Apple and Google Partner on Opt-In COVID-19 Contact Tracing Technology to Be Added to iPhone and Android Smartphones

[Wombert]

They are getting the IDs of all people who upload theirs. Then they can easily correlate them. Then de-anonymize the indivduals using the IP address. And voila, they have a complete contact graph.

No, there is nothing to correlate.

If you test positive for the virus, the list of IDs that your phone has been broadcasting to other phones in the past is uploaded to the server.

All participating phones in regular intervals download all known positive IDs from the server, then compare them locally to their history of IDs they've seen broadcast by other phones in the last 14 days.

If there is a match, the phone alerts (all it can tell you is when you may have met someone who now reported as positive based on that own local history; it can't tell who the person was). The server doesn't perform the matching and doesn't know who met who.

 

[B4U]

Airplane mode on, it is...

 

[Analog Kid]

My issue with this whole thing, assuming I’ve understood the implementation correctly, is that anonymity depends on the assumption that all of us come into contact with more people than we can keep track of.

But for some of us, that’s not true at all.

In the past month, the only person I talked to face to face, albeit over twenty feet away, was my neighbor. If this app lets me know I came into contact with someone with Covid, I would reasonably count on her because there’s been nobody else in my vicinity, assuming all in my family were to test negative. Even when things were normal, I spent most weeks just making the school run and coming into contact with a very limited number of people, most of whom I know in my relatively small community.

Getting back to my neighbor and her hypothetical Covid positive status pinging me “anonymously” via the app, if I were like some of the neighbors I’ve lived among previously, I’d go banging on her door and cuss her out. I have known and unfortunately lived among people who are that primitive and aggressive. They don’t think deeply at all. About anything. Ever. They just react. Their lives are a series of reactions and over-reactions to slights real and perceived.

Forget law enforcement or the government, vigilante behavior is going to be pretty rough. Even if really, people still can’t reasonably pinpoint who the person is, they are going to assume or think they can. Some people are bullheaded like that. They’re going to get a notification from the app, think back on the people they talked to and go off half cocked and make trouble over it.

We already got people using social media to “name and shame” people over gross assumptions about all sorts of things, like people with hidden disabilities who rightfully use handicapped parking spaces. Really just a moment’s thought and some courtesy could avoid trouble but some people are incapable of implementing those things.

The great wide world does not consist of wise and educated calm reasonable people. If we struggle with reading comprehension here on a tech forum, can you imagine what the reaction of the greater populations of “Karens” and their male counterparts is going to be?

That is one potential drawback I see to all of this. But even my reading comprehension is not all I could wish it to be. I am certainly open to correction.

Yeah, that's another concern. It's a potential HIPA clustermess.

I've only had time to skim the TechCrunch article, but from the graphics it looks like your neighbor has to decide to publish their status when the diagnosis is made. Of course there's the risk that they overestimate their neighbors, but at least it's not being published on their behalf.

I suspect you're right that that problem starts to go away if you've interacted with multiple people-- particularly if you're unable to coordinate your results with others to determine which unique subset of neighbors one particular neighbor has seen in the last 2 weeks. And yeah, I've seen people coordinate on information like that for much less interesting reasons-- if information flow is society's immune response, then gossip is an autoimmune disease...

 

[QCassidy352]

How about a technical description how exactly that's supposed to work? I can't very well prove a negative. I gave you a brief description above about the silent SMS method that authorities can use to roughly locate a phone.

In any case, if the carriers can already provide location information with GPS precision, why do you think Google, Apple and others are working on the Bluetooth method?

I'm a lawyer, not a cell phone expert or an engineer for a cell phone carrier. I can't describe to you the technical manner in which the carrier executes the ping.

I'm sure you'll dismiss these too, but here's a 2008 article discussing pinging the GPS:

Locating Cell Phones through Pinging and Triangulation

Is cell phone pinging really possible (and legal) for private investigators? A simple primer:

pursuitmag.com

and here's a defense attorney discussing law enforcement using GPS pings:

Cell Phone Pinging in Drug Investigations: Reverse GPS Gives Law Enforcement More Power - W Joseph Edwards

Our cell phones have become our link to the outside world. One essential feature of most “smart phones” is a GPS system which allows us to find where we want to go. But these same phones emit a signal which … Continue reading →

columbusdefenselawyer.attorney

You're not wrong about the silent SMS method, it's just a different method than the one I'm describing. That's the "triangulation" in the above article. Both methods exist.

