14 Apr, 2020
A German app developer has warned that the Covid-19 pandemic gives Silicon Valley tech giants perfect cover to suck up personal data. However, while the government may intervene, the tech firms aren’t known for listening.
Apple and Google unveiled an app last week that uses bluetooth connections to trace the spread of the Covid-19 coronavirus. Put simply, the app tracks whether a smartphone user has come in contact with another, infected, user. Similar apps rolled out in South Korea and Singapore have been credited with arresting the spread of the deadly pathogen.
In Europe, the rollout of such apps has been met with privacy concerns. “We do not think it is the best solution that Google and Apple own the server on which all the contacts plus the medical status of citizens around the world are uploaded,” Julian Teicke, a leader of Germany’s Healthy Together startup initiative, told Reuters on Tuesday.
“What we need is an independent party that allows governments some kind of control over what happens with this medical and contact data,” he added.
The data collected will not be stored on a physical server in a physical location, but in cloud storage, where the firms insist it will be scrubbed of all personal signifiers and deleted after 14 days. By contrast, a German led platform — The Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) platform — would store data in a centralized location, and would comply with Europe’s GDPR data protection laws. Several European countries, including France, Germany and Ireland, are developing apps on the PEPP-PT platform.
However, almost every single smartphone in Europe uses Google’s Android or Apple’s iOS operating systems, and the two companies have said that the contact-tracing functionality will eventually be built into these operating systems by default.
Apple and Google have promised that this tracking technology will be remotely deactivated once the pandemic subsides, and until then will function on a strictly “opt-in” basis. Europe’s GDPR law holds them to this.
But Silicon Valley has a spotty track record when it comes to privacy. Apple presents itself as a responsible handler of user data and has famously refused to allow the FBI to access the phones of terror suspects. Yet, behind the scenes, the company reportedly dropped plans to let users encrypt backups of their phone data after it was pressured by FBI agents. Given that multiple governments have criminalized the breaking of quarantine measures, it remains possible that Apple’s contact-tracing data could be used to identify lawbreakers.
Google, on the other hand, is a data-hungry ‘Big Brother,’ with capabilities beyond Orwell’s wildest dreams. Everything you’ve ever searched for on any of your devices is recorded and stored by Google — every web page visited, every photograph and message sent through apps, and every file stored or document edited on Google Drive, and every journey tracked by Google Maps.
Google says it’s not associating the data with you, as a person — instead, it’s linked to your “advertising ID,” and never shared unless you want it to be. Or unless a government agency requests that Google turn it over. This happened 165,000 times in the first half of last year, with Google granting three quarters of these requests.
Crucially, the firm was recently revealed to have gathered detailed medical records — including names, hospital records, diagnoses and lab results — on millions of Americans without their consent. Though Google insists the operation was legal, it nevertheless tried to keep it under wraps for over a year.
If data collection in the age of Covid-19 is to be an inevitability, lawmakers and citizens must now decide who they trust to handle that data: the old Big Brother of government or the new data kingpins of Silicon Valley. If the latter is chosen, then privacy advocates would do well to look at these firms’ histories, particularly with regard to sensitive medical data.