The difference being that in the Apple/Google implementation, the app only sends anonymous tokens, with nothing tying them to anyone the infected met. Then their contacts download the full list of these tokens from the cloud and match them against their local history of tokens. (Again, key part being that this matching happens locally, not in the cloud.) The government never gets involved except in allowing the infected to upload their (anonymous) history.