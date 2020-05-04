This story was originally published and last updated .
Getting over the novel coronavirus outbreak, health experts and officials say, will take an extensive contact tracing regime in order to determine who will be able to get back to normal life the fastest and who will need to stay vigilant. With this in mind, Apple and Google have announced a collaboration on universal mobile APIs to introduce a Bluetooth-based contact tracing system — first through official apps, then, at some point, right on the operating systems of smartphones and tablets.
Keeping records of people who have been in close proximity to others will allow health agencies to notify people quickly if it turns out that anyone they've spent time with has been diagnosed with COVID-19. Some governments have already launched contact tracing initiatives — Massachusetts has assigned 1,000 people to make phone calls while Rhode Island's governor has asked citizens to keep daily contact journals in anticipation of submitting those logs to a large-scale contact tracing system powered by Salesforce. However, researchers at Lincoln Laboratories and MIT suggest that federating and automating contact tracing via Bluetooth will make the process easier to track and produce accurate footprints of where the virus is with little lag time so that officials can take swift, narrowly-targeted action.
It's in that light with which Google and Apple have laid out their contact tracing development and distribution plans in a joint statement. Starting in May, public health agencies will be able to take advantage of the APIs in their own apps. Sometime in the next few months, Android and iOS will then be updated to incorporate the contact tracing APIs on the operating system level.
Appless contact tracing will be opt-in, it's promised, with an emphasis on privacy, transparency, and consent. Draft blueprints for Bluetooth, cryptography, and API specifications are available from Apple right now. Most data processing will be device-based and will not be tied to user location — public health apps requesting that information are required to prompt for system permissions anyways. Ultimately, it will be up to the user to decide what information to submit, including whether they have been diagnosed with COVID-19.
There will always be concern about how broad-based initiatives can be exploited by malicious actors. Those worries are especially pertinent in a time where many people have lost financial security, are struggling with their personal and domestic lives, or are still vulnerable to the virus. Desperation will breed dastardly ingenuity — something the two tech behemoths will have to be vigilant for as the rest of us are right now.
More details on plans
In a press briefing, Apple and Google have shed more light as to how their contact tracing tool would work, how it would be deployed, and what roles public health organizations will play in the process.
The tool would use Bluetooth Low Energy on a constant basis to ping any Android or iOS phones within a 10-15 ft. radius that is also running the tool. Devices log down cryptographic ID keys which are generated every 15 minutes — this should help guard against people attempting to exploit the tool to track your location over an extended period.
If someone uses a public health agency's free app or a dedicated OS interface with the tool integrated to self-verify that they have a positive COVID-19 diagnosis, the user can then consent to share a log of keys recorded from the last 14 days to a server. Other devices will download the log — either hosted by Apple and/or Google or the public health agency running the app — and check if their ID keys match. If any of them do, the contact is notified about their potential recent proximity to the infected person. The contact's local public health agency may also communicate what they should do next.
The two companies insist that no one along the chain of communication will be able to discern any personally-identifiable information from any part of the process. Cryptographic ID keys are generated on-device, are the only things that are shared between devices and servers, and are the only data that can be manifest in the process. For the app-based phase of the rollout, Google and Apple will only share the APIs with government agencies, not private health organizations — the companies believe that public health crises should be managed by the government that a public delegates. Later on with the OS-level implementations, Android users will see it deployed through a Google Play services update. Apple is working on a way to provide the tool to iOS users who don't have a device currently supported by software updates.
Two elements will be vital to ensure that the tool is successful in breaking the chain of transmission: increasing availability and reliability in COVID-19 testing and potential users' trust. Part of building that trust rests in the opt-in nature of this program as well as the self-reporting of positive diagnoses — the companies are considering working with healthcare operators to incorporate lockstep test verification (i.e. scanning a QR code after taking a test), but their current stance is that the entire process should be voluntary.
Tech specs updated
Apple and Google have made changes to the Bluetooth and cryptography technical specifications of their new tool, which they've since rebadged as an exposure notification apparatus to better reflect its effective purpose and, perhaps, gain more trust from the public.
What may be the most important revision is how pings are recorded: if a phone pings another phone, it will be recorded once for a 5-minute period; if the same phone is pinged more than six consecutive times, pings with that phone will no longer be recorded for as long as the device is within signal range. Other privacy-focused changes include the encryption of Bluetooth metadata and a complete randomization of how ID keys are generated — they were previously derived from a master key that is refreshed daily. Cryptography methods have been shifted to work on the widely-recognized AES.
Governments will be able to obtain more data when users self-report diagnosis such as the relative signal strength information between the infected person and the devices it pinged. The distance information inferred here may help refine risk assessments and narrow down who gets notified. They will also be able to track the amount of time between exposure events.
The APIs will be seeded to public health authorities next week for pre-release testing prior to being integrated into apps, targeted for middle of May. They will support iOS devices from the past 4 years — this includes the iPhone 7 series and the original iPhone SE.
UI sample and other updates
Apple and Google released sample user interfaces for a public health agency app on both Android and iOS using its exposure tracking and notification APIs. They demonstrate the on-boarding process and the flow for diagnosis reporting and exposure notification. Each progressive stage is opt-in with the on-boarding process and the reporting process including a system-level prompt. The apps also feature settings pages for the user to delete whatever data the app has generated and to opt out of the base service at any time.
Last week, government agencies were provided with beta versions of a forthcoming Google Play services update, Xcode 11.5, and a pre-release stage exposure notification SDK. The third beta of iOS 13.5 also contains the APIs for that respective platform and is out now.
Even though the contact pinging protocols were strictly Bluetooth-based, there was always the possibility that the apps could request permission for the system's location information. Today, the companies have explicitly announced that any apps using its APIs will not be allowed to request that data. In addition to privacy benefits, this also rules out the inherent margin of error that GPS inherently gives and reduces power consumption. Governments that already have a contact tracing app and want to adopt this SDK will need to conform to this requirement.
The companies have generally restricted its APIs to one application to country, but they will work to allow multiple apps in a country if governments are tackling COVID-19 with a state- or region-based approach. Apple and Google also have pledged to deprecate the service when the need has passed, region by region — details of how that decision will be determined are vague at the moment.
Comments