back to article NY Attorney General warns Apple, Google to police COVID-19 tracing apps in their souks – or she will herself

The Attorney General of New York has warned Apple and Google she expects the tech giants to keep an eye on an upcoming crop of coronavirus contact-tracing apps, particularly when it comes to the accumulation of personal data. In letters sent Tuesday to the mega-corp pair, Letitia James makes it plain she is concerned that a …

  1. Dinanziame
    Paris Hilton

    Did any of these apps reach an adoption rate of even 30%? It seems an exercise in futility.

    And even if it worked as intended, and people learnt that they have been in contact with an infected person, what does it change? If you have symptoms, you get checked. If you don't have symptoms, you can't get checked (not enough testing kits). What the app tells you is essentially irrelevant.

    1. osakajin Bronze badge

      Because the real agenda here is to normalise granualar surveliance.

      1. Dinanziame

        Well at least, it seems that the common API of Google and Apple prevents general surveillance... As long as you are in a country that uses it.

    2. gnasher729 Silver badge

      If you were in contact with an infected person, you can stay at home for two weeks. Immediately when you are informed. Instead of infecting others while you wait for symptoms to appear. Or instead of infecting others when you never get symptoms, but can still pass the virus on.

      Perfect solution when the infection rate is low enough that this is significant better than a lockdown.

      1. ThatOne Silver badge

        > you can stay at home for two weeks

        Only if you're retired, homemaker or work from home anyway; It's difficult to lose 2 weeks of work each time an infected person drove/walked by.

        Those apps only make sense if you can get tested: Potential encounter with an infected person? Get tested, learn if you are henceforth infected or still healthy, and act accordingly. It's a good early warning system.

        Without (sufficient) testing capacities and/or possibilities and without a system which controls the app's claims, a single person walking through a crowded city claiming to be infected would cause a local lock-down, as the hundreds of people he walked by would have to go on that 2-week quarantine. Send an "infected" person walk through your competitor's facilities and watch him close shop, the possibilities for mischief are infinite. But the biggest issue is that, for personal or professional reasons, most people simply won't accept a half-month isolation for a vague possibility that somebody potentially infected was close enough to infect them too, making the whole thing pointless.

        IMHO it would be way more efficient to spend that money in testing capacity. If everybody could get tested anywhere in a couple minutes (even if you only get the results 24h later), any infectious people would be quickly found and isolated just as well. And I think nobody would mind getting tested every week or so if it isn't too complicated or time-consuming, I know I wouldn't.

        Just my 2 cents worth.

        1. A K Stiles Silver badge

          as I understand it, it's not enough to just have been 'walked by' by an infected individual, but to have been near enough for a number of minutes to have increased the likely chances of being infected, so you'd need to go stand within a few metres of many of your competitors employees for 5+ minutes for the apps to consider you as at risk of infection.

          1. Someone Else Silver badge

            Well, then, how would tRump react if his Twitter-machine were to tell him that one (or more!) of those folks he was glad-handing on Tuesday during his Policing photo-op ... er, nationwide policy address ... were to have been marked as "infected"? Nothing?? Thought so.

          2. ThatOne Silver badge
            Devil

            > stand within a few metres of many of your competitors employees for 5+ minutes

            Well, it's not like people move a lot in most professions; But if you want to optimize, you'll just deposit "infectious" telephones at frequent gathering points (printer, cafeteria, meeting rooms, etc.), and after a day or two I guess most employees will have accumulated enough "infection proximity time" (don't really know, I have no idea how the apps calculate this).

            Don't do this at home work!

          3. Intractable Potsherd Silver badge

            As well as the time element, there is an environment element. Being outdoors is much different from being in a large building with is different from being in a small building, for example. Also, what people are doing makes a difference - talking, shouting and singing have different threat profiles. None of the apps seem to take this into account, so people will rapidly lose any trust they might have, anyway.

        2. John Brown (no body) Silver badge

          "each time an infected person drove/walked by."

