Sen.Maria Cantwell chats with GeekWire Chairman Jonathan Sposato at the 2015 GeekWire Summit.

Sen. Maria Cantwell, D-Wash., is one of the sponsors of bipartisan legislation aimed at ensuring that coronavirus tracing apps protect consumer privacy.

The Exposure Notification Privacy Act relates to automated contact tracing tools that are currently being developed by companies ranging from Apple and Google to PricewaterhouseCoopers and Juniper Networks.

Such systems typically involve monitoring a user’s movements, and issuing an alert if it’s determined that the user has previously come in close contact with another user who tests positive for COVID-19. The proximity data is typically uses Bluetooth data to monitor proximity.

PwC and Juniper say they plan to equip their own employees with the tracing tools, and make them available to clients as well. Apple and Google have created software that developers and public health agencies can build into contact tracing apps. The Apple-Google software is being incorporated into Italy’s Immuni app, Latvia’s Aptun app and Switzerland’s SwissCovid app.

Britain, France and Singapore are working on mobile tracing systems that aren’t based on the Apple-Google standard. Several apps are in the works in the United States, including North Dakota’s Care19, Utah’s Healthy Together and apps for Alabama and South Carolina.

The legislation introduced by Cantwell and Sen. Bill Cassidy, R-La., makes participation in commercial online exposure notification systems voluntary and limits the kinds of data that can be collected. Public health officials would have to be involved in the deployment of systems, and only medically authorized diagnoses could be fed into the systems. That’s meant to guard against the filing of false infection reports, or “contact swatting.”

“Public health needs to be in charge of any notification system so we protect people’s privacy and help them know when there is a warning that they might have been exposed to COVID-19,” Cantwell, the ranking Democratic member of the Senate Committee on Commerce, Science and Transportation, said in a statement.

Participants in the exposure notification systems would have the right to delete their data at any time. The law also would prohibit discrimination against any individual in places of public accommodation based on the information they provide, or based on their choice not to participate in the system.

Coronavirus Live Updates: The latest COVID-19 developments in Seattle and the world of tech

Federal and state authorities would be empowered to enforce the lay by seeking injunctions, civil penalties and other monetary relief.

Washington state’s health secretary, John Wiesman, said he welcomed Cantwell’s efforts. “People must feel confident they can safely choose to participate in this important public health work,” he said. “This legislation will ensure that.”

Ed Lazowska, a computer science professor at the University of Washington’s Paul G. Allen School of Computer Science & Engineering, agreed with Wiesman.

“This bill will strengthen people’s confidence in decentralized exposure notification services – a technology with an important role to play supporting manual contact tracing – while protecting users’ privacy,” Lazowska said. “It requires public health agencies to be in control, prevents unverified diagnoses from being uploaded, and specifies strong cybersecurity protections.”

In addition to Cantwell and Cassidy, Sen. Amy Klobuchar, D-Minn., has signed on as a bill sponsor.

Many of the legislation’s provisions are already part of the Apple-Google software standards. Jeffrey Kahn, director of the Johns Hopkins Berman Institute of Bioethics, told MIT Technology Review that the two tech giants seem to be effectively setting national policy through their decisions.

“There’s a vacuum, and they do control access through the technology,” Kahn said. “I guess it’s not surprising, but they’re definitely dictating terms.”

As an example, Kahn said the Apple-Google software put a premium on minimizing battery usage That’s likely to make it more palatable for users to download and use the app, but could make it harder for the Bluetooth-based system to detect other users nearby.

Like what you're reading? Subscribe to GeekWire's free newsletters to catch every headline

Job Listings on GeekWork

Find more jobs on GeekWork. Employers, post a job here.