The Case For Contact Tracing Apps Built On Apple And Google's Exposure Notification System
from the tradeoffs dept
Apple and Google have now released their update to their mobile operating systems to include a new capability for COVID-19 exposure notification. This new technology, which will support contact tracing apps developed by public health agencies, is technically impressive: it enables notifications of possible contact with COVID-positive individuals without leaking any sensitive personal data. The only data exchanged by users are rotating random keys (i.e., a unique 128-digit string of 0s and 1s) and encrypted metadata (i.e., the protocol version in use and transmitted power levels). Keys of infected individuals, but not their identities or their locations, are downloaded by the network upon a positive test with the approval of a government-sanctioned public health app.
Despite being a useful tool in the pandemic arsenal and adopting state-of-the-art techniques to protect privacy, the Apple-Google system has drawn criticism from several quarters. Privacy advocates are dreaming up ways the system could be abused. Anti-tech campaigners are decrying “tech solutionism.” None of these critiques stands up to scrutiny.
How the exposure notification API works
To get a sense for how the Apple-Google exposure notification system works, it is useful to consider a hypothetical system involving raffle tickets instead of Bluetooth beacons. Imagine you were given a roll of two-part raffle tickets to carry around with you wherever you go. Each ticket has two copies of a randomly-generated 128-digit number (with no relationship to your identity, your location, or any other ticket; there is no central record of ticket numbers). As you go about your normal life, if you happen to come within six feet of another person, you exchange a raffle ticket, keeping both the ticket they gave you and the copy of the one you gave them. You do this regularly and keep all the tickets you’ve exchanged for the most recent two weeks.
If you get infected with the virus, you notify the public health authority and share only the copies of the tickets you’ve given out—the public health officials never see the raffle tickets you’ve received. Each night, on every TV and radio station, a public health official reads the numbers of the raffle tickets it has collected from infected patients (it is a very long broadcast). Everyone listening to the broadcast checks the tickets they’ve received in the last two weeks to see if they’ve “won.” Upon confirming a match, an individual has the choice of doing nothing or seeking out a diagnostic test. If they test positive, then the copies of the tickets they’ve given out are announced in the broadcast the next night. The more people who collect and hand out raffle tickets everywhere they go, and the more people who voluntarily announce themselves after hearing a match in the broadcast, the better the system works for tracking, tracing, and isolating the virus.
The Apple-Google exposure notification system works similarly, but instead of raffle tickets, it uses low-power Bluetooth signals. Every modern phone comes with a Bluetooth radio that is capable of transmitting and receiving data over short distances, typically up to around 30 feet. Under the design agreed to by Apple and Google, iOS and Android phones updated to the new OS, that have their Bluetooth radios on, and that have a public health contact tracing app installed will broadcast a randomized number that changes every 10 minutes. In addition, phones with contact tracing apps installed on them will record any keys they encounter that meet criteria set by app developers (public health agencies) on exposure time and signal strength (say, a signal strength correlating with a distance up to around six feet away). These parameters can change with new versions of the app to reflect growing understanding of COVID-19 and the levels of exposure that will generate the most value to the network. All of the keys that are broadcast or received and retained are stored on the device in a secure database.
When an individual receives a positive COVID-19 diagnosis, she can alert the network to her positive status. Using the app provided by the public health authority, and with the authority’s approval, she broadcasts her recent keys to the network. Phones download the list of positive keys and check to see if they have any of them in their on-device databases. If so, they display a notification to the user of possible COVID-19 exposure, reported in five-minute intervals up to 30 minutes. The notified user, who still does not know the name or any other data about the person who may have exposed her to COVID-19, can then decide whether or not to get tested or self-isolate. No data about the notified user leaves the phone, and authorities are unable to force her to take any follow-up action.
Risks to privacy and abuse are extremely low
As global companies, Google and Apple have to operate in nearly every country around the world, and they need to set policies that are robust to the worst civil liberties environments. This decentralized notification system is exactly what you would design if you needed to implement a contact tracing system but were concerned about adversarial behavior from authoritarian governments. No sensitive data ever leaves the phone without the user’s express permission. The broadcast keys themselves are worthless, and cannot be tied back to a user’s identity or location unless the user declares herself COVID-positive through the public health app.
Some European governments think Apple and Google’s approach goes too far in preserving user privacy, saying they need more data and control. For example, France has indicated that it will not use Apple and Google’s API and has asked Apple to disable other OS-level privacy protections to let the French contact tracing app be more invasive (Apple has refused). The UK has also said it will not use Apple and Google’s exposure notification solution. The French and British approach creates a single point of failure ripe for exploitation by bad actors. Furthermore, when the government has access to all that data, it is much more likely to be tempted to use it for law enforcement or other non-public health-related purposes, risking civil liberties and uptake of the app.