          You may have had some valid points, but I stopped reading as soon as you demonstrated a lack of understand over what a "contact" is. Annoyingly, even the press are constantly getting it wrong too. I just heard a reporter wondering how football players can keep 2m apart and play the game. Well, duh!

          1. ThatOne Silver badge
            Happy

            > you demonstrated a lack of understand over what a "contact" is

            And why don't you enlighten me/us? (Sincere request, no snark.)

      2. Jellied Eel Silver badge

        Perfect solution when the infection rate is low enough that this is significant better than a lockdown.

        Perhaps a perfect solution when in the initial stages of an outbreak and the risks aren't well understood. So when Ferguson's model told government there'd be millions dead, and it'd make Spanish flu look like a mild cold.

        6 months later, it looks like mortality rate is <1% and those model projections rather exagerated.

        But press on regardless. Contracts have been issued. Future contracts for patent medicines are eagerly anticipated. Scientific papers have been published, and retracted. The public knows that Covid is more lethal than ebola and avian flu combined..

        Or it's not. There are reports that Covid may have been circulating long before the hype train left it's station, and many people may have been infected without realising. Public health bodies have records of admissions, so should be able to revise risk data so that people with pre-existing conditions that increase risk can take more precautions. But no. We may be facing Covid 2.0 and a '2nd wave'. Everyone must wear tracking beacons that wpn't do anything unless you've been close to an unclean for 15mins. If you walk past someone coughing or sneezing, it won't alert you. It won't alert you after that person's been tested positive. It won't alert people who've been near anyone who's an asymptomatic carrier.

        1. John Brown (no body) Silver badge

          "6 months later, it looks like mortality rate is <1% and those model projections rather exagerated."

          <1% isn't much when it's an averagely contagious coronavirus, but this one seems to be far more contagious so that 1% mortality rate applies to far larger than usual numbers of infections. And those "exaggerated" models were based on usual types of reactions rather than the far more aggressive actions take by governments around the world.

          Simply stating that the mortality rate is less than 1% with no other context is almost Trumpian in it's ability to mis-lead.

          1. Jellied Eel Silver badge

            Simply stating that the mortality rate is less than 1% with no other context is almost Trumpian in it's ability to mis-lead.

            To truly mislead, you'd need the media. Here's one I made earlier-

            https://www.bbc.co.uk/news/health-53061281

            By Michelle Roberts Health editor, BBC News online

            ... The Recovery Trial, running since March, also looked at the malaria drug hydroxychloroquine, which has subsequently been ditched amid concerns it increases fatalities and heart problems.

            Sooo.. was that the trial reported in the Lancet that had to be retracted after discovering some very dodgy data mining? Oh.. The 'Recovery' Trial-

            http://www.francesoir.fr/politique-monde/interview-exclusive-martin-landray-recovery-hydroxychloroquine-game-over-uk

            FS : Could you please precise what dosage of HCQ you gave to the patient ? and the results ?

            ML : It is 2400 mg in the first 24 hours and 800 mg from day 2 to day 10. It is an 10 day course of treatment in total. These are quite high doses to make sure that the blood levels got high enough to have a chance of killing the virus.

            Which is... curious. Especially given-

            https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7207200/

            Potential risks of treatment include prolongation of the QTc interval (especially in patients with preexisting cardiac disease or if coprescribed with azithromycin), hypoglycemia, neuropsychiatric effects, drug–drug interactions and idiosyncratic hypersensitivity reactions.

            Sooo.. Design a trial that gives patients with pre-existing heart conditions & diabetes 4x the NICE recommended dose, then end the trial on 'safety grounds' to focus efforts on helping big pharma with their product development. Eventually Remdesivir might be found to work on... something.

            But such is politics. One would have hoped the BBC's 'Health Editor' had been aware of the Lancet's problems, or even concerns about the dosage used in the 'Recovery' trial. Or perhaps even ask pointed questions, like if anyone's tried the hydroxychlorquine + zinc combo to see if it reduced infection rates.. Which is what the original claims suggested.

