One of the best tools we have to slow the spread of the coronavirus is, as you have no doubt heard by now, contact tracing. But what exactly is contact tracing, who does it and how, and do you need to worry about it?
In short, contact tracing helps prevent the spread of a virus by proactively finding people at higher risk than others due to potential exposure, notifying them if possible, and quarantining them if necessary. It’s a proven technique, and smartphones could help make it even more effective — but only if privacy and other concerns can be overcome.
Contact tracing, from memory to RAM
Contact tracing has been done in some form or another as long as the medical establishment has understood the nature of contagious diseases. When a person is diagnosed with an infectious disease, they are asked whom they have been in contact with over the previous weeks, both in order to determine who may have been infected by them and perhaps where they themselves were infected.
Until very recently, however, the process has relied heavily on the recall of people who are in a highly stressful situation and, until prompted, were probably not paying special attention to their movements and interactions.
This results in a list of contacts that is far from complete, though still very helpful. If those people can be contacted and their contacts likewise traced, a network of potential infections can be built up without a single swab or blood drop, and lives can be saved or important resources better allocated.
You might think that has all changed now what with modern technology and all, but in fact contact tracing being done at hospitals right now is almost all still of the memory-based kind — the same we might have used a hundred years ago.
It certainly seems as if the enormous digital surveillance apparatus that has been assembled around us over the last decade should be able to accomplish this kind of contact tracing easily, but in fact it’s surprisingly useless for anything but tracking what you are likely to click on or buy.
While it would be nice to be able to piece together a contagious person’s week from a hundred cameras spread throughout the city and background location data collected by social media, the potential for abuse of such a system should make us thankful it is not so easy as that. In other, less dire circumstances the ability to track the exact movements and interactions of a person from their digital record would be considered creepy at best, and perhaps even criminal.
But it’s one thing when an unscrupulous data aggregator uses your movements and interests to target you with ads without your knowledge or consent — and quite another when people choose to use the forbidden capabilities of everyday technology in an informed and limited way to turn the tide of a global pandemic. And that’s what modern digital contact tracing is intended to do.
Bluetooth beacons
All modern mobile phones use wireless radios to exchange data with cell towers, Wi-Fi routers, and each other. On their own, these transmissions aren’t a very good way to tell where someone is or who they’re near — a Wi-Fi signal can travel 100 to 200 feet reliably, and a cell signal can go miles. Bluetooth, on the other hand, has a short range by design, less than 30 feet for good reception and with a swiftly attenuating signal that makes it unlikely to catch a stray contact from much further out than that.
We all know Bluetooth as the way our wireless earbuds receive music from our phones, and that’s a big part of its job. But Bluetooth, by design, is constantly reaching out and touching other Bluetooth-enabled devices — it’s how your car knows you’ve gotten into it, or how your phone detects a smart home device nearby.
Bluetooth chips also make brief contact without your knowledge with other phones and devices you pass nearby, and if they aren’t recognized, they delete each other from their respective memories as soon as possible. But what if they didn’t?
The type of contact tracing being tested and deployed around the world now uses Bluetooth signals very similar to the ones your phone already transmits and receives constantly. The difference is it just doesn’t automatically forget the other devices it comes into contact with.
Assuming the system is working correctly, what would happen when a person presents at the hospital with COVID-19 is basically just a digitally enhanced version of manual contact tracing. Instead of querying the person’s fallible memory, they query the phone’s much more reliable one, which has dutifully recorded all the other phones it has recently been close enough to connect to. (Anonymously, as we’ll see.)
Those devices — and it’s important to note that it’s devices, not people — would be alerted within seconds that they had recently been in contact with someone who has now been diagnosed with COVID-19. The notification they receive will contain information on what the affected person can do next: Download an app or call a number for screening, for instance, or find a nearby location for testing.
The ease, quickness, and comprehensiveness of this contact tracing method make it an excellent opportunity to help stem the spread of the virus. So why aren’t we all using it already?
In Singapore the TraceTogether app was promoted by the government as the official means for contact tracing. South Korea saw the voluntary adoption of a handful of apps that tracked people known to be diagnosed. Taiwan was able to compare data from its highly centralized healthcare system to a contact tracing system it began work on during the SARS outbreak years ago. And mainland China has implemented a variety of tracking procedures through mega-popular services like WeChat and Alipay.
While it would be premature to make conclusions on the efficacy of these programs while they’re still underway, it seems at least anecdotally to have improved the response and potentially limited the spread of the virus.
But east Asia is a very different place from the U.S.; we can’t just take Taiwan’s playbook and apply it here (or in Europe, or Africa, etc.), for myriad reasons. There are also valid questions of privacy, security, and other matters that need to be answered before people, who for good reason are skeptical of the intentions of both the government and the private sector, will submit to this kind of tracking.
Right now there are a handful of efforts being made in the U.S., the largest profile by far being the collaboration between arch-rivals Apple and Google, which have proposed a cross-platform contact tracing method that can be added to phones at the operating system.
