REPORT AN INCIDENT
Collaboration of the arch rivals
I recently spent some time reviewing the detail behind Apple and Google docs on the new contact tracing protocol and APIs they are both preparing.
Firstly it’s good (and very surprising) to see this partnership happen, especially between arch rivals like Apple and Google. It is obvious everyone is working together to try and solve one of the world’s most serious problems which is… How do we open up our societies again after lockdown?
Until a safe vaccine becomes available − which is 9 to 18 months away − we need 3 initiatives to return more quickly to a normal life and keep the spread of the virus under control. They are:
The partnership between Google and Apple is addressing the Contact Tracing point.
How it works (simplified):
Your phone sends a random message every few minutes over Bluetooth. This random message is completely anonymised and doesn’t contain any personal data about you or your phone activity, not even your location data.
It’s great to see this privacy first approach to the problem, unlike some other governments and countries who have been using location data, continuous tracking and cell towers to identify cases.
Let’s take a closer look at some of the security and privacy risks and how they are being mitigated:
Some concerns I can see from what I’ve read so far:
This is a new program, and both Apple and Google so far have been approaching it well. They are talking to public health authorities and other stakeholders. This could be a significant game changer for all countries, given that over a billion people use Apple or Google devices already.
ACLU provided some feedback:
“To their credit, Apple and Google have announced an approach that appears to mitigate the worst privacy and centralization risks, but there is still room for improvement. We will remain vigilant moving forward to make sure any contact tracing app remains voluntary and decentralized, and used only for public health purposes and only for the duration of this pandemic.”
Personally, I think this is an extremely critical initiative. We need this to get back to some form of normality until the vaccine (in addition to testing and self-isolation). To get over some of the privacy concerns out there, I would recommend Google and Apple involve independent privacy and cybersecurity experts in the overarching steering committee and working group to support the strategy now and after the pandemic.
This looks secure and private at the foundation level, but the key concern is how it will be used following this pandemic — given how much investment will have been put into the infrastructure and program… it’s difficult to see them just stop using it completely.
Only time will tell…
Challenges we solve
Services for Splunk
© 2021 AXON Technologies