Apple and Google released a joint specification that allows both iPhones and Android devices to do contact tracing on a global scale. Even though “privacy, transparency, and consent are of utmost importance”, this is a game changing event that has grave consequences. We must stop Apple and Google in their tracks. Or else ditch our smartphones as they will truly become the Stasi agents in our pockets.

I haven’t felt comfortable with the idea of a contract tracing app to fight the corona pandemic in the first place. But with this announcement, Apple and Google take it to another level:

in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms. This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities.

Instead of an app, the technology is pushed down the stack into the operating system layer creating a Bluetooth-based contact tracing platform. This means the technology is available all the time, for all kinds of applications. Contact tracing is therefore no longer limited in time, or limited in use purely to trace and contain the spread of the COVID-19 virus. This means that two very important safeguards to protect our privacy are thrown out of the window.

Privacy is ‘protected’ using a so called decentralised approach. There is no central server collecting which devices have been in close contact to each other. Instead, each phone over time collects the (ephemeral) identifiers of all other phones (whether an iPhone or an Android) in its vicinity. When a user turns out to be infected by the corona virus, the phone (using the contact tracing app) only publishes its own identifier, so all other phones can locally check that they have been in close contact with this device (using the local database of identifiers they saw recently).

However any decentralised scheme can be turned into a centralised scheme by forcing the phone to report to the authorities that it was at some point in time close to the phone of an infected person. In other words, certain governments or companies — using the decentralised framework developed by Apple and Google — can create an app that (without users being able to prevent this) report the fact that they have been close to a person of interest in the last few weeks. The platform itself may be decentralised. But the app developed on top of it breaks this protective shield and collects the contact information centrally regardless. This effectively turns our smartphones into a global mass surveillance tool. By pushing a button on one phone, by reporting it as infected, all other phones that were recently in close proximity reveal themselves to the central server (operated by the government or some shady company). How invasive this tool is does depend on some details. The current specifications allow phones to learn when and where they were in contact with another device. It is unclear whether the actual identity of that device is also revealed. (But note that this may even be irrelevant if phones respond in real time to any request to reveal themselves.)

Any illusion we had that we could somehow tame the Stasi agent in our pocket, by buying more expensive iPhones because Apple pledged to take our privacy seriously, or being mindful about the apps we do or do not install on our phones, is just that: an illusion.

Just consider what this decentralised contact tracing platform could be used for, especially when apps are developed that collect the contact information centrally as outlined above, and even more so when people are forced or incentivised to install such apps. Manufacturers could of course also pre-install such apps or functionality on some of the phones they sell.

  • The police could quickly see who has been close to a murder victim: simply report the victims phone as being ‘infected’.
  • Some might say this is not a bug but a feature, but the same mechanism could be used to find whistleblowers, or the sources of a journalist.
  • A company could install Bluetooth beacons equipped with this software at locations of interest (e.g. shopping malls). By reporting a particular beacon as ‘infected’ all phones (that have been lured into installing a loyalty app or that somehow have the SDK of the company embedded in some of the apps they use) will report that they were in the area.
  • If you have Google Home at home, Google could use this mechanism to identify all people that have visited your place.
  • Jealous partners could secretly install an app on the phone of their significant other, to allow them to monitor who they have been in contact with. Overzealous parents could use this spy on their children.

And I am sure people can come up with even better examples…

The technology will soon be there. The game changes because it is no longer a single app that we choose to install: it’s a technology embedded in all future smartphones. We cannot rely on mere trust, hoping that Google, Apple and all these other app developers out there will not abuse this technology for nefarious purposes. This must be stopped. There is no place for such invasive tracking technology in our society. This is not a short-lived, targeted application of tracking technology, solely used to combat the COVID-19 pandemic. If this is the medicine, I think it is worse than the disease.

In the mean time: don’t update the operating system of your phone. Or be ready to ditch your smartphone and get yourself a dumbphone.