The system they have suggested uses Bluetooth as described above, but importantly does not tie it to a person’s identity in any way. A phone would have a temporary ID number of its own, and as it made contact with other devices, it exchanges numbers. These lists of ID numbers are collected and stored locally, not synced with the cloud or anything. And the numbers also change frequently so no single one can be connected to your device or location.
If and only if a person is determined to be infected with the virus, a hospital (not the person) is authorized to activate the contact tracing app, which will send a notification to all the ID numbers stored in the person’s phone. The notification will say that they were recently near a person now diagnosed with COVID-19 — again, these are only ID numbers generated by a phone and are not connected with any personal information. As discussed earlier, the people notified can then take whatever action seems warranted.
MIT has developed a system that works in a very similar way, and which some states are reportedly beginning to promote among their residents.
Naturally even this straightforward, decentralized, and seemingly secure system has its flaws; this article at the Markup gives a good overview, and I’ve summarized them below:
It’s opt-in. This is a plus and a minus, of course, but means that many people may choose not to take part, limiting how comprehensive the list of recent contacts really is.
It’s vulnerable to malicious interference. Bluetooth isn’t particularly secure, which means there are several ways this method could be taken advantage of, should there be any attacker depraved enough to do so. Bluetooth signals could be harvested and imitated, for instance, or a phone driven through the city to “expose” it to thousands of others.
It could lead to false positives or negatives. In order to maintain privacy, the notifications sent to others would contain a minimum of information, leading them to wonder when and how they might have been exposed. There will be no details like “you stood next to this person in line 4 days ago for about 5 minutes” or “you jogged past this person on Broadway.” This lack of detail may lead to people panicking and running to the ER for no reason, or ignoring the alert altogether.
It’s pretty anonymous, but nothing is truly anonymous. Although the systems seem to work with a bare minimum of data, that data could still be used for nefarious purposes if someone got their hands on it. De-anonymizing large sets of data is practically an entire domain of study in data science now and it’s possible that these records, however anonymous they appear, could be cross-referenced with other data to out infected persons or otherwise invade one’s privacy.
It’s not clear what happens to the data. Will this data be given to health authorities later? Will it be sold to advertisers? Will researcher be able to access it, and how will they be vetted? Questions like these could very well be answered satisfactorily, but right now it’s a bit of a mystery.
Contact tracing is an important part of the effort to curb the spread of the coronavirus, and whatever method or platform is decided on in your area — it may be different state to state or even between cities — it is important that as many people as possible take part in order to make it as effective as possible.
There are risks, yes, but the risks are relatively minor and the benefits would appear to outweigh them by orders of magnitude. When the time comes to opt in, it is out of consideration for the community at large that one should make the decision to do so.
The federal government is ordering the dissolution of TikTok’s Canadian business after a national security review of the Chinese company behind the social media platform, but stopped short of ordering people to stay off the app.
Industry Minister François-Philippe Champagne announced the government’s “wind up” demand Wednesday, saying it is meant to address “risks” related to ByteDance Ltd.’s establishment of TikTok Technology Canada Inc.
“The decision was based on the information and evidence collected over the course of the review and on the advice of Canada’s security and intelligence community and other government partners,” he said in a statement.
The announcement added that the government is not blocking Canadians’ access to the TikTok application or their ability to create content.
However, it urged people to “adopt good cybersecurity practices and assess the possible risks of using social media platforms and applications, including how their information is likely to be protected, managed, used and shared by foreign actors, as well as to be aware of which country’s laws apply.”
Champagne’s office did not immediately respond to a request for comment seeking details about what evidence led to the government’s dissolution demand, how long ByteDance has to comply and why the app is not being banned.
A TikTok spokesperson said in a statement that the shutdown of its Canadian offices will mean the loss of hundreds of well-paying local jobs.
“We will challenge this order in court,” the spokesperson said.
“The TikTok platform will remain available for creators to find an audience, explore new interests and for businesses to thrive.”
The federal Liberals ordered a national security review of TikTok in September 2023, but it was not public knowledge until The Canadian Press reported in March that it was investigating the company.
At the time, it said the review was based on the expansion of a business, which it said constituted the establishment of a new Canadian entity. It declined to provide any further details about what expansion it was reviewing.
A government database showed a notification of new business from TikTok in June 2023. It said Network Sense Ventures Ltd. in Toronto and Vancouver would engage in “marketing, advertising, and content/creator development activities in relation to the use of the TikTok app in Canada.”
Even before the review, ByteDance and TikTok were lightning rod for privacy and safety concerns because Chinese national security laws compel organizations in the country to assist with intelligence gathering.
Such concerns led the U.S. House of Representatives to pass a bill in March designed to ban TikTok unless its China-based owner sells its stake in the business.
Champagne’s office has maintained Canada’s review was not related to the U.S. bill, which has yet to pass.
Canada’s review was carried out through the Investment Canada Act, which allows the government to investigate any foreign investment with potential to might harm national security.
While cabinet can make investors sell parts of the business or shares, Champagne has said the act doesn’t allow him to disclose details of the review.
Wednesday’s dissolution order was made in accordance with the act.
The federal government banned TikTok from its mobile devices in February 2023 following the launch of an investigation into the company by federal and provincial privacy commissioners.
