苹果谷歌携手打造美版“健康码”,但隐私安全引发担忧
上周五,苹果、谷歌两家科技巨头表示,为帮助民众了解自己是否曾与新冠肺炎确诊患者有过近距离接触,双方将携手开发一款软件。要实现该软件功能,民众首先要同意自己的智能手机与附近人建立连接。
苹果首席执行官蒂姆·库克在一条推文中表示,苹果正携手谷歌“帮助卫生官员以公开透明且尊重民众意愿的方式使用蓝牙技术。”
库克表示:“接触追踪技术能够(帮助我们)在不损害用户隐私的情况下减缓新冠病毒的传播。”
但隐私专家担心,帮助政府全天候监控民众动向、追踪民众活动足迹可能会损害公民自由权。批评人士指出,使用能够精准定位的GPS技术尤其会对公民自由构成侵害。
但也有研究人员表示,蓝牙无线技术其实是更好的选择,因为能保护隐私。该技术无需使用GPS对民众的位置进行无限追踪,只需借助蓝牙在临近设备之间进行有限次数的互通即可,工作模式类似临时对讲机,不会暴露用户的具体位置。
热门应用TraceTogether便是基于蓝牙技术开发,该应用被新加坡用于监控新冠病毒的蔓延状况,并且已有越来越多的国家开始使用。当手机中下载了TraceTogether的用户靠近彼此时,他们的手机会互相发送数据。如果其中某一用户随后被确诊为新冠肺炎患者,主管机构可以将该消息告知曾与其近距离接触的民众,从而让他们也去进行检测。官方永远无法预测这种接触将发生在哪里,也无法轻松追踪用户的行踪。
虽然TraceTogether依托蓝牙技术工作,但隐私专家仍对其使用表达了担忧。比如,有人就对该应用在新加坡的下载流程提出了质疑,因为下载时用户需要登记手机号码。
电子前哨基金会律师亚当·施瓦茨告诉《财富》杂志:“相较于定位追踪,蓝牙接触追踪可以说是重大进步,但仍需强大的隐私与安全保护措施。”
施瓦茨在邮件中补充道:“我们赞赏苹果和谷歌在隐私保护方面所作的努力,我们将对该协议的规范及各类使用该协议开发的公共卫生应用所采取的保护措施进行认真研究。”
苹果一直希望树立隐私管家的企业形象,目前,该公司正对蓝牙及其仍在襁褓之中的新技术进行大力宣传,告知民众该技术能确保公民自由权不受侵犯。在同样于上周五发布的初步技术材料中,苹果介绍了该服务保护隐私的几种方法。
苹果指出:“用户参与接触追踪的过程是公开透明的。”该公司补充表示,任何代表某一特定识别对象的数据都将“每15分钟修改1次,这样就很难通过蓝牙来追踪用户的位置。”苹果未对细节信息进行介绍。
苹果还在技术文件中表示:“接触追踪蓝牙技术规范不要求用户提供位置权限,在是否使用位置信息方面,用户拥有完全选择权。除非用户明确表示同意,否则不会选择使用位置信息。”
第三方应用开发人员将在5月中旬获得该项目的部分技术使用权限。而面向普通用户推出的最终产品将会晚于这一时间。
由于该蓝牙服务仍在谷歌和苹果的开发之中,所以隐私专家还无法对其进行检验。此外,虽然相较于其他技术,蓝牙或许可以更好地保护隐私,但目前尚不清楚该服务的整体设计中是否会涉及其它隐私漏洞。
美国公民自由联盟(ACLU)监控与网络安全顾问詹妮弗·格兰尼克声明中表示:“值得称赞的是,苹果和谷歌已经宣布了一种似乎可以缓解最严重的隐私和中心化风险的方法,但这种方法也还有提升空间。我们将继续保持警惕,确保所有的接触追踪应用都能坚守自愿和去中心化的原则,仅用于公共卫生目的,且仅在疫情期间使用。”(财富中文网)
译者:Feb
上周五,苹果、谷歌两家科技巨头表示,为帮助民众了解自己是否曾与新冠肺炎确诊患者有过近距离接触,双方将携手开发一款软件。要实现该软件功能,民众首先要同意自己的智能手机与附近人建立连接。
苹果首席执行官蒂姆·库克在一条推文中表示,苹果正携手谷歌“帮助卫生官员以公开透明且尊重民众意愿的方式使用蓝牙技术。”
库克表示:“接触追踪技术能够(帮助我们)在不损害用户隐私的情况下减缓新冠病毒的传播。”
但隐私专家担心,帮助政府全天候监控民众动向、追踪民众活动足迹可能会损害公民自由权。批评人士指出,使用能够精准定位的GPS技术尤其会对公民自由构成侵害。
但也有研究人员表示,蓝牙无线技术其实是更好的选择,因为能保护隐私。该技术无需使用GPS对民众的位置进行无限追踪,只需借助蓝牙在临近设备之间进行有限次数的互通即可,工作模式类似临时对讲机,不会暴露用户的具体位置。
热门应用TraceTogether便是基于蓝牙技术开发,该应用被新加坡用于监控新冠病毒的蔓延状况,并且已有越来越多的国家开始使用。当手机中下载了TraceTogether的用户靠近彼此时,他们的手机会互相发送数据。如果其中某一用户随后被确诊为新冠肺炎患者,主管机构可以将该消息告知曾与其近距离接触的民众,从而让他们也去进行检测。官方永远无法预测这种接触将发生在哪里,也无法轻松追踪用户的行踪。
虽然TraceTogether依托蓝牙技术工作,但隐私专家仍对其使用表达了担忧。比如,有人就对该应用在新加坡的下载流程提出了质疑,因为下载时用户需要登记手机号码。
电子前哨基金会律师亚当·施瓦茨告诉《财富》杂志:“相较于定位追踪,蓝牙接触追踪可以说是重大进步,但仍需强大的隐私与安全保护措施。”
施瓦茨在邮件中补充道:“我们赞赏苹果和谷歌在隐私保护方面所作的努力,我们将对该协议的规范及各类使用该协议开发的公共卫生应用所采取的保护措施进行认真研究。”
苹果一直希望树立隐私管家的企业形象,目前,该公司正对蓝牙及其仍在襁褓之中的新技术进行大力宣传,告知民众该技术能确保公民自由权不受侵犯。在同样于上周五发布的初步技术材料中,苹果介绍了该服务保护隐私的几种方法。
苹果指出:“用户参与接触追踪的过程是公开透明的。”该公司补充表示,任何代表某一特定识别对象的数据都将“每15分钟修改1次,这样就很难通过蓝牙来追踪用户的位置。”苹果未对细节信息进行介绍。
苹果还在技术文件中表示:“接触追踪蓝牙技术规范不要求用户提供位置权限,在是否使用位置信息方面,用户拥有完全选择权。除非用户明确表示同意,否则不会选择使用位置信息。”
第三方应用开发人员将在5月中旬获得该项目的部分技术使用权限。而面向普通用户推出的最终产品将会晚于这一时间。
由于该蓝牙服务仍在谷歌和苹果的开发之中,所以隐私专家还无法对其进行检验。此外,虽然相较于其他技术,蓝牙或许可以更好地保护隐私,但目前尚不清楚该服务的整体设计中是否会涉及其它隐私漏洞。
美国公民自由联盟(ACLU)监控与网络安全顾问詹妮弗·格兰尼克声明中表示:“值得称赞的是,苹果和谷歌已经宣布了一种似乎可以缓解最严重的隐私和中心化风险的方法,但这种方法也还有提升空间。我们将继续保持警惕,确保所有的接触追踪应用都能坚守自愿和去中心化的原则,仅用于公共卫生目的,且仅在疫情期间使用。”(财富中文网)
译者:Feb
The two technology giants said last Friday that they would work together to develop software that would help tell people if they have come in close contact with someone who tested positive for the coronavirus. Doing so would require people to agree to have their smartphones link with others nearby.
Apple CEO Tim Cook said in a tweet that the iPhone-maker along with Google are working “to help health officials harness Bluetooth technology in a way that also respects transparency & consent.”
“Contact tracing can help slow the spread of COVID-19 and can be done without compromising user privacy,” Cook said.
However, privacy experts worry that tracking people's movements can harm civil liberties by helping authorities keep tabs on people at all times. Critics point to the use of GPS, with its ability to pinpoint people’s location as particularly invasive.