Despite the tremendous effort the tech companies exerted to bake privacy into their API as a fundamental value, it is not enough for some privacy advocates. At Wired, Ashkan Soltani speculates about a hypothetical avenue for abuse. Suppose someone set up a video camera to record the faces of people who passed by, while also running a rooted phone—one where the user has circumvented controls installed by the manufacturer—that gave the perpetrator direct access to the keys involved. Then, argues Soltani, when a COVID-positive key was broadcast over the network, the snoop could be able to correlate it with the face of a person captured on camera and use that to identify the COVID-positive individual.
While it is appropriate for security researchers like Soltani to think about such hypothetical attacks, the real-world damage from such an inefficient possible exploit seems dubious. Is a privacy attacker going to place cameras and rooted iPhones every 30 feet? And how accurate would this attack even be in crowded areas? In a piece for the Brookings Institution with Ryan Calo and Carl Bergstrom, Soltani doubles down, pointing out that “this ‘decentralized’ architecture isn’t completely free of privacy and security concerns” and “opens apps based on these APIs to new and different classes of privacy and security vulnerabilities.”
Yet if “completely free of privacy and security concerns” is the standard, then any form of contact tracing is impossible. Traditional physical contact tracing involves public health officials interviewing infected patients and their recent contacts, collecting that information in centralized government databases, and connecting real identities to contacts. The Google-Apple exposure notification system clearly outperforms traditional approaches on privacy grounds. Soltani and his collaborators raise specious problems and offer no solution other than privacy fundamentalism.
Skeptics of the Apple-Google exposure notification system point to a recent poll by the Washington Post that found “nearly 3 in 5 Americans say they are either unable or unwilling to use the infection-alert system.” About 20% of Americans don’t own a smartphone, and of those who do, around 50% said they definitely or probably would not use the system. While it’s too early to know how much each component of coronavirus response contributes to suppression, evidence from Singapore and South Korea suggests that technology can augment the traditional public health toolbox (even with low adoption rates). In addition, there are other surveys with contradictory results. According to a survey by Harris Poll, “71% of Americans would be willing to share their own mobile location data with authorities to receive alerts about their potential exposure to the virus.” Notably, cell phone location data is much more sensitive than the encrypted Bluetooth tokens in the Apple-Google exposure notification system.
Any reasonable assessment of the tradeoff between privacy and effectiveness for contact tracing apps will conclude that if the apps are at all effective, they are overwhelmingly beneficial. For cost-benefit analysis of regulations, the Environmental Protection Agency has established a benchmark of about $9.5 million per life saved (other government agencies use similar values). By comparison, the value of privacy varies depending on context, but the range is orders of magnitude lower than the value of saving a life, according to a literature review by Will Rinehart.
If we have any privacy-related criticism of the tech companies’ exposure notification API, it is that it requires the user to opt in by downloading a public health contact tracing app before it starts exchanging keys with other users. This is a mistake for two reasons. First, it signals that there is a privacy cost to the mere exchange of keys, which there is not. Even the wildest scenarios concocted by security researchers entail privacy risks from the API only when a user declares herself COVID-positive. Second, it means that the value of the entire contact tracing system is dependent on uptake of the app at all points in time. If the keys were exchanged all along, then even gradual uptake of the app would unlock value in the network that had built up even before users installed the app.
The exposure notification API is part of a portfolio of responses to the pandemic
Soltani, Calo, and Bergstrom raise other problems with contact tracing apps. They will result in false positives (notifications about exposures that didn’t result in transmission of the disease) and false negatives (failures to notify about exposure because not everyone has a phone or will install the app). If poorly designed (without verification from the public health authority), apps could allow individuals who are not COVID-positive to “cry wolf” and frighten a bunch of innocent people, a practice known in the security community as “griefing.” They want their readers to understand that the rollout of a contact tracing app using this API will not magically solve the coronavirus crisis.
Well, no shit. No one is claiming that these apps are a panacea. Rather, the apps are part of a portfolio of responses that can together reduce the spread of COVID and potentially avoid the need for rolling lockdowns until a cure or vaccine is found (think of how many more false negatives there would be in a world without any contact tracing apps). We will still need to wear masks, supplement phone-based tracing methods with traditional contact tracing, and continue some level of distancing until the virus is brought fully under control. (For a point-by-point rebuttal of the Brookings article, see here from Joshua B. Miller).
The exposure notification API developed by Google and Apple is a genuine achievement: it will enable the most privacy-respecting approach to contact tracing in history. It was developed astonishing quickly at a time when the world is in desperate need of additional tools to address a rapidly spreading disease. The engineers at Google and Apple who developed this API deserve our applause, not armchair second-guessing from unpleasable privacy activists.
Under ordinary circumstances, we might have the luxury of interminable debates as developers and engineers tweaked the system to respond to every objection. However, in a pandemic, the tradeoff between speed and perfection shifts radically. In a viral video in March, Dr. Michael J. Ryan, the executive director of the WHO Health Emergencies Programme, was asked what he’s learned from previous epidemics and he left no doubt with his answer:
Be fast, have no regrets. You must be the first mover. The virus will always get you if you don’t move quickly. [...] If you need to be right before you move, you will never win. Perfection is the enemy of the good when it comes to emergency management. Speed trumps perfection. And the problem in society we have at the moment is that everyone is afraid of making a mistake. Everyone is afraid of the consequence of error. But the greatest error is not to move. The greatest error is to be paralysed by the fear of failure.
