Last updated on May 14, 2020
As we look for solutions to the Covid-19 pandemic, many look to tracking known infections through mobile devices. In some countries, all citizens must download a state sponsored application to implement virus tracking for their governments and organizations to get their medical models. This has left privacy advocates on the edge of their seats to fight back on what they say may be potential privacy issues that come with this new world we have found ourselves in.
At Google and Apple, developers are now pushing new application programming interfaces to their platforms for developers to access what is known as their “Contact Tracing” API. These APIs were created to track a novel virus by allowing a device to share identifier-less data through Bluetooth Low Energy technology and to provide raw data to applications and databases at trusted health organizations.
What is it, how does it work?
The system entails having a 256 bit Master Tracing key, and a Daily 128 bit Tracking Key. The Daily Tracing Key is derived by hashing the Master Tracking Key with the device’s Unix epoch time. The Daily Tracking key changes once per day because of it being the daily output of a hash-based message authentication code key derivation function. The Master Key is never revealed, and the daily sequence cannot be predicted.
class DailyTracingKey
{
byte[] key;
Date date;
}
Task startContactTracing(PendingIntent contactTracingCallback);
Task stopContactTracing();When you opt into the system, your device is starts emitting a Rolling Proximity Identifier (128 bit). This identifier is derived from the Master Tracking Key and the Daily Tracking Key hashed every 10 minutes. At this link layer communication, by default, most devices randomize their Bluetooth MAC identifier every 10–20 minutes to combat Bluetooth attacks. This means no single identifier is parallel with a device’s actual Bluetooth MAC address and vice versa. No MAC address can have the same identifier.
While your device is constantly emitting a new Rolling Proximity Identifier every 10–15 minutes, you are also collecting other opted-in users’ Rolling Proximity Identifiers. When your device’s Bluetooth finds a new broadcasted identifier, it puts it into a list for that day. Depending on the API, these identifier lists can be held on the device for 14–30 days. Developers can also make their applications even collect signal strength to determine proximity.
So your infected, now what!
Once a person is alerted that they have contracted a novel virus, they can submit to a health organization a segment of days they think they may have been infected. What would be sent is a list of those Daily Tracking Keys for the time selected. Again, the Master Tracing Key is never passed on in any transmissions.
Task startSharingDailyTracingKeys();
Task provideDiagnosisKeys(List keys);
Task hasContact();
Task<List> getContactInformation();
interface ContactInfo
{
Date contactDate();
int duration();
}Your submitted Daily Tracking Keys have now become Diagnosis Keys. Developers can use this to download into their applications for analysis against their collected daily Rolling Proximity Identifier lists. When you obtain Diagnosis Keys you can re-derive all the Rolling Proximity Identifiers of each day through it’s Daily Tracking Key and time of day. If the analysis can identify one of these identifiers in a list, it is possible the user may have been in infected by the user submitting the Diagnosis Keys. That’