            And Ferguson's model would still have been wrong given it used the wrong values for infection rates & mortality, amongst others. Meanwhile, the app isn't going to produce anything meaningful, but due to a combination of cabin fever & peaceful protesting, there'll be more opportunities to revise models based on the lock-down becoming unlocked.

            And on a positive note.. Track & Trace apps could prove really useful to see who's violating curfews & unlawfully assembling. This is a Good Thing(tm)... isn't it? Big Data can soon monitor populations to 2m-ish resolution in near real-time. What could possibly go wrong?

    3. Gordon 10 Silver badge
      FAIL

      If you don't have symptoms, you can't get checked (not enough testing kits)

      Any substantiation for that statement? I suspect it varies widely by country.

      1. VicMortimer

        It does vary. The health department here opened for the day an hour ago. Testing is free and open to anyone who walks in, they do it every Monday, Wednesday, and Friday. They're encouraging everybody to show up. (Of course, a cynical person would say that's really just because they want to get large numbers of negative tests to justify prematurely opening everything back up, which they're already doing anyway.)

        And of course, this being America, if you want treatment for anything you'd better be rich or have insurance.

    4. Anonymous Coward
      Anonymous Coward

      what does it change?

      "And even if it worked as intended, and people learnt that they have been in contact with an infected person, what does it change? If you have symptoms, you get checked. If you don't have symptoms, you can't get checked (not enough testing kits). What the app tells you is essentially irrelevant."

      If you're told you've been in contact with an infected person, you're supposed to isolate yourself for two weeks so you don't pass the disease on. Regardless of whether you have symptoms. That's what it does (supposedly), and if it worked it's very relevant.

      1. Doctor Syntax Silver badge

        Re: what does it change?

        "If you're told you've been in contact with an infected person, you're supposed to isolate yourself for two weeks so you don't pass the disease on. Regardless of whether you have symptoms. That's what it does (supposedly), and if it worked it's very relevant."

        The first thing we need to know about whether it's relevant is the number of false positives that will be generated.

        Without testing it's quite possible that either:

        - Large numbers of people will be self-isolating needlessly

        - The system rapidly loses public trust and is ignored

        or

        - In order to avoid the above the threshold is set so high that it generates large numbers of false negatives instead.

  2. arthoss

    from Germany

    living in Germany: a non scientific poll showed that from the people following Corona 60% would install the app in Germany . It's build with SAP and T-Systems (T-Systems' involvement worries me actually). I'm not part of the 60% since I cannot just install an app without a proper check by IT bods, maybe later I will.

    But one thing I don't understand is why the app wasn't built into the existing state KatWarn application, which concerned citizens have on their phones to know when catastrophes happen. In my circle of friends, most people have it. That app has a "guarding angel" mode, which checks your location to warn you of catastrophes around you OR you can just define areas of interest and not enable the location tracking.

    On the whole health front, I fail to see why apple and co didn't extend the likes of HealthKit to cover and detect abnormal health situations also in regards to this type of sickness. Don't tell me that my apple watch doesn't have the data that shows something is off when I'm sick(being in bed with a cold and it's asking me to do sports). All these things should be open for reporting to the state, if I so choose (and I would), which would probably nullify the need for an explicit app from the state.

    1. iron Silver badge

      Re: from Germany

      That might work in Germany but in the UK I will not ever install an app that gives the government my location at any point. And, I will not wear a spy device on my wrist that tells the government (or Apple/Google) anything about my location or vital signs.

      Extending Healthkit would have taken longer and possibly required an OS update. I think you'll find Apple didn't go that route partly so they could get the COVID app spec ready asap so apps could be written quickly and partly because they wanted a common spec with Google.

    2. Gordon 10 Silver badge
      FAIL

      Re: from Germany

      That would never work in Germany. Unlike the surveillance state UK, Germany is far more privacy aware.