As for why they are working on the BT method: Because the "ping" method I'm talking about requires a concerted effort on the part of a cell phone carrier; this only requires Apple and Google to engineer it, and then it happens passively. The "ping" method is resource-intensive; it's used to track individual high-value suspects in important cases. It couldn't be practically used with millions or tens of millions of Americans in the way that is necessary for Covid-tracking. Moreover, Covid-tracking requires not just location but cross-referencing locations among countless individuals. In theory, that could be done, but the resources required would be an order of magnitude (or more) greater than what's required just to track everyone, which would already be way beyond the carriers' current resources.

The BT method only requires that two devices communicate with each other. The carrier really doesn't have to be involved at all because it doesn't matter where you were when your phone came close to the phone of a person who later tests positive, only that they did come close.

 

[xxray]

I hate everything about this. Opt-in or not, this should be protested.

 

[sofila]

That’s a dangerous way to think about things (yet a sentiment the NSA would be happy to hear I’m sure). Technology and privacy can coexist, but all too often doesn’t. There’s no incentive for these companies to respect privacy other than in their marketing. Do they allow anyone to audit their systems for privacy? I’m pretty sure you’d find a trove of concerns or breaches in their policies and legislation if they did.

Apple, like Google, already sucks up pretty much everything you do. There’s no need to expanded it further with this frankly alarming level of monitoring. At least it’s opt-in so they got that right. Everything that tracks or records activity should be opt-in with the option to clear that history. Society still functioned before the internet and computers that could suck up everything and store it indefinitely, though I’m pretty sure governments would prefer you to forget that.

If the Snowden leaks proved anything it’s that the government doesn’t have to disclose what it’s monitoring or collecting (or compelling companies like Apple and Google to do for them) because it’s all subject to secret arrangements and secret courts in the “national interest”. In other words, they can likely already get this information but would prefer you to volunteer it anyway.

People in many countries are already complying with significant restrictions on movement and social distance. I don’t see how these permissions can add to or enhance that.

"Someone's privacy issues" is dedicated to those who still believe their movements, preferences, and whatever any other personal data have not already been archived and cataloged so far.
I'm not happy to sacrifice my privacy for a superior benefit for everyone, but I know that my privacy has long been gone especially in the last decade. If any Apple device owner still thinks that his/her "things" are still their own private matters...well, that's really naive.

 

[_Refurbished_]

Everyone is going to be paranoid after this pandemic...

 

[Dwalls90]

The virus is a death sentence for a small percentage of those infected, yes. Or at least they live with permanent damage to their lungs and must carry an oxygen bottle around for the rest of their lives. Because they have pre-existing conditions, because they're old, because their immune system is compromised, because they're smokers (!), because they're getting a cancer treatment, because they have diabetes (!), whatever.

Let's say, for simplicity's sake, that one percent of all people die. It's really irrelevant for the purpose of the discussion if we're using one percent, five percent, or 0.1%.

The R0 of this virus is somewhere close to 3, meaning while you have the disease, you on average infect three other people.

You infect three, first step of the spread. Each of these three infect another three. That's nine new infections in the second step. Nine people now infect 27 people in the third step. Those 27 infect 81. And so forth.

By the tenth step, you have ~60,000 new infections. By the 12th, ~530,000. By the 17th, ~129 Million.

It happens slowly at first, then suddenly all at once.

And now a percentage of these people dies.

If you have millions of people who are infected over a short period of time, then your mortality rate goes way up, because you don't have enough hospital beds, respirators (which often cause severe and permanent lung damage in COVID-19 patients!), ambulances, doctors, nurses, etc. Now you're getting a mortality rate of, say, 2%, or 4%, or 10%. That's what happened in Italy, and other places where the disease spread quickly without initial containment.

If you only have hundreds of thousands of people who are infected over the same period of time (because the disease is spreading more slowly), then the health care system doesn't get overwhelmed. It can treat all severe cases, save most of them, and you have a mortality rate of, say 0.1%.

I really don't understand why people are even debating this. There are enough examples, current and past, where exactly this happened. Be it the Spanish Flu, or the initial weeks of the outbreak in Wuhan, or the now slowly improving situation in Italy/Spain/France, or the current situation in New York City.

Because you expect people to learn from history.

 

[Osamede]

If technology can help everyone, I don't care about someone's privacy issues

It's not "someone" who has privacy issues. It's everyone. And the technology does not help everyone.

Other than being completely wrong, of course you must be completely right about this appalling capitulation to what even the Stasi could never have dreamed of having at their fingertips...

 

[simonmet]

On the subject of privacy, has anyone noticed you can’t even clear the Recents list in Apple Maps on the Mac (although whether it clears history or merely hides it from the user is debatable anyway)?

 

[Dwalls90]

The medical community have estimated the R0 to be at 2.2, again there is no definitive number yet, so I am not sure where you are getting your R0 of 3, please explain?

