TL;DR I’m not arguing against contact tracing apps; I’m critical of Apple and Google’s approach.
In the past months our Iphones and Androids received operating systems updates, a joint effort by the two companies to help in the fight against COVID-19. The updates introduced new operating system functions for applications (APIs Application Programming Interfaces) to enable Contact Tracing apps developed by national health authorities. Without this update, Tracing Apps can’t work properly, mainly due to bluetooth power management by iphones.
When an iphone’s screen is off, it detects bluetooth beacons but does not emit them. It’s mute but not deaf. So, when an android meets a ‘mute’ Iphone, it cannot detect the contact. In a nutshell, Apple’s and Google’s APIs allow for a different management of the iphone’s Bluetooth to enable mutual detection of the contact also when the iphone’s screen is off.
The companies have decided that this functionality is reserved exclusively for States’ authorities.
This is the critical part: Apple and Google have agreed to provide States with a feature that bypasses the normal operations of the operating system and enables State Apps to do things the rest of developers are vetoed to.
Let’s forget the Covid emergency for a moment and reread the sentence above: functions on our devices that only State authorities can access.
Since this path has been taken, which reserved functions will States ask Google and Apple tomorrow ? Once this path has been taken, is it irrational to think that States will ask similar backdoors for surveillance purposes, obviously keeping them secret ?
Opening the source code of States’ apps won’t help much in inspecting what Apps really do. “Reproducible build” is a technical process to check if a source code corresponds with the Apps we download from the stores. Because of technical reasons, it is not possible to have an independent, byte-for-byte verification of all Apps using State reserved functions: The possibility of democratic oversight is undermined.
We welcome the effort of the duopolistic companies to make a contribution to public health. But this paradigm shift, making some functions reserved only to States’ authorities, is unacceptable. Reserving APIs to States is a paradigm echoing behaviors of totalitarian regimes, even worse of what George Orwell thought of.
We should welcome national health authorities who employ all available techniques in order to protect public health. The problem is not them using these APIs: they exist today, even if health authorities don’t use them.
The problem lies upstream; it lies in the concept itself that our devices, the homes of our digital dimension, provide services exclusively accessible to States’ authorities.
A striking difference with what William Pitt, 1st Earl of Chatham, who served as Prime Minister of Great Britain, said in 1763:
“The poorest man may in his cottage bid defiance to all the forces of the crown. It may be frail – its roof may shake – the wind may blow through it – the storm may enter – the rain may enter – but the King of England cannot enter.”