We must move forward. We should not be paralyzed by the fear that somewhere someone might lose an iota of privacy.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: apis, contact tracing, privacy
Companies: apple, google
Reader Comments
Subscribe: RSS
View by: Time | Thread
Don't minimize the problems
[ link to this | view in chronology ]
Re: Don't minimize the problems
This is quite an odd criticism, given that basic contact tracing has the same issue, and yet multiple experts have noted that it is key to stopping the spread of COVID.
And yet you call it "virtue signalling" which says pretty much all we need to know about your credibility here.
[ link to this | view in chronology ]
Re: Re: Don't minimize the problems
It is highly insulting that the most truthful and insightful comment is branded as hate speech.
[ link to this | view in chronology ]
Re: Don't minimize the problems
The contact tracing API is not a policy forcing sick people into nursing homes. Any contact tracing of any form has zero to do with bad policies wherever that is happening.
[ link to this | view in chronology ]
Re: Don't minimize the problems
"Now what? An EXPENSIVE test you have to pay for yourself to see if you test positive?"
Only if you live in a country whose healthcare system is built around profiting from rather than helping the sick. If you do, then you have a larger problem than how people are to b protected from this specific pandemic.
"Oh, and you are in your 20's where you are more likely to die of a flu infection than a covid infection"
...and you can also be a Typhoid Mary needlessly infecting those who aren't so lucky, regardless of age. Maybe when you've grown up a bit you might understand that a lot of things here are not about you, even if your claim is correct (and people who still compare this to the flu are rarely correct).
"virtue signal"
It's generally my experience that anyone using this term seriously is either an idiot or getting their news from places that assume they're an idiot.
[ link to this | view in chronology ]
Re: Don't minimize the problems
It's a hassle to get more tests but it means that people can go on with their lives and the disease is controlled - that's awesome. That saves a lot of people terrible pain and trouble.
The point is that we need to make testing easy to get and then if you get an alert, retest. That's it.
As time goes on, we get less and less alerts, with data we solved the pandemic and grandma doesn't have to die for a hug.
[ link to this | view in chronology ]
Re: Re: Don't minimize the problems
We can't manufacture tests fast enough for that. And the tests that we CAN manufacture are currently showing false negative rates as high as 50%. We do NOT want people going back outside right now just because one test said they were OK. Even if this system was working perfectly right now, if you get an alert, you need to quarantine, even after you test negative.
[ link to this | view in chronology ]
Re: Re: Re: Don't minimize the problems
You might be right on both points, in practice. I tried to look up the virus test accuracy and with a know virus sample it is 85-95% but I have also heard that in practice the virus is not always immediately detected and a test might need to be repeated which supports your point.
In terms of the test availability, if we don't have enough but the best investment we can make is in that capacity. I hope we do it. I don't think we should undermine good efforts because other things are not happening well. We need to address the defects and move forward on all fronts.
[ link to this | view in chronology ]
Re: Re: Re: Re: Don't minimize the problems
https://www.msn.com/en-us/health/other/abbott-test-still-misses-many-covid-cases-nyu-study-says/ar-B B142fy9
Here's another fun fact -- the tests that are giving the most massive amounts of false positives are the same ones they're using at the White House! At least there's a silver lining there... ;)
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Don't minimize the problems
Erm, that's false negatives not false positives.
[ link to this | view in chronology ]
Re: Don't minimize the problems
"Oh, and you are in your 20's where you are more likely to die of a flu infection than a covid infection."
Either you're unaware that an asymptomatic covid-carrier is a far greater threat than the visibly ill senior citizen...or you simply don't give a rat's ass that every healthy young infected person moving around will be infecting hundreds of others every week, many of whom will NOT be as lucky.
As a few have implied, you need to go google "typhoid mary" before you start railing about how young people should force everyone else into playing russian roulette.
[ link to this | view in chronology ]
So, in short, this thing is nearly perfectly safe when compared to preinstalled apps on existing smartphones.
What were they thinking. After years of megaslurp and centuries of "truth in advertising" no one will ever believe it.
[ link to this | view in chronology ]
So, in short, this thing is nearly perfectly safe when compared to preinstalled apps on existing smartphones.
What were they thinking. After years of megaslurp and centuries of "truth in advertising" no one will ever believe it.
[ link to this | view in chronology ]
It seems a double click results in a duplicate post. Mea culpa.
[ link to this | view in chronology ]
Contact tracing
Security Now did their assessment and agreed that the Google/Microsoft API was well done for preserving privacy. On the other hand I wonder what you think about Bruce Schneier's take on it...
https://www.schneier.com/blog/archives/2020/05/me_on_covad-19_.html
...which appears to consider contact tracing apps as theatre.