I understand how exponential number work, no requirement to explain. But you have over simplified it with making wide assumptions that the death rate is 100% once infected. There are people who get infected and are asymptomatic that means even in your scenario three people get infected that does not mean they are doomed, it just means these asymptomatic people go on they merry life infecting others who may also be asymptomatic while some may get ill and recover without hospitalization and others may get severe and some may be out on ventilators and some on them may still die, there is no definitive. What transpired in Wuhan, Italy, Spain, New York, etc still require investigation you are making claims that you know for certain what occurred there.

FYI did you know that ventilators can also kill COVID-19 patients as it goes counter to a cytokines storm and makes things worse. There have also been reports that some recovered patients have been reinfected, are you able to explain that if these individuals have antibodies. If I am a user of substance abuse and get a cold/flu and go to the hospital where they incorrectly label it as COVID-19 to boost numbers and predictions, I have willfully placed my immune system in a determent position. That is to say that I could have easily landed in the emergency room for overdosing, once again these are examples as to we have no definitive yet what most people lack is nutrition that would aid their immune system to do what nature intended, yes you can be over the age of 70 and survive COVID-19 if you feed your body with the right nutrients. Stop spreading FUD.

Sorry, your sentence structure is all over the place and a little hard to read clearly, so apologies if I misinterpreted what you were trying to communicate.

The R0 is changing every day. Due to lack of appropriate testing (specifically in the US), we really don't know what it is. I've seen it no lower than R2, and as high as R3.5. The point is, that it spreads exponentially either way.

Additionally, I believe the user that you responded to acknowledged a mortality rate of 1%, not 100%. Based on point above, we don't know the true mortality rate, but that fluctuates based on the demographic of the population. A larger population of Americans are overweight, smoke, and therefore even have health complications like Diabetes or Cancer. All of these factors increase the mortality rate. The fact many folks may not be able to get an ICU bed, ventilator, or otherwise appropriate healthcare also factors into the mortality rate. This is why Italy was hit hard (older, smokes, etc.), whereas Germany (impacted younger folks at first, healthier than the average American, etc.) seems to be doing better.

I don't recall reading confirmed reports of reinfections from recovered patients. My understanding was that the patients had mostly recovered and were no longer showing symptoms, so were discharged after the test threw a false negative, only for it to correctly show up as positive at a subsequent test shortly thereafter. I don't think it was a matter of truly being sick with COVID-19 one time, recovering, and independently catching it again and becoming actually sick again. It was a fluke test that caused panic. Maybe I missed something, but feel free to cite your source if you think otherwise.

 

[yegon]

The day when I go back to an ancient dumb phone draws nearer. I could do it without much of an effort really. I don’t take self(involved)ies or do social (sic) media and frequently just go out with merely my old iPod Classic, a paper book and my mechanical watch.

 

[Optheduim]

No way. I whole heartedly disagree with this in the United States. We all know there will be some accidental back door for someone to grab PII

 

[shoehornhands]

"Someone's privacy issues" is dedicated to those who still believe their movements, preferences, and whatever any other personal data have not already been archived and cataloged so far.
I'm not happy to sacrifice my privacy for a superior benefit for everyone, but I know that my privacy has long been gone especially in the last decade. If any Apple device owner still thinks that his/her "things" are still their own private matters...well, that's really naive.

Just because our privacy is currently compromised, doesn't mean the situation can't be improved, and it certainly doesn't mean we should throw in the towel. The goal is to bring enough awareness to these privacy issues that we can start rolling this stuff back, but we must stop conceding ground first. Every inch you give is another mile they'll take.

 

[jonblatho]

So if you test positive and agree to, you are blasting a significant amount of data into the world.

Not sure whether you’re referring to the size or significance of the data, or both, but everything is random (and therefore anonymous) and the keys/identifiers are very small. Many thousands can fit in one megabyte.

 

[QCassidy352]

The way I see it, the options are: 1) return to work with no plan (whole lotta people die); 2) continue sheltering in place until a vaccine is ready (economy is gutted beyond all repair); or 3) find a way to do South Korea-style test and trace.

To me, #3 seems like CLEARLY the least of three evils. But it seems many here disagree. So serious question: are you proposing #1, #2, or something else I’m missing?

 

[magbarn]

The way I see it, the options are: 1) return to work with no plan (whole lotta people die); 2) continue sheltering in place until a vaccine is ready (economy is gutted beyond all repair); or 3) find a way to do South Korea-style test and trace.

To me, #3 seems like CLEARLY the least of three evils. But it seems many here disagree. So serious question: are you proposing #1, #2, or something else I’m missing?

