Apple and Google last week announced a joint contact tracing effort that would use Bluetooth technology to help alert people who have been in close proximity to someone who tested positive for COVID-19. Similar proposals have been put forward by an MIT-associated effort called PACT as well as by multiple European groups.
These proposals differ from the traditional public health technique of “contact tracing” to try to stop the spread of a disease. In place of human interviewers, they would use location or proximity data generated by mobile phones to contact people who may have been exposed.
While some of these systems could offer public health benefits, they may also cause significant risks to privacy, civil rights, and civil liberties. If such systems are to work, there must be widespread, free, and quick testing available. The systems must also be widely adopted, but that will not happen if people do not trust them. For there to be trust, the tool must protect privacy, be voluntary, and store data on an individual’s device rather than in a centralized repository.
A well-designed tool would give people actionable medical information while also protecting privacy and giving users control, but a poorly designed one could pose unnecessary and significant risks to privacy, civil rights, and civil liberties. To help distinguish between the two, the ACLU is publishing a set of technology principles against which developers, the public, and policymakers can judge any contact tracing apps and protocols.
Read more at the ACLU.