[ link to this | view in chronology ]
Re: Contact tracing
I have a tendency to agree with Bruce. False positives and false negatives are a big issue. Additionally, as pointed out above, not everyone has a cell phone. I don't, though I do have some tablets I don't carry them with me everywhere, and both Bluetooth and WiFi are turned off, unless I have a personal need for them, after which they are turn off again. Then there are the issues with testing, which include cost, accuracy, and availability and maybe some I haven't thought of.
On the other hand, knowing that you have had contact with a person suspected of being a Covid-19 carrier is better than not knowing. I have some doubts about how many will sit through some TV program where they read out numbers for you to see if your a winner. I don't have TV, so it wouldn't work for me. They might be better off with a website where you could look up to see if you 'won'. But not much better. How many times will any individual check, or how often?
Contact tracing would be better if it was comprehensive (included everybody) and easier, but that is not actually practical. And given Bruce's issues, as well as the above, not likely to become comprehensive.
The most practical solution I see is to test everyone, weekly, for several weeks. But then again that isn't actually practical either.
[ link to this | view in chronology ]
Re: Re: Contact tracing
There's a wee bit of confusion in your comment. May I try to clear it up?
The "radio program" is part of the introductory analogy using raffle tickets, not part of any actual implementation. Apps implementing tracing using the facility provided by Apple and Google would download lists from the public health agency providing the app [the agencies might confederate the data so the app would work as the phone travels from one jurisdiction to another]:
As for
Again, there's an app. The app does the checking. Perhaps the implementer provides a default frequency, and the user may have a preference to modify it.
[ link to this | view in chronology ]
Re: Re: Contact tracing
"False positives and false negatives are a big issue."
It really depends on what happens to someone who get those. False positives are an issue, but if all that happens is that people who are tagged as positive is that they have to stay home while everyone else gets back to normal faster, and/or they have to be tested to confirm, it's a low price to pay compared to what's happening right now. Similarly, false negatives are also a real issue, but the question is does it catch more people than operating without the app does? If the answer to that is yes, then it's silly to let perfection be the enemy of the good.
"Additionally, as pointed out above, not everyone has a cell phone"
The idea of these apps to anyone sensible is not catch 100% of everything without fail or error. It's to get better information than is available without the apps, and use that information to better target the response to the pandemic while getting things back to normal. There will always be mistakes, people who slip through the net and people who cannot be tracked. But, is it a better tool than not having it?
"The most practical solution I see is to test everyone, weekly, for several weeks"
No, that's not at all practical. Most effective in theory, but definitely not practical. But, even then there will be a non-zero error rate due to faulty tests, tests that are not run correctly due to overworked and undertrained staff, and so on.
I think the main thing here is that since most people are already carrying devices on them and most people will accept installing the app as the price for returning to a normal life, then it possibly respresents a better option than not having it.
[ link to this | view in chronology ]
Re: Contact tracing
Thank you for the link. Schneier usually says something sensible to think about. In this case, though I can't name it, I believe there's an informal fallacy in his argument:
Testing is an essential predicate for control until we have a vaccine or "herd immunity" (don't hold your breath for that). The general plan for control of the pandemic before a vaccine is available is
Schneier says without A, an app to help with contact tracing is useless. I agree. But then, "without ubiquitous, cheap, fast, and accurate testing" you can't do effective contact tracing (neither with nor without an app, especially if there's asymptomatic spreading).
But that doesn't mean an app to help with contact tracing is useless under all circumstances" does it?
That doesn't mean that an app to provide some help with contact tracing is useless. It seems more accurate to say it may be premature. Testing capability varies from place to place, and may improve with time.
[ link to this | view in chronology ]
Re: Re: Contact tracing
"And without ubiquitous, cheap, fast, and accurate testing, you can't confirm the app's diagnosis. So the alert is useless."
I wouldn't say useless, unless there are a lot of false positives. The question is, what's the real alternative? With a for-profit medical system and a bunch of idiots who are convinced that tests and vaccines are some secret plot to imbed chips into everyone in a way that magically can't happen with normal medical interactions, is there really anything easier, cheaper and more effective than an app download, whatever the problems that has?
"It seems more accurate to say it may be premature."
I'd call it a stop-gap measure. The idea of the app is not to provide a full permanent fix. It's to provide better intelligence to better target limited resources until the pandemic is over and everyone can be tested/vaccinated as required.
[ link to this | view in chronology ]
Not 100% convinced.
"The notified user, who still does not know the name or any other data about the person who may have exposed her to COVID-19, "(..as of TODAY...)
"can then decide whether or not to get tested or self-isolate" (.. as of TODAY....)
"No data about the notified user leaves the phone" (.. as of TODAY...)
"and authorities are unable to force her to take any follow-up action." (.. as of TODAY...)
