It’s confusing, I get it. For the past four years, the message has been: “Don’t trust Big Tech with your data!” Now, Apple Inc. and Alphabet Inc.’s Google are offering a tool to tackle the Covid-19 pandemic that needs you to surrender more information to your smartphone. It’s sensitive information too. They want to know whether you’ve had the virus or have been exposed to it.

The two tech giants have announced a contact-tracing tool for their smartphone operating systems, which will be available to public health authorities everywhere. It’s no panacea, but if deployed effectively it could be crucial in tackling the outbreak. Perhaps counterintuitively, the Silicon Valley approach would protect privacy better than many government efforts. It doesn’t share any data with the authorities that they don’t have already — namely, who has tested positive for the virus.

If we hope to end the lockdowns before a vaccine is made available, then contact tracing — the identification of those who’ve been near infected people — will be essential. The head of the Centers for Disease Control and Prevention says so. Johns Hopkins University’s Center for Health Security agrees, as do the governors of New York, Massachusetts, Maryland, Washington state and beyond. It’s central to Germany’s virus strategy.

The problem is scale. Right now, contact tracing is largely analog, and involves someone asking a virus patient about their movements over the previous 14 days, and trying to work out who they might have crossed paths with. If you have more than 100,000 confirmed cases, as the U.K. does, that’s a lot of work. A report by public health researchers at Johns Hopkins and the Association of State and Territorial Health Officials said the U.S. alone needs to hire at least 100,000 people to work as contact tracers. It has 2,200 currently.

Can Tech Track the Virus Without Shredding Privacy?: QuickTake

Yet governments would need far fewer recruits if they had the right tech, and Google and Apple — which control the entire market for smartphone operating systems — seem to be well placed to provide it. Google built a $135 billion advertising business by cutting out the need for human monitoring, instead depending on automation to track and place millions of ads. Doing things at vast scale is its forte. 

The two companies’ proposed system, which should be ready in mid-May, will rely on smartphones’ Bluetooth connections. Each phone will start generating anonymous, encrypted identifier keys (a coded series of numbers and letters), which change every 15 minutes, and which it will broadcast via Bluetooth to nearby handsests. If you’re within perhaps 10 feet of someone for 10 minutes — the parameters are still being worked out — the two phones will exchange their respective identifiers, logging the interaction.

If one of the smartphone owners tests positive for the virus subsequently, the clinic that carried out the test will give them a unique code to enter into an app. The app will then upload all of the identifiers that the phone has generated in the past 14 days to a central server. If you’re using the app, have had your Bluetooth switched on, and have been in proximity to the person who’s tested positive, you’ll get an alert to let you know. 

Crucially, you won’t be told who the person was, nor where you met them. It’s as if Tinder told you someone liked you, but not who. Just as important, while your phone might flag the exposure to you, it doesn’t tell anyone else. It will be up to you to follow any self-isolating protocols. The health authorities won’t know, or at least that’s the theory. Nor will they receive an itinerary of the infected person’s movements over the past 14 days, lessening the Big Brother implications of contact tracing.

Apple and Google are offering what looks like a smart solution, as my colleague Tae Kim has written.

An alternative technological approach, as tried by Singapore, has more ominous implications because it could mean all contact-tracing data collected on your phone is sent to a central server, rather than only sending the relevant data if you’re identified as having been in contact with an infected person. This central database would be managed by governments via their health services, and it could make it much easier to track everybody’s movements, or at least everybody using the app. Even if the data were made anonymous, citizens would be putting a lot of faith in politicians not to use the system for bad reasons.

The European Union has endorsed both this centralized approach, with strict guidelines, and the decentralized approach favored by the tech giants. In either case, it will only work if there’s widespread adoption.

The Apple and Google technology would still put the contact-tracing power in the hands of national authorities, but individuals would only be sharing the minimum data necessary with the state. The companies aren’t building an actual app; they’re providing a toolkit for health services to build their own. And if the latter abused the technology, Apple and Google can always veto apps from their online stores.

Have the two companies come up with a perfect solution? No. You might receive a flag that you were exposed to someone when there was a physical wall between you. But human contact tracing is also fallible. Theoretically, it might be possible to discover people’s identities and whereabouts from the Google and Apple data. Yet the cost and effort of doing so would be prohibitive.

If we’re going to avoid being locked down for the next year, the benefits may outweigh the risks.

This column does not necessarily reflect the opinion of Bloomberg LP and its owners.

Alex Webb is a Bloomberg Opinion columnist covering Europe’s technology, media and communications industries. He previously covered Apple and other technology companies for Bloomberg News in San Francisco.

For more articles like this, please visit us at

©2020 Bloomberg L.P.