But recently, some researchers have said that the Bluetooth wireless technology could be a better alternative because it would still preserve privacy. Instead of tracking people's locations indefinitely through GPS, it would rely on Bluetooth, which only allows communications between other nearby devices for a limited amount of time, like temporary walkie-talkies, without revealing their specific locations.
The popular TraceTogether app, used in Singapore to help monitor the spread of the coronavirus, and increasingly in other countries, is also based on Bluetooth. User smartphones send data to other users of the app who happen to be nearby. If one user later tests positive for the coronavirus, authorities can notify those who have been nearby about it so that they can be tested. Officials never know where the contact took place nor can they easily track where the app's users go.
Still, privacy experts have expressed concerns about TraceTogether, even though it relies on Bluetooth technologies. For instance, some have questioned the process for downloading the app in Singapore, which requires people to register their phone numbers.
Electronic Freedom Frontier lawyer Adam Schwartz told Fortune that “Bluetooth contact tracing is a vast improvement over location tracking, but it still needs strong privacy and security safeguards.”
“We appreciate that Apple and Google have made a commitment to protect privacy,” Schwartz continued in an email. “We will be taking a close look at the protocol's specs, as well as safeguards implemented in any public health apps that take advantage of this new protocol.”
Apple, eager to be perceived as a corporate steward of privacy, is heavily promoting Bluetooth and its still-to-be developed technology as ensuring civil liberties aren’t breached. In preliminary technical materials also released on last Friday, Apple laid out several ways the service would preserve privacy.
Apple said, without elaborating, that “Users have transparency into their participation in contact tracing.” It added that any data representing a unique identifier would be altered “on average every 15 minutes, making it unlikely that user location can be tracked via bluetooth over time.”
“The Contact Tracing Bluetooth Specification does not require the user’s location; any use of location is completely optional,” Apple said in the technical documents. “In any case, the user must provide their explicit consent in order for their location to be optionally used."
Third-party app developers will get some access to the project's technologies in mid May. A final product will be ready for the broader public sometime later.
Still, the Bluetooth service has yet to be developed by Google and Apple, so privacy experts have not had a chance to inspect it. Additionally, while Bluetooth may better protect privacy than other technologies, it's unclear whether the service will include other privacy vulnerabilities in its overall design.
"To their credit, Apple and Google have announced an approach that appears to mitigate the worst privacy and centralization risks, but there is still room for improvement," Jennifer Granick, ACLU surveillance and cybersecurity counsel, said in a statement. "We will remain vigilant moving forward to make sure any contract tracing app remains voluntary and decentralized, and used only for public health purposes and only for the duration of this pandemic."