For those who believe this tech is safe and secure, or can't or won't be abused: Here's a list of things you'll probably need to stock your shelves
Ascorbic acid
Artificial color
BHA
Calcium phosphate
Citric acid
Maltodextrin
Natural flavor
Salt
Let's hope the tech is as advertised, and is safe and secure. Like Zoom. And Facebook......
[ link to this | view in chronology ]
Re: Not 100% convinced.
That's probably the most verbose Jonestown reference I've seen to date.
[ link to this | view in chronology ]
Verification?
That all sounds...actually pretty decent.
But here's the question -- who has verified that this is exactly how it works in practice? Because the last reports I saw (in Wired) indicated that Google wasn't even willing to state that on the record, let alone any kind of independent verification. Keep in mind that this is the same company that said they weren't and didn't intend to be snooping on a bunch of peoples' wifi...and then three years later we found out that they actually were when then they lost a lawsuit and were ordered to stop...and then six years after that they lost another lawsuit over the same issue and had to be ordered to stop AGAIN. And that was only a couple months ago so who knows if they even bothered to comply this time, since they apparently didn't before. So yeah, I'm not exactly going to take their word for it when they swear that THIS product is different and THIS time they're really truly honestly not spying.
I'll consider believing it when someone like the EFF analyzes some packet captures over at least a couple days...but even that seems pretty difficult to do in a realistic scenario (the average Android user sends so much data to Goog, it'd be a needle in a haystack...)
Not that it matters to me...given that my newest phone is an LG V20 with no play services, and a Librem 5 is on my wishlist, there's a good chance I'll never actually own a device capable of running this stuff... :)
[ link to this | view in chronology ]
Re: Verification?
Here is one other more practical problem...this is part of the operating system. How many Android manufacturers basically never release updated roms after the first couple months? Best case you get two years, worst case you get nothing. And often they're significantly delayed, although I'd hope that at least the updates that do ship will rush to include this. Still, I wonder how long it's going to take before a significant portion of Android users even have this feature...?
Google has said before that they want to pull more control away from the manufacturers...soon they might be able to claim that doing so is a critical public health issue...
[ link to this | view in chronology ]
Re: Re: Verification?
I really need to stop talking to myself and get to sleep...but one more thought... :)
But...the ID number is a 128 bit value that changes every 10 minutes? With 1.5 million active cases right now in the US, that certainly would be a long broadcast...
(1,500,000(624)*128)/8 = 3456000000 bytes per day. Three and a half gigs if I'm understanding this right....
Sure, we aren't gonna get 100% market saturation, but we want as much as possible, right? And this might not be only for the USA? And we can't just broadcast today's numbers...you might have been infected two weeks ago and just now installed the update...so that count is going to be a bit larger than just the current active cases too. And the number of cases is still rising. So what, everyone downloads a couple gigs on their cellphone every night? I feel like that could be a problem for a lot of people...and sure, you can save the list and only download updates, but a couple gigs of storage space could also be a problem for a lot of people.
But I guess it'll be alright...I'm sure if that's a problem then someone can figure out a way to do all of that processing in the cloud instead... :)
[ link to this | view in chronology ]
Re: Re: Re: Verification?
The download volume might be a problem where data caps exist, but the phone does not need to store that data, only compare it with its own much smaller list of contacts. Also, so long as a download timestamp is used, it need only download numbers added since its last download.
The phone only stores those numbers it obtained in the last two weeks, or whatever time frame is decided on as relevant. The app also assumes social distancing, and going clubbing every night could cause a data storage problem, as well as helping the virus spread.
[ link to this | view in chronology ]
Re: Re: Re: Re: Verification?
So...the phone doesn't need to store the data, and it can reduce the volume transmitted by...storing the data? You need either a few gigs transmitted or a few gigs stored, you can do one or the other and not both, but you need at least one. Probably you want to have ways of doing both, because neither option is going to work for everyone.
I don't think it really matters if you're going clubbing every night. You need to transmit the IDs of everyone infected, not the IDs of people they were in contact with. Of course going clubbing every night might increase the transmission rate, but it's not directly increasing the number of IDs to be transmitted. Now, if you manage to isolate yourself pretty well, there's a possibility you can reduce the volume by not transmitting keys that you were using when nobody was around -- this assumes that the key exchange is an exchange rather than a broadcast though, if it's a broadcast you have no way of knowing who received it or when. And broadcast would seem to be more reliable. But if it is an exchange, you can distribute only the keys which were actually exchanged with someone. However...people who live with family or a spouse or roommates, or even some people who live alone in apartments and things, are going to be recording contacts all the time. And it's a random number, so your phone shouldn't have any way of knowing that this is the same contact over and over again. So for some reasonably large percentage of the people, I think you will have to broadcast nearly every single one of those codes, for every day that they might be contagious.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Verification?
You store you contacts for the past two weeks, which should not be a vast amount of data. When somebody is confirmed infected, their store of contacts, for the past two weeks, is transmitted, and you compare those numbers to the ones you have stored, and if one matches, you are notified by your phone. Note you do not need to store the numbers that are transmitted because they are historic, and you only need to see each number once to make a comparison.