      Plus it would be massively disproportionate. Freely sharing your health data with goo-apple is one thing. Them passing it on to the state is quite another. First it would be COVID, then Flu-season, then something utterly spurious like Paedo-terrorists.

    3. IGotOut Silver badge

      Re: from Germany

      "KatWarn application, which concerned citizens have on their phones to know when catastrophes happen. "

      I think paranoid citizens would be more appropriate. Do people really worry all the time about a "catastrophe" (maybe a lost in translation thing)?

      I just get on with life and whatever happens, happens. Lived with the threat of terrorist attacks all my life, still more likely to get hit by a car because I'm to busy looking at the phone.

      1. ThatOne Silver badge

        Re: from Germany

        > Do people really worry all the time about a "catastrophe"

        I don't know that app, so I'm just guessing, but I willing to bet it's more of an alert system for things like floods, abnormal/dangerous weather conditions and things like that. Something akin the tornado warning system in the USA, which sends out SMS when you're about to be transported to Oz.

    4. paulll

      Re: from Germany

      "That app has a "guarding angel" mode, which checks your location to warn you of catastrophes around you"

      "Nuke? What nu...oh, wow!"

  3. Mark192 Bronze badge

    The Government whined:

    “We hope it will be possible to find a solution so that infection notification and analysis of infection control measures can be introduced in the long term”

    Yeah, not gonna happen.

    Your solution is to go with the contract tracing solution offered by Google and Apple. Quick to implement, low impact on phones (little effect on battery life, stable) so fewer uninstalls and no privacy concerns so more installs.

    Instead, you have insisted on incorporating 'analysis of infection control measures' so guaranteeing massively longer development time, lower take up and increased deletion of app from those that did install it.

    The main issue with the data connection aspect of these apps is that it reduces take up to the point where the app can't do its main job...

    ...wait a minute, I've just realised, 'analysis of infection control measures' was the only thing they were interested in. Notification to the users was just a sweetener to encourage participation :rollseyes:

    1. Jellied Eel Silver badge

      ...wait a minute, I've just realised, 'analysis of infection control measures' was the only thing they were interested in. Notification to the users was just a sweetener to encourage participation

      I think it's where the UK approach is better. So a peer-peer infection network's great. Ping! You've spent 15mins in the presence of the undead. Now what? Rush to the nearest testing centre and demand a test so your iGadget can be loaded with a certificate of purity, and you can go out again?

      Or, given public health and epidemeology typically relies on identifying and tracking outbreaks, having some view of what's happening seems like a sensible idea. Cluster of red dots growing in Slough? Maybe just quarantine that*, not the whole country.

      *And maybe 'forget' to lift quarantine.

      1. doublelayer Silver badge

        "Or, given public health and epidemeology typically relies on identifying and tracking outbreaks, having some view of what's happening seems like a sensible idea. Cluster of red dots growing in Slough? Maybe just quarantine that*, not the whole country."

        You aren't paying attention, are you? The app doesn't detect cases. It alerts people who may have cases. You know, after someone they came into contact with is determined to have a case. That's done by testing. Testing is done by the NHS. The NHS can report the test and where it happened and can ask the person for an address, which they can use to put a red dot on a map. The app could not put those dots on the map because the app doesn't know whether you have a case.

        1. Doctor Syntax Silver badge

          "It alerts people who may have cases."

          But doesn't offer to test them. Go away and hide for a couple of weeks. You may well have nothing wrong but go and hide anyway.

        2. Jellied Eel Silver badge

          Connecting the dots..

          The app could not put those dots on the map because the app doesn't know whether you have a case.

          So.. The NHS can put a dot on a map because it's done the test. But in a decentralised model, that's pretty much it. It could make assumptions about contacts based on profiles, population density etc, but couldn't do much to actually track & trace contacts. It might be able to tell if someone positive has spent time in a crowded theater, but not if they coughed. Or who the others in the crowd were. And they may be blissfully unaware if they'd done the decent thing and turned their phones off.

