead to further conflict in the future.

    The USA has brought peace by having plenty of US troops and equipment stationed there ever since WWII. Russia would've walked all over the EU a long time ago if it wasn't for the protection of the US. The EU is incapable of protecting anything. The USA should pull everything out of Europe and let them fend for themselves, and we'll see how that works out. I'll grab the popcorn if and when that happens.

    And the UK has not shot themselves in the foot. They were real smart to leave the EU, and it's about time that they did. The UK will be just fine on its own together with its allies. The UK does not need the EU one bit. They are a disgusting bunch, just go watch some of those videos from the European parliament. Nigel Farage owns them all.
    JanNL
  • Reply 14 of 52
    BeatsBeats Posts: 3,073member
    Apple: "We're not sharing our customer's data."

    Goog: "We're not sharing our data."
  • Reply 15 of 52
    avon b7avon b7 Posts: 6,339member
    apple ][ said:
    loopless said:
    The same (imperfect) EU that has brought 75 years of peace and prosperity to Europe? Remember that WWII thing caused by a fractured Europe ?  The U.K. has comprehensively shot itself in the foot and damaged itself terribly economically for absurd  xenophobic reasons. Also to point out that  the U.K. has some of the most pervasive monitoring of its populace anywhere...it’s no beacon of privacy.
    I would disagree. The EU has not brought peace. The EU itself will lead to further conflict in the future.

    The USA has brought peace by having plenty of US troops and equipment stationed there ever since WWII. Russia would've walked all over the EU a long time ago if it wasn't for the protection of the US. The EU is incapable of protecting anything. The USA should pull everything out of Europe and let them fend for themselves, and we'll see how that works out. I'll grab the popcorn if and when that happens.

    And the UK has not shot themselves in the foot. They were real smart to leave the EU, and it's about time that they did. The UK will be just fine on its own together with its allies. The UK does not need the EU one bit. They are a disgusting bunch, just go watch some of those videos from the European parliament. Nigel Farage owns them all.
    This isn't really true. The U.S has always had a strategic interest in the EU. Without the various U.S military bases here, it would lose influence and that is what matters to the U.S government. Having Russia walking over the EU wouldn't do much for U.S influence. 

    If the U.S were to pull out of the EU, the EU would simply fill the holes. It would have no other option. However, if the U.S were to do that, it would find itself in a serious pickle. 

    75 years of peace has been through unification, not the U.S military presence. Integration and stability have brought prosperity to many nations and stability is one of the pillars of peace.

    There have been challenges and there will be more and the EU has a stated goal of becoming independent on many levels. Notably in technology and there have always been moves promoting the creation of an EU wide defence force. Something the U.S clearly doesn't want to see become reality. Just like it didn't want the euro to become reality. Just like it doesn't want Huawei to have influence anywhere. The U.S wants its strategic influence tentacles in every pie. 

    The U.K has a long track record of outsourcing sensitive data management to U.S companies and seeing things backfire. U.S foreign policy is backfiring across the globe as more and more nations push back. 

    I doubt the specific issues detailed in this article have anything to do with its technological independence drive but the EU's desire to be in full control is possibly why it already has its own plans for contact tracing. 
    dewmeGeorgeBMac
  • Reply 16 of 52
    I’m not sure I’d describe it as a “standoff”. Apple and Google don’t have to make this technology available, they are choosing to. It’s of little consequence to them if certain countries decide to not use it. 

    If France and Germany want a solution that allows them to build a centralised database, requires always-on Bluetooth scanning, and also requires that the device is permanently unlocked with their app running in the foreground, then they are free to create such a solution. 

    Good luck with that though. 
  • Reply 17 of 52
    There is an app now working in Austria on IOS and Android plattform, using a decentralized, local concept. Initiated from the Austrian Red Cross. Here you find a Report. https://noyb.eu/en/report-red-cross-corona-app-reviewed-noyb

  • Reply 18 of 52
    gatorguygatorguy Posts: 23,423member
    pujones1 said:
    Got a question and anyone feel free to answer. If you have the app but I don’t and then you become positive and we have been in Bluetooth range of each other then your data and my identity both get sent to the government?
    In France? It hasn't been finalized how it will work. There's a group of countries working together on it in the EU, but they each appear to want their own flavor and specifics. 
    https://techcrunch.com/2020/04/08/france-is-officially-working-on-stop-covid-contact-tracing-app/

    In the US? You're not identified and it's not sent to the government.
  • Reply 19 of 52
    FatmanFatman Posts: 513member
    No good deed goes unpunished. The EU is better off working with American companies. If you don’t like it, don’t use it, if you don’t use it, it won’t work, and people will die. Go ahead try and use your own government programmed crap technology on your Huawei telecom infrastructure ... and China will suck the life out of your economy. BTW - what is France up to these last few decades? besides whining and taxing everyone and every company in site.
    edited April 2020
  • Reply 20 of 52
    GeorgeBMacGeorgeBMac Posts: 11,421member
    Privacy and security is good.

    But the question here is:   How many people will you kill protecting your privacy?   How many others have to die for the sake of your privacy?     1?  10?   100?

    But, it's not just lives.   It's the economy stupid!   Without testing and contact tracing the only recourse is either to maintain social distancing or let the virus run rampant.  And, either of those two options will kill the economy.

    So, effective tracing and effective contact tracing will not only save lives but enable the economy to recover.

    So, F your privacy!

Sign In or Register to comment.