A bit of time information allows the central database to know what numbers you have seen. A bit of time data for the time of the last number you have seen, and maybe geographic fencing, i.e a US citizen only need to check against European numbers if they have visited Europe in the preceding fortnight, and the volume of the download is reduced. As a practical matter, the time data can be treated as imprecise, and numbers repeated to you, rather than miss one due to time data jitter.
The principle is that you need to see the numbers from an infected person once to make the comparison with your store of contacts, and it can be disposed of once the comparison has been made. You were either within six feet of them during the past fortnight, or you weren't, and that won't change after you have seen their numbers. Your phone only needs to store the numbers it is given for a fortnight on a rolling basis, presumably in a hash based store for fast lookup against transmitted numbers, and those numbers are kept for the full fortnight.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Verification?
Sure you could do geofencing or time boundaries or other methods to cut down that data...but it's not mentioned exactly what that would be and how it would work. You could also just upload the GPS coordinates of everywhere you've been. Those are all different systems than what is described above, which all sacrifice privacy and security for convenience. Can you get away with a bit of that without any real harm? Probably. But that's a different system, and we have no data on how that would be implemented.
And I do need to see each number more than once to make a comparison, unless I'm telling the server exactly which numbers I've seen and when. If I don't store the data, then someone I met today might have been in last week's list, so I need the full two weeks of data every night. If I do store the data, then that's potentially a gig or two per day for two weeks that I've gotta store. Also, two weeks is an average. I've seen some doctors stating that the incubation period can in some cases be as long as a month. So we probably don't want to limit tracing efforts to only two weeks.
Storing hashes might help a little, you can maybe reduce the memory requirements by half...but if you go much further than that I think you're going to start having collisions, so you'll have to start checking in with the server to see if those matches are actually valid, and once again you've started sending a bunch of data back to the server beyond the specifications given above.
So the given plan is potentially infeasible for a lot of users, and there are no plans to address that, so nobody can say what kind of system we might end up with if they have to start hacking in solutions to these issues...but it won't be what they've described so far.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Verification?
No, you only need to see a number once, and compare it with your local list once, as it is either n that list and you are notified, or it is not in that list and will not appear in that list. Don't forget that the numbers being sent over blue tooth are random and changing on something like a 10 minute Interval. All the phone needs to store is those numbers you have received over blue tooth, and for a period of a fortnight.
A time boundary is easy, just cut a little slack to ensure all data is received. and geofencing can be wide area, probably by country. Also note the time is the timestamp of the last time you downloaded the list, and bears no relation to when you close to someone who was infected when you were close.
The system has been carefully designed to protect privacy, in that the only data given the server is the list of numbers from the infected person, and those are raw, without time stamp, or location data. All a match does is tell you you were close to an infected person, but not when or where. the system specifically does not identify who the store numbers belong to, or where they were collected, or who has matches to those numbers.
The system is specifically designed to tell the phone owner, or some one with access to the phone, that the phone was close to somebody who was infected. That is why some countries are rejecting the system, it does not identify contacts to the government, so could not be used to identify contacts, or be used for instance, for finding out who you you near to during the past fortnight.
[ link to this | view in chronology ]
The authors did not define "tech solutionism", so I can't be sure what precisely they're arguing against, but I can't help but notice the post lacks even the most basic statistical analysis. Saying "no shit, it won't magically solve the crisis" is just lazy, casting aspersions on detractors based on nothing—nobody said Apple and Google were claiming a magic solution.
This seems like talking heads arguing back and forth. For a bunch of academics, I'd have expected better from Soltani et al. too. Where are the numbers and the simulations that would estimate how much safer this could make someone, how many lives it could save, given various levels of penetration and compliance?
Of course the public will base their opinions of this on their perceptions of the companies. They don't have the expertise to analyze the code and protocols or run the statistics, and nobody seems to be giving them any real information—just "trust us, you're overreacting" or "maybe it could help". And they've seen how "trust us, it's anonymous" often goes with tech companies.
[ link to this | view in chronology ]
Dr. Ryan's Video Doesn't Work
I've tried both Firefox and Chrome and all I get in the video the "viral video" link provides is an endless circle. However, I was able to find it on YouTube:
https://www.youtube.com/watch?v=GJwaeynSkFY
[ link to this | view in chronology ]
I can't fathom the six foot rule.
[ link to this | view in chronology ]
Re:
That's easy. The disease can travel a certain distance and people can be contagious without symptoms. Keeping people 6 feet apart reduces the chance of infection greatly.
