Apple and Google Respond to Covid-19 Contact Tracing Concerns | WIRED
▻https://www.wired.com/story/apple-google-contact-tracing-strengths-weaknesses
The result is a complicated picture—an unproven system whose imperfections could drive users away from adopting it, or even result in unintended privacy violations. And yet it may also preserve privacy in the most important ways, while also serving as a significant tool to help countries around the world prevent new outbreaks.
The criticisms of the Bluetooth-based system outlined below don’t encompass some of the larger sociological and political issues surrounding smartphone contact tracing. Any effective contact tracing will require testing for Covid-19 to ramp up far past current levels. Diagnosed or exposed individuals need the economic freedom and space to self-quarantine. And many low-income or older folks—those who appear to be most at risk—are less likely to have smartphones. Instead, we’ll examine the more immediate question of potential technical vulnerabilities in the system.
Can It Be Used to Track People?
The likeliest concern for anyone taking part in a contact-tracing system is whether they’re signing up for more surveillance. Bluetooth-based contact tracing is perhaps the least surveillance-friendly option, but its protections aren’t perfect.
To demonstrate the problem, Soltani imagines a nosy neighbor setting up a camera outside their window and recording the face of everyone who walks by. The same neighbor also “roots” their phone so they can see all the contact-tracing Bluetooth signals it picks up from other users. When one of those passersby later reports that they’re Covid-19 positive, the snoop’s app will receive all their keys from the contact-tracing server, and they’ll be able to match up the codes the user broadcast at the moment they passed the camera, identifying a stranger as Covid-19 positive. They might go as far as posting the picture of that infected person on Nextdoor to warn neighbors to watch out for them.
“While the system itself has anonymous properties, the implementation—because it’s broadcasting identifiers—isn’t anonymous,” Soltani says. “If you know you might end up on Nextdoor as someone who’s infected, you might not be willing to use one of these apps.”
Will the Tech Be Used for Ads?
The good news is that ad-targeting firms wouldn’t be allowed to directly implement Google and Apple’s Bluetooth contact-tracing protocol to track users. But another scenario suggested by Johns Hopkins University cryptographer Matthew Green points to a variant of the “correlation attack” above that might be useful for commercial tracking. An advertising firm could put Bluetooth beacons in stores that collect contact-tracing codes emitted by visiting customers. The firm could then use the public health app to download all the keys of people who are later diagnosed as Covid-19 positive and generate all their codes for the last two weeks. That method could hypothetically determine which trail of codes represented a single person, and follow them from store to store.
But even as Green described that scenario, he was quick to downplay it himself. First, the attack would only allow retailers to track people who reported themselves as Covid-19 positive, not the vast majority of users. It would also only allow those few infected people to be tracked for just the two weeks prior to their diagnosis. Besides, Green notes, advertisers already have plenty of tools to track movements from store to store, from credit card transactions to sneaky ultrasonic signals sent from apps. Would they really risk the scandal of specifically surveilling Covid-19-positive people just to add one more tracking method to their arsenal?
“It’s definitely possible that some evil advertiser could use this to augment their data sets,” Green says. “But, gosh, it really requires a lot of evil. And it seems to me like a small case.”
Keeping ad tracking as an unlikely scenario, of course, depends on Apple and Google continuing to deny advertisers access to the API—or deprecating the feature altogether—after the coronavirus threat fades.
What About False Positives?
Aside from surveillance issues, there’s also the problem of making sure a Bluetooth contact-tracing app doesn’t overwhelm people with incorrect warnings that they’ve been exposed. Those false positives could come users self-diagnosing incorrectly or worse, trolls spamming the system. University of Cambridge computer scientist and cryptographer Ross Anderson warned that “the performance art people will tie a phone to a dog and let it run around the park” to create canine contact-tracing chaos.
Cristina White, the executive director of contact-tracing project Covid-Watch and a Stanford computer scientist, suggests a solution to those problems: Only allow people to report a positive diagnosis with a health care provider’s approval. To create that safeguard, Covid-Watch would distribute a separate app to health care providers that generates unique confirmation codes.