As a response to the COVID-19 pandemic digital contact tracing has been proposed as a tool to support the health authorities in their quest to determine who has been in close and sustained contact with a person infected by the coronavirus. In April 2020 Google and Apple released the Google Apple Exposure Notification (GAEN) framework, as a decentralised and more privacy friendly platform for contact tracing. The GAEN framework implements exposure notification mostly at the operating system layer, instead of fully at the app(lication) layer. In this paper we study the consequences of this approach. We argue that this creates a dormant functionality for mass surveillance at the operating system layer. We show how it does not technically prevent the health authorities from implementing a purely centralised form of contact tracing (even though that is the stated aim). We highlight that GAEN allows Google and Apple to dictate how contact tracing is (or rather isn't) implemented in practice by health authorities, and how it introduces the risk of function creep.
[1]
Serge Vaudenay,et al.
Analysis of DP3T
,
2020,
IACR Cryptol. ePrint Arch..
[2]
Carmela Troncoso,et al.
Decentralized Privacy-Preserving Proximity Tracing
,
2020,
IEEE Data Eng. Bull..
[3]
L. Floridi,et al.
Ethical guidelines for COVID-19 tracing apps
,
2020,
Nature.
[4]
Lucie Abeler-Dörner,et al.
Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing
,
2020,
Science.
[5]
F. Balloux,et al.
Emergence of genomic diversity and recurrent mutations in SARS-CoV-2
,
2020,
Infection, Genetics and Evolution.
[6]
Jaap-Henk Hoepman.
Hansel and Gretel and the Virus: Privacy Conscious Contact Tracing
,
2021,
ArXiv.
[7]
Georgios Kambourakis,et al.
Demystifying COVID-19 digital contact tracing: A survey on frameworks and mobile apps
,
2020,
Wirel. Commun. Mob. Comput..