I think some people still believe in #1 as an option as they believe this is all just being puffed up by the media. Which is BS. Even with recent pandemics like swine flu, you don't see scores of people dying like this which is also killing healthcare workers much much more than the oddball case where a nurse/doctor died from the flu. I've had 2 family members get this. One died at 60 last week with no prior conditions. He could've exercised more daily but that was it. He had his 60th birthday the week before he died on the Ventilator. The other family member was in her 30's and she's already recovered as it just felt like a bad flu.

I'm so for #3, every positive case should be hounded. I've recalled so many social gatherings where some proverbial idiot comes in with a hacking cough and sneezing.... Unfortunately there's also many in the population who are modern day "Typhoid Marys/Toms" who don't have any symptoms as all. Only solution is to test everyone and forced quarantine on everyone who's shedding virus.
#2 is dubious right now as majority of potential vaccines being tested are RNA type vaccines which are an experimental class of vaccine in which THERE ARE NO prior vaccines that have been previously approved by the FDA. So I'm a little concerned that everyone keeps saying we'll have one in a year are being overtly optimistic.

 

[QCassidy352]

I think some people still believe in #1 as an option as they believe this is all just being puffed up by the media. Which is BS. Even with recent pandemics like swine flu, you don't see scores of people dying like this which is also killing healthcare workers much much more than the oddball case where a nurse/doctor died from the flu. I've had 2 family members get this. One died at 60 last week with no prior conditions. He could've exercised more daily but that was it. He had his 60th birthday the week before he died on the Ventilator. The other family member was in her 30's and she's already recovered as it just felt like a bad flu.

It’s incredible to me that anyone could see what’s happening in NYC right now and think simply reopening is an option. That will be every city if we do that. Except worse because right now lesser-hit areas can divert ventilators and other supplies to NYC. If every city needs that stuff in bulk at the same time it’s going to be horrific.

 

[farewelwilliams]

everyone in the thread that's complaining likely didn't read the draft specification.

 

[ghanwani]

everyone in the thread that's complaining likely didn't read the draft specification.

everyone in the thread that's complaining knows that this is the camel's nose.

 

[DeepIn2U]

Contact Tracing on one hand is innocent; you ask who someone's been in touch with and them them who they've been in touch with...

Enabling this on an API and Bluetooth level is straight up Dark Knight Rises, and we don't have Batman looking out for us.

Basically what the NSA has been doing for over a decade now ... real eyes realizes these lies over our own eyes. well this is the world we live in now.

 

[4jasontv]

The way I see it, the options are: 1) return to work with no plan (whole lotta people die); 2) continue sheltering in place until a vaccine is ready (economy is gutted beyond all repair); or 3) find a way to do South Korea-style test and trace.

To me, #3 seems like CLEARLY the least of three evils. But it seems many here disagree. So serious question: are you proposing #1, #2, or something else I’m missing?

Why is 2 an issue? Is there something wrong with letting companies die instead of people? It might slow the economy but it also has the benefit of increasing the chances of dismantling existing institutions.

 

[MVMNT]

Who potentially wants blood on their hands rather than a tin hat?

 

[4jasontv]

The Singapore Government Technology Agency (GovTech) developed and launched (the same thing) 3 weeks ago

TraceTogether — behind the scenes look at its development process

TraceTogether uses Bluetooth, not GPS, for contact tracing. Learn how this Singaporean app works behind the scenes. 📱🔍 #ContactTracing #COVID19

www.tech.gov.sg

And it's open-sourced..

i think I missed something. You are not suggesting an app on iOS is open source, right? You can’t have open source software without being able to compile and run software on your own. What stops the App Store version from being different than then the released code?

 

[Rigby]

You're not wrong about the silent SMS method, it's just a different method than the one I'm describing. That's the "triangulation" in the above article. Both methods exist.

I work in the mobile industry. I can assure you carriers can not "ping" or otherwise access the GPS module on your cell phone. Only the OS and (if given permission) apps can. Also, the carriers don't need to use triangulation to have a rough idea of your position, since they can (and do) simply log which cells you're connected to.

Many laymen think all location data is GPS, that's where all the confusion is coming from. All the stupid stuff that is shown in movies doesn't help.

As for why they are working on the BT method: Because the "ping" method I'm talking about requires a concerted effort on the part of a cell phone carrier; this only requires Apple and Google to engineer it, and then it happens passively.

This is complete nonsense. The BT proximity method is anything but passive. It's based on BLE beacon signals that all phones will be constantly sending out.

The "ping" method is resource-intensive; it's used to track individual high-value suspects in important cases.

What you call the "ping method" simply does not have the needed accuracy. If the authorities could get location information with sufficient accuracy from the carriers without requiring firmware updates or app installation for basically the entire population they would do it.