Let's assume there is no technical way the contact API can be misused. You've still conditioned massive swaths of the population to be electronically tracked, boiling frog and all.
> You've still conditioned massive swaths of the population to be electronically tracked, boiling frog and all.
I don't understand what you mean by tracked here? Until and unless you release your secret keys, the numbers your phone was broadcasting are just random gibberish to anyone other than you.
If you have Bluetooth enabled in the first place, you're already broadcasting a MAC address. Many devices now rotate that specifically to prevent tracking, making it equivalent. In fact the only real differences from your device's MAC are the bit width (tracing numbers are significantly larger) and the fact that tracing numbers are cryptographically derived from an underlying secret.
As far as conditioning massive swaths of the population to be electronically tracked, I'm afraid that ship sailed quite some time ago. Cellphones inherently reveal your (coarse) location in order to operate, modern vehicles carry extensive electronics packages that phone home to the manufacturer, and a seeming majority of people voluntarily upload significant portions of their geotagged lives to various service providers.
I'm about as privacy conscious as you'll find these days, but my only concerns regarding the contract tracing API relate to battery life and the security implications of leaving Bluetooth on all the time (it seems like there's always another zero day being announced).
> automated electronic location tracking that is to be submitted to authorities
A minor (but absolutely essential) correction - your diagnosis keys are to be submitted to a database, not your actual location data. Only those who observed one of your previous broadcasts will be able to make the connection.
The notion of a mandatory app or device that tracks location in a centralized manner certainly does make me uneasy. Thankfully that's not (yet?) the reality, but (the same as you) I can easily imagine that an appeal to security might be made in the future to justify such a requirement being enacted.
But the current API, while correlated with that issue, isn't actually related to it in a causal manner. On it's own, the published protocol miraculously manages to yield almost no privacy whatsoever. Even better, none of this actually requires cell network connectivity. You could hypothetically manufacture a Bluetooth-only device (thus no location data leakage via the cell network) whose sole purpose was to facilitate contact tracing!
If we're able to achieve effective contact tracing without giving up our privacy, perhaps it will critically weaken any hypothetical future push for a mandatory app or device that could be used for centralized tracking?
