Apple and Google have specified the changes made to their programming interface allowing contact tracing by application. Secure and customizable, it will not however allow States to graft a complete house protocol on top.
If medical science is currently moving at full speed to find remedies for coronavirus , tech companies are also trying to make up for lost time by providing tools that may be able to support health authorities.
Two weeks after the announcement of a historic partnership around the construction of a useful tool for tracing contacts , Google and Apple clarified how it works. Numerama was able to attend the conference given to the international press by spokespersons of the two companies, who very readily recognize the limit of these applications: " This is not a quick fix and it will not solve the epidemic: we we designed our solution as a toolbox that health agencies asked us to help them . "
Read : StopCovid: the government is in a technical impasse
A CHANGE OF NAME
The first change to note is terminology, but it makes it possible to say much better what are, basically, all the protocol projects allowing contact tracing: the joint project of Google and Apple is now called "Exposure notification". This change makes it possible to distinguish the technological process, whether that of Google and Apple, ROBERT of Inria or DP3T from the very concept of contact tracing.
A notification system that allows contact tracing
In a forum, Bill Gates rightly recalled that contact tracing was particularly effective when it was carried out by a human operator who called one by one the contacts of a patient diagnosed positive for coronavirus: the mobile application is a way of make contact tracing . A valid method which was recalled by one of the spokespersons of the companies, affirming that the effort joined by Google and Apple was one more means to achieve this end.
Google and Apple have announced that their API design has evolved, thanks to discussions with different laboratories around the world and the contributions of engineers in these laboratories. Two points were put forward by companies: the first concerns major changes in the way of securing and anonymizing the data exchanged; the second to do with how states and health agencies can customize their apps to match national health recommendations.
Neither point makes this essential solution compatible with local protocols, such as the ROBERT protocol of Inria in France.
GREATER PROTECTION
On the security side, Google and Apple have chosen to encrypt the data exchanged (the encrypted identifiers of other people, for example) with AES technology rather than HMAC, which does not require too much power to perform encryption on the phone without slow it down - even for older models. In addition, the system will also encrypt the Bluetooth metadata, which will not allow a potential attacker to deduce the model of a smartphone by recognizing its signal.
A UNIQUE AND ENCRYPTED KEY WILL BE GENERATED EVERY DAY ON EACH SMARTPHONE
As for the keys created to identify smartphones, they will no longer be derived from an initial key, but renewed every day. There will therefore be a unique key every day, attached to a smartphone, which prevents a potential attacker from going back to " the initial key " by guessing it from a derived key. Finally, to make information on the time spent in the presence of another smartphone more difficult to use, it will be divided by period of 5 minutes, up to a maximum of 30 minutes.
MORE PRECISION WITH BLUETOOTH
One of the arguments of expert detractors of contact tracing by application is the impossibility for Bluetooth to create a satisfactory measurement between two people, which will not cause false positives to emerge. Elements can never be controlled, such as the thickness of the fabric of a pocket or a surface that would block the signal. But Google and Apple have added information to the API: the nominal power of the Bluetooth chip embedded in a smartphone.
This will allow the information on the signal received by another smartphone to be balanced: if a Bluetooth chip sends a weak signal, the smartphone that receives it will know that it is not necessarily because it is far away, but perhaps because that it does not have the technical capacity to broadcast more. Still, there will always be a signal intensity / distance conversion table, the accuracy of which remains to be proven.
Likewise, to give more control to countries in building their apps, Google and Apple will let them define what constitutes, for them, an "exhibition event". We know that all countries have a doctrine, for example on the distance to be respected between two people and they will have one to also determine from how much time spent in the presence of a person we consider that there has been a "Contact" which can lead to contamination. The new API will allow health agency developers to adjust these levels as they see fit.
Apple blocks Bluetooth in the background to protect users from malicious apps // Source: Claire Braikeh for Numerama
INCOMPATIBLE WITH THIRD-PARTY PROTOCOLS
These advances on the APIs of Google and Apple, the only ones that will allow access to Bluetooth in the background and which are therefore essential for the proper functioning of an application bury projects that are not based on it. Spokesmen for the two companies hailed the work of states on homemade solutions, but believe that only a global solution, deployed worldwide and the same on all smartphones can be effective on the side of the communication protocol: " You don't want the protocol to vary nationally, otherwise it won't work on the interoperability side. It is the fact that it is precisely standardized that will make the API work on a large scale ". States are free, thereafter, to build their homemade solution over this instructional game.
The ROBERT protocol, which is for example put forward by France, is still not compatible with this API: it assumes that the correspondence between a user declared positive and all his contacts is made on the central server, which will therefore assume that all contacts are "at risk" so as never to individualize the confirmed carrier of the virus. On the side of Apple and Google, centralization is only there for the aggregation of anonymized data and correspondence is done on the smartphone locally, the only way for them to guarantee that information does not escape the control of the user.
It remains to be seen how the public authorities will get out of this impasse: adopt the Google / Apple API and adapt ROBERT to its functioning? Otherwise, the StopCovid application, whose limits are already very numerous, will have trouble functioning. Communication side, the government's excuse will be found if StopCovid does not work as expected: it will be the fault of Google or Apple, who did not give him a free pass to lessen the protection of the privacy of their users. Or that of French women and men who would not have installed the application in sufficient numbers: we must never forget that this concept only works in the case of a massive adoption.
TO UNDERSTAND EVERYTHING ABOUT THE CORONAVIRUS EPIDEMIC (COVID-19)
StopCovid: what does CNNum advise to make the application acceptable?
Travel certificates on smartphone: Google has removed unofficial apps from its Play Store
5G and coronavirus: Twitter now suppresses messages that call for violence
Nicotine: online sale of patches and chewing gum is suspended to avoid a coronavirus-related rush
Israel does not stop locating coronavirus patients, but no longer tracks them on the street
