About a month into the pandemic, I got a phone call from somebody who told me they’d just heard about an elegant technical solution that might stop COVID in its tracks. They had been talking with a team in Switzerland that was trying to develop a Bluetooth-based contact-tracing app. The pitch was simple: Contact tracing in those early months was woefully understaffed and under-prioritized and couldn’t keep pace with COVID’s (first, we now know) march around the globe. With unclear incubation times and asymptomatic cases, this meant that plenty of people were walking around unwittingly contagious. But what if peoples’ phones could tell them if they’d come in contact with a COVID-positive individual? It might change everything.

I was skeptical. I’d spent the last few months of 2019 working on a seven-part series about the massive privacy implications of smartphone location tracking. The project radicalized me a bit and I could only think of the ways that a digital virus-surveillance tool might be used nefariously by governments and corporations against citizens. But I was also pretty terrified of this new virus and imagined that pandemic mitigation would perhaps take forms that made me slightly uncomfortable. I followed the project from a distance but never wrote about it.

Then, in April 2020, Apple and Google announced an unprecedented partnership to build out a Bluetooth-based Exposure Notifications platform. Basically, Apple’s and Google’s phone operating systems act as conduits—they passively log a record of the devices that you’ve been in proximity with (not the actual device IDs but a private key). This information is stored on a server run by a government third party. If somebody becomes infected, they report this information. It registers in the database, and all the keys that have been in proximity with an infected user get an immediate notification. The idea is that Apple and Google never receive any data from users; they just help collect it and distribute the notifications.

As a critic of Big Tech, I was and still am wary of big private-industry efforts using potential surveillance tools to help with the pandemic. But this line, from the privacy activist and writer Maciej Cegłowski, has stuck with me since I read it in March 2020. Like me, he recoiled at the idea of turning to invasive tech to mitigate the virus, but noted that these were extraordinary times:

“The alternative is to keep this surveillance infrastructure in place to sell soap and political ads, but refuse to bring it to bear in a situation where it can save millions of lives. That would be a shameful, disgraceful legacy indeed.”

I attended an early briefing from the two companies about the tech back when it was announced in the spring of 2020, but I didn’t hear much more. Once I started traveling a bit again, I noticed the occasional push notification from my iPhone asking me if I wanted to opt in to a specific state’s Exposure Notifications program. I did, but that was the extent of my interaction. I always wondered if, well, people were using it.

This past Christmas Eve, Myoung Cha provided an update. Cha used to be the head of health strategic initiatives at Apple and was a leader on the Apple/Google Exposure Notifications team (he’s now president and chief strategy officer at Carbon Health). In a lengthy tweetstorm, Cha reflected on the last 18 months of Exposure Notifications and why it hadn’t achieved its full potential.

As he described it, two of the world’s biggest and most powerful companies came together to create a piece of technology and offer it to the U.S. government for free, in order to modernize an outdated piece of public-health infrastructure during a pandemic. And then … nobody with the CDC, FDA, or two presidential administrations took them up on the offer. I called up Cha this week and asked him some questions about the Exposure Notifications program—how it came together, what a perfect version of digital contact tracing looks like, where the project fell apart, and why the government dragged its feet on the technology. The following is a very lightly edited transcript.

To read the rest, subscribe to The Atlantic.

Subscribe
Already a subscriber? Sign in