— With files from Anja Karadeglija in Ottawa
This report by The Canadian Press was first published Nov. 6, 2024.
LONDON (AP) — Most people have accumulated a pile of data — selfies, emails, videos and more — on their social media and digital accounts over their lifetimes. What happens to it when we die?
It’s wise to draft a will spelling out who inherits your physical assets after you’re gone, but don’t forget to take care of your digital estate too. Friends and family might treasure files and posts you’ve left behind, but they could get lost in digital purgatory after you pass away unless you take some simple steps.
Here’s how you can prepare your digital life for your survivors:
Apple
The iPhone maker lets you nominate a “ legacy contact ” who can access your Apple account’s data after you die. The company says it’s a secure way to give trusted people access to photos, files and messages. To set it up you’ll need an Apple device with a fairly recent operating system — iPhones and iPads need iOS or iPadOS 15.2 and MacBooks needs macOS Monterey 12.1.
For iPhones, go to settings, tap Sign-in & Security and then Legacy Contact. You can name one or more people, and they don’t need an Apple ID or device.
You’ll have to share an access key with your contact. It can be a digital version sent electronically, or you can print a copy or save it as a screenshot or PDF.
Take note that there are some types of files you won’t be able to pass on — including digital rights-protected music, movies and passwords stored in Apple’s password manager. Legacy contacts can only access a deceased user’s account for three years before Apple deletes the account.
Google
Google takes a different approach with its Inactive Account Manager, which allows you to share your data with someone if it notices that you’ve stopped using your account.
When setting it up, you need to decide how long Google should wait — from three to 18 months — before considering your account inactive. Once that time is up, Google can notify up to 10 people.
You can write a message informing them you’ve stopped using the account, and, optionally, include a link to download your data. You can choose what types of data they can access — including emails, photos, calendar entries and YouTube videos.
There’s also an option to automatically delete your account after three months of inactivity, so your contacts will have to download any data before that deadline.
Facebook and Instagram
Some social media platforms can preserve accounts for people who have died so that friends and family can honor their memories.
When users of Facebook or Instagram die, parent company Meta says it can memorialize the account if it gets a “valid request” from a friend or family member. Requests can be submitted through an online form.
The social media company strongly recommends Facebook users add a legacy contact to look after their memorial accounts. Legacy contacts can do things like respond to new friend requests and update pinned posts, but they can’t read private messages or remove or alter previous posts. You can only choose one person, who also has to have a Facebook account.
You can also ask Facebook or Instagram to delete a deceased user’s account if you’re a close family member or an executor. You’ll need to send in documents like a death certificate.
TikTok
The video-sharing platform says that if a user has died, people can submit a request to memorialize the account through the settings menu. Go to the Report a Problem section, then Account and profile, then Manage account, where you can report a deceased user.
Once an account has been memorialized, it will be labeled “Remembering.” No one will be able to log into the account, which prevents anyone from editing the profile or using the account to post new content or send messages.
X
It’s not possible to nominate a legacy contact on Elon Musk’s social media site. But family members or an authorized person can submit a request to deactivate a deceased user’s account.
Passwords
Besides the major online services, you’ll probably have dozens if not hundreds of other digital accounts that your survivors might need to access. You could just write all your login credentials down in a notebook and put it somewhere safe. But making a physical copy presents its own vulnerabilities. What if you lose track of it? What if someone finds it?
Instead, consider a password manager that has an emergency access feature. Password managers are digital vaults that you can use to store all your credentials. Some, like Keeper,Bitwarden and NordPass, allow users to nominate one or more trusted contacts who can access their keys in case of an emergency such as a death.
But there are a few catches: Those contacts also need to use the same password manager and you might have to pay for the service.
___
Is there a tech challenge you need help figuring out? Write to us at onetechtip@ap.org with your questions.
LONDON (AP) — Britain’s competition watchdog said Thursday it’s opening a formal investigation into Google’s partnership with artificial intelligence startup Anthropic.
The Competition and Markets Authority said it has “sufficient information” to launch an initial probe after it sought input earlier this year on whether the deal would stifle competition.
The CMA has until Dec. 19 to decide whether to approve the deal or escalate its investigation.
“Google is committed to building the most open and innovative AI ecosystem in the world,” the company said. “Anthropic is free to use multiple cloud providers and does, and we don’t demand exclusive tech rights.”
San Francisco-based Anthropic was founded in 2021 by siblings Dario and Daniela Amodei, who previously worked at ChatGPT maker OpenAI. The company has focused on increasing the safety and reliability of AI models. Google reportedly agreed last year to make a multibillion-dollar investment in Anthropic, which has a popular chatbot named Claude.
Anthropic said it’s cooperating with the regulator and will provide “the complete picture about Google’s investment and our commercial collaboration.”
“We are an independent company and none of our strategic partnerships or investor relationships diminish the independence of our corporate governance or our freedom to partner with others,” it said in a statement.
The U.K. regulator has been scrutinizing a raft of AI deals as investment money floods into the industry to capitalize on the artificial intelligence boom. Last month it cleared Anthropic’s $4 billion deal with Amazon and it has also signed off on Microsoft’s deals with two other AI startups, Inflection and Mistral.
