What About Privacy?
Of course, developing a solution like this opens up a Pandora’s box of privacy concerns, and Apple is taking its usual meticulous steps to build the technology in such a way that even those who sign on for contact tracing won’t have to worry about giving up their privacy.
In fact, Apple has published a page titled Privacy-Preserving Contact Tracing where it offers up some draft technical documentation explaining how its all going to work, and specifically outlining the steps it will be taking to protect user privacy:
- The Contact Tracing Bluetooth Specification does not require the user’s location; any use of location is completely optional to the schema. In any case, the user must provide their explicit consent in order for their location to be optionally used.
- Rolling Proximity Identifiers change on average every 15 minutes, making it unlikely that user location can be tracked via Bluetooth over time.
- Proximity identifiers obtained from other devices are processed exclusively on device.
- Users decide whether to contribute to contact tracing.
- If diagnosed with COVID-19, users consent to sharing Diagnosis Keys with the server.
- Users have transparency into their participation in contact tracing.
In other words, in addition to having to opt in to participate in contact tracing in the first place, all data on who you’ve come into contact with remains stored on your device as a form of random device IDs that are entirely meaningless to anybody but the systems being run by Apple and Google. Further, even if you are diagnosed with COVID-19, you have to explicitly consent to sharing that fact — the reporting isn’t automatic.
However, Apple makes it clear that no GPS data is used, as there’s no real need for contact tracing to know where you are to figure out who you’ve come into contact with. In this case, it simply picks up the signals of nearby phones are regular intervals, storing a somewhat anonymized list of them in a database.