          So the NHS would be basically blind to potentially useful contact/outbreak monitoring. But to be useful, it also needs to be more invasive. Peer-Peer just notifies someone that they may have been close to someone else who'd tested positive.

          Great. Now what? Go get tested, assuming tests are available. Or as Doctor Syntax says, go isolate for 15 days. Which doesn't help track outbreaks because you've no idea if that contact resulted in transmission. Of course what could be possible is monitoring house arrest & working much like offender tagging.. But only if that information is available. Otherwise, public health authorities have no idea if people are breaking quarantine, or not.

          Which is also potentially a good thing. Decentralised track & trace seems useless for both public health... and enforcing house arrest and/or curfews.

      2. Intractable Potsherd Silver badge

        "Maybe just quarantine that*, not the whole country."

        That is what should have happened right from the beginning. Treating the Peak District like Manchester, the Brecon Beacons like Cardiff, and most of Scotland like Glasgow was insane.

  4. EastFinchleyite

    Borders

    Interesting.

    Given the international cross border nature of mobile networks, app platforms and the rest, and that the NHS app in the UK will clearly breach the lines drawn by the AG of NY, can we expect a cease and desist letter from the AG's office to be delivered to Matt Hancock in Westminster in the next few weeks.

    If not, it will probably be because the UK app will have so little take up that is is regarded as of no significance.

    1. Strahd Ivarius Bronze badge
      Facepalm

      Re: Borders

      One thing to note is that if I am not mistaken each US state will have its own application.

      So whenever you cross states borders you will need to download a new one, that won't have any access to the information collected by the previous one(s) even if it uses the approved API.

      If you cross an infected person which contaminates you just before the crossing you will be allowed to contaminate everyone up to the time you develop symptoms...

      1. John Brown (no body) Silver badge

        Re: Borders

        "If you cross an infected person which contaminates you just before the crossing you will be allowed to contaminate everyone up to the time you develop symptoms..."

        Surely if you are "in contact" with a person later tested positive, even if you have crossed a Stale line, you'd still be notified. Or are you assuming that crossing a State line will mean the users delete the app and download the new local one or that the app will "know" you are out of state and ignore you?

  5. Anonymous Coward
    Anonymous Coward

    tracing apps

    I installed the official tracing app put out by WHO last month.

    I recieved a hyperlink in a text message that told me to change a setting in my phone to allow apps from unkown sources.

    (I feel like I am doing my part in all this but I really wish the tracing app would come with less intrusive ads)

    1. Aleph0
      Happy

      Re: tracing apps

      Ah, I think I've received the same message... Download location seems to be at TotallyLegitApps.ru .

      I'm sure nothing can go wrong with that.

      1. Mr Sceptical
        Big Brother

        Re: tracing apps

        So should we accept the one that downloads from mil.gov too?

        Seems very friendly as it keeps asking questions about all my contacts!

        Seriously, someone needs to explain 'right to privacy' to the various government agencies using picture cards and a taser.

    2. hoola Bronze badge

      Re: tracing apps

      Why does it even need Ads in the first place?

      If the authorities want people to trust them and trust these (in my opinion currently not particularly useful Apps) then be more open about what they are trying to achieve and don't make it an advertisers wet dream.

  6. Doctor Syntax Silver badge

    "This week saw the the Norwegian coronavirus-tracing app pulled and all the information gathered deleted after its data regulator, Datatilsynet, found it was not adequately protecting personal records."

    No fear of that happening in the UK. Not because it'll have better protection, of course, just that nobody in charge cares. After all things can't go wrong twice, can they? Well, certainly not three times.

    1. 9Rune5 Silver badge

      Datatilsynet in Norway is the only government agency I'm aware of that has been under qualified management for a longer time-span (since at least 1989).

      They have a stellar track record afaik.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020