[ link to this | view in chronology ]
Re: Re:
fath·om /ˈfaT͟Həm/
a unit of length equal to six feet (approximately 1.8 m), chiefly used in reference to the depth of water.
google
[ link to this | view in chronology ]
Re: Re: Re:
verb (used with object)
to measure the depth of by means of a sounding line; sound.
to penetrate to the truth of; comprehend; understand:
to fathom someone's motives.
https://www.dictionary.com/browse/fathom?s=t
[ link to this | view in chronology ]
Re: Re: Re: Re:
I thought that was the joke, oh well.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
It was meant as a joke for Mericans since in the UK we dun gone metric.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Yeah, I missed it... I see it now.
[ link to this | view in chronology ]
"No sensitive data ever leaves the phone without the user’s express permission"
Google can't give any such guarantee. Even if the API itself is secure, it feeds into a third-party app with internet access that can send out anything the developers want it to.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Now now, no questioning of "the solution" will be allowed AC, you know that. All questions and exceptions pointed out will be rigorously and firmly quashed. No debate will be allowed, and there are no legitimate doubts, because after all, The Experts know best, and with the support of Big Corp and Big Gov, what they say goes, so just STFU serf and obey!
I am amazed (not really) at the willingness of everyone, especially from this site, to willingly and enthusiastically embrace measures like this, and so excited to run straight into the arms of a surveillance state situation.
[ link to this | view in chronology ]
Re: Re:
Questions of the solution are allowed. They just might not have the answers you want.
I am amazed at your disingenuous assertions, however. There's a number of Techdirt articles highly critical of the very much less privacy-conscious alternatives others are trying to push through. Note in this article how the authors mention France wanting more data than this API allows.
Techdirt articles critical of surveillance states/censorial laws:
https://www.techdirt.com/articles/20200519/14574244531/londons-facial-recognition-rollout-trip s-over-pandemic-as-facemasks-render-system-even-more-useless.shtml
https://www.techdirt.com/articles /20200514/19205644507/french-government-passes-hate-speech-law-will-allow-law-enforcement-to-run-int ernet.shtml
https://www.techdirt.com/articles/20200519/11075144527/philippines-government-uses-cyber crime-law-to-arrest-citizen-calling-president-asshole.shtml
https://www.techdirt.com/articles/202005 18/12511644522/fbi-holds-press-conference-to-claim-apple-prevented-it-checks-notes-verifying-attribu tion-pensacola-air-base-shooting.shtml
https://www.techdirt.com/articles/20200514/17321444504/hungar ys-government-using-pandemic-emergency-powers-to-silence-critics.shtml
https://www.techdirt.com/arti cles/20200518/01022544516/now-washington-post-misleadingly-complains-about-google-apple-protecting-y our-privacy-too-much.shtml
https://www.techdirt.com/articles/20200514/13302244501/documents-show-nso -group-is-pitching-malware-to-us-local-law-enforcement-agencies.shtml
https://www.techdirt.com/artic les/20200513/17543744495/as-some-are-requiring-people-to-give-up-their-info-to-dine-stories-creeps-a busing-that-info-come-out.shtml
https://www.techdirt.com/articles/20200514/12061744499/one-few-gover nment-officials-who-actually-can-police-speech-whines-ridiculously-about-facebooks-oversight-board.s html
https://www.techdirt.com/articles/20200514/14553344502/senate-passes-surveillance-reauthorizati on-bill-80-16-one-stripped-almost-all-reforms.shtml
https://www.techdirt.com/articles/20200513/11052 544492/one-vote-short-fisa-amendment-requiring-warrants-browser-search-data-fails.shtml
https://www. techdirt.com/articles/20200509/09052544462/ohio-government-asks-companies-to-snitch-employees-gets-h it-with-auto-generated-bogus-tips-instead.shtml
https://www.techdirt.com/articles/20200511/171641444 80/even-as-gop-whines-about-illegal-deep-state-surveillance-preparing-to-give-more-surveillance-powe rs-to-fbi.shtml
https://www.techdirt.com/articles/20200510/20112544471/national-intelligence-report- shows-fbi-never-gets-warrants-backdoor-searches-nsa-collections.shtml
https://www.techdirt.com/artic les/20200505/15583344441/earn-it-act-also-threatens-journalists-their-sources.shtml
https://www.tech dirt.com/articles/20200506/07424744444/as-more-students-sit-online-exams-under-lockdown-conditions-r emote-proctoring-services-carry-out-intrusive-surveillance.shtml
And the list goes on ... and on ... and on ...
[ link to this | view in chronology ]
Re: Re:
"I am amazed (not really) at the willingness of everyone, especially from this site, to willingly and enthusiastically embrace measures like this"
I spent this afternoon at a beach bar with friends and beer, mostly because of a hard lockdown and a soft reopening without requiring such things. What did you do? Since Trump was so incompetent in the early stages of the pandemic, what are you willing to accept as a price for that early failure?
[ link to this | view in chronology ]
Re: Re: Re:
"Since Trump was so incompetent in the early stages of the pandemic, what are you willing to accept as a price for that early failure?"
Not a govt-enforced removal of all my constitutional freedoms, including tracking all my movements and if I was in the "wrong place" come to my door and steal me away (or lock me up) in quarantine based on mere possibility that I might be infected, or force a vaccination on me against my will "for the greater good". All of these are proposals on the table right now and the appalling thing is sites like this (and people like you - what happened to you man? you used to be sensible) that are pushing hard and enthusiastically advocating for these measures. "for the children" and "for the greater good" are two of the biggest justification gateways to literal evil actions ever used by man against his fellow man
[ link to this | view in chronology ]
Re: Re: Re: Re:
"force a vaccination on me against my will"
Well, if you're dumb enough to refuse an effective vaccine against a pandemic disease - that's already killed 340,000+ due to the fact that there's no natural immunity against it - maybe you would need persuading. At some point the right of other people to not be infected by you outruns your right to be a carrier.
"people like you - what happened to you man? you used to be sensible)"
I'm still sensible. Luckily, the government where I live is also sensible, allowing us to open back up the economy without having to resort to such extreme measures. This is only being discussed because you rejected the easier options at the beginning of all of this.
"that are pushing hard and enthusiastically advocating for these measures"
I'm doing no such thing, I just recognise that after the abject failure of your leadership to deal with the situation early, such short-term measures would be preferable compared with the option of opening back up without contact tracing.
""for the children" and "for the greater good" are two of the biggest justification gateways to literal evil actions ever used by man against his fellow man"
The orange idiot has added 2 more - "for the stock market" and "for my reelection chances", and he's already sacrificed tens of thousands of lives for those.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
I remember the days when RD was one of the loudest voices making fun of the likes of blue, darryl and antidirt. And somehow he's managed to fall to the levels of fucking anti-vaxxers. Damn, how the mighty have crumbled...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Not opposed to vax at all, I've had all mine over the years. Opposed to the erosion of individual liberty and freedom in the name of (insert Big Brother enemy/issue) that accompanies these "never let a crisis go to waste" exercises in what looks an awful lot like a power-grab.
Also not going to take some BS cocktail of unverifiable poison cooked up in a couple of months without the years and hundreds of thousands of tests that these thing usually go through. Look up the history of the Polio vaccine to see what I am getting at.
If they can force issues like this, they can force your speech to be what they allow, your freedom of movement to be what they allow, whether you are allowed due process or not. If you all support this, then don't come crying about it later, or complain about how laws aren't being followed like articles here currently point out (copyright, police, surveillance, etc)
I'm say be very careful the initiatives you support in giving the govt even more powers that are not constitutionally allowed.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
"Not opposed to vax at all, I've had all mine over the years."
So, what's different about the one being developed, which doesn't actually exist as a tested product yet?
"Also not going to take some BS cocktail of unverifiable poison cooked up in a couple of months without the years and hundreds of thousands of tests that these thing usually go through"
So, you don't trust medical testing if it hasn't been going on for an arbitrary length of time?
"Look up the history of the Polio vaccine to see what I am getting at."
The polio vaccine that worked, but had a non-zero risk of serious side effects or even infection while the vaccine that was ? How many lives were saved by the vaccine being applied vs. the number it inadvertently cost? Unless you're seeing different data to what I'm aware of, while the victims are unfortunately, overall it was a massive success even with those risks.
"If they can force issues like this, they can force your speech to be what they allow, your freedom of movement to be what they allow, whether you are allowed due process or not"
Erm, have you looked at the news lately? Why is a vaccine necessary to enforce things that are already happening?
[ link to this | view in chronology ]
Re: Re:
The head of the nail has been struck.
[ link to this | view in chronology ]
Re:
You might be able to, but it might be more effective to hire someone to walk past your competitor while coughing.
[ link to this | view in chronology ]
An iota of privacy
Re: “We should not be paralyzed by the fear that somewhere someone might lose an iota of privacy.” Ben Franklin argued, “Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.”
[ link to this | view in chronology ]
Voluntary..or not?
Does it test you??
nope.
Can it do anything if you turn it off or erase it, NOPE.
Who will use it? Paranoid persons with problems about Virus and dirt..
So you run around with an open BT channel that scans looking to hook up with other SIMILAR programs running, so it bypasses our BT and probably Wifi, to check or warn others, that we have or Dont have a virus.
LOGS that data and sends it the next time we are near our Own wifi, or send it via cellphone to the same location.
How many of you have figured out What causes your phone to BLEEEEDD power? while out doing things it nice to Cut the wifi off, Turn off the GPS, and turn down the Brightness on the phone, so that you can get 1-3 days of use on the phone.. And if you use it for Video, you know you have taken off at least 4-10 times the amount of time used to watch the video.
[ link to this | view in chronology ]
I can imagine the phone scams we will soon be subjected to.
Hello, (insert name here)
Were you at Joe's Bar & Grill last weekend? Well if you were .......
[ link to this | view in chronology ]
Pseudoscience 101
[ link to this | view in chronology ]
Key logging
Some times key logging is possible,
We have to avare about it keylogging
https://banaganapalliphone.blogspot.com/
[ link to this | view in chronology ]