TL;DR — The tracking system looks to be pretty safe and it would go a LONG way to helping get control of the Coronavirus outbreak. You’re obviously not following social distancing guidelines anyway so be a champ, suck it up for a few months, and then turn it off if you want to. Google and Apple just released their updated operating systems with this built in so update your phone today to get the API enabled.
According to this article by the Washington Post, Americans aren’t thrilled with the idea that Apple and Google are creating a tracking platform that may be (probably will be) standard within our phone’s operating system in the coming months.
For those of you that have read my musings in the past, you know I bark up the security and privacy tree like George Washington’s fox-hounds. I hold that belief proudly and staunchly so, surprisingly, I’m pretty much in favor of this new development in the mobile universe.
For Rip Van Winkle…and anyone not living on this planet for the past several months… We are in the grip of a global viral pandemic–the newly-discovered coronavirus SARS-CoV-2 (the virus itself) which causes COVID-19 (the disease in humans). This bug is particularly problematic because it easily transmits between people, the infected shed live virus for many days before they present symptoms of illness, and, once it takes root in the body, the virus can have devastating effects often resulting in death or chronic respiratory distress for the remaining life of the survivor.
Scientists are pretty sure that this virus was not deliberately created but instead is a result of natural transmission & mutation methods, but if I were an evil genius designing a bio-weapon in a lab, this is pretty close to what I’d try to create.
No matter how it came about, as a global community, we need to get a handle on this thing. Stepping up to the plate, the tech community (Apple and Google, really) is developing a tracking system that will allow people to know when they have been near someone who tested positive for COVID. This is where things could potentially get dicey.
So Let’s Talk About Tracking…
Let me first say that the tech companies have rebranded this concept as “exposure notification” instead of “contact tracing” or “tracking.” The technology is the same, but it’s less scary to notify you of exposure than to trace or track people. From what I can tell, the method that Apple and Google are designing to allow this whole concept really does attempt to walk the line between maintaining the anonymity of each individual while, at the same time, allowing everyone to know fairly quickly when or if they have been in proximity to someone who has tested positive for COVID.
How Does The Exposure Notification Work?
We could get into mind-numbing detail about the intricacies of this system–it’s complicated. I’m going to WAY over-simplify it here. The first thing you need to know is that everything is done on your smart phone–no data is stored with Apple or Google until you self-identify as having tested positive for the virus. (Sorry Mom, you and your old-ass candy bar phone are going to have to figure out a different way to do your contact tracing.) Let’s do the rest as steps as it will probably be easier to process that way.
- Your phone generates a very long and very random number that is your personal identifier.
- Your phone uses Bluetooth to regularly send out a signal saying “Hey! I’m here! This is my random number identifier!”
- Other phones near yours listen for this message. When they hear it, they record the identifier, the time & date, the distance your phone is from the other phone (WAY over-simplified), and perhaps a few other pieces of information.
- All phones carry on like this all day every day sending and receiving these random identifiers.
- All phones change their random identifiers every 10 to 20 minutes.
Notice that everything up to this point happens on your phone. No information has left your phone yet.
If you are diagnosed with COVID, you can self- report this information (presumably with some kind of verification from your local health authority) and, with your permission, your phone will upload the last 14 days of your random identifiers to a central server. This is the only information that ever leaves your phone.
- Every day, everyone’s phone checks the central server and downloads the latest list.
- Your phone compares the downloaded list to the list of identifiers that it has been recording and has kept safely stored within the phone memory.
- If your phone finds a match between the downloaded list and the recorded list on your phone, it alerts you and can provide the appropriate steps for you to take next.
Again, notice that the only thing that leaves your phone is a list of these random numbers that have been generated…and that only happens when you say it’s OK for it to happen. Everything else stays on your phone. Also, notice that your name, phone number, address, etc. was never part of the data collection or conversation.
Here’s a quick graphic of the process (taken from the Apple & Google Exposure Notification FAQ PDF, page 4):
So Let’s Talk About Privacy…
This system is designed to be as private or secretive as possible while still providing the data necessary to alert specific individuals who may have been exposed to Coronavirus. Google and Apple have done a pretty good job with this system as far as I can tell.
According to the Cryptography Specification (PDF) published by Apple & Google, the random identifier is a 16-byte number. If you do the math on this, that means there are 3.4×10^38 possible combinations of digits that can be used for this purpose. Written out, there are specifically:
different codes. On page 7, the specification says that this “yields a low probability of collisions, and limits the risk of false-positive matches.” They mean that it’s very unlikely for two people to randomly generate the same number so it’s unlikely that people will be notified incorrectly.
So that’s good…the number of code possibilities is enormous…lots of places to hide in there…but how are the codes generated?
The random number uses your Bluetooth MAC address as well as the current time as its inputs. Obviously, the current time is always changing and, interestingly, your Bluetooth MAC address changes relatively frequently as well. (I just learned this today.) There still might be a slight possibility to track an individual based on their bluetooth signal, but that’s being broadcast all the time already so that’s not a big deal.
Truthfully, I came into this thinking that I was going to be skeptical of the technology and able to poke a couple of holes in how they set this up. After reading through a lot of technical papers and doing some extra research, though, I really am pretty impressed.
You can always make an argument about this or that but, let’s be honest, you’re being tracked by other means anyway so until we decide to stage a revolution (peaceful, of course) and regain our privacy, you might as well just go with it. At least by enabling this very anonymous form of voluntary location tracking during this pandemic, you’ll be helping to save lives. I know I’ll switch mine on when it becomes available.
UPDATE: It’s available. Update your phone operating system today and dig around through the settings to turn it on.
If you want to read a bit more technical information or the official FAQ, you can visit Apple’s Privacy-Protecting Contact Tracing page to fill your noggin with everything straight from the horse’s mouth.
UPDATE: ars TECHNICA has a short write-up of the iOS / Android update but the cool thing to notice are the screenshots of the new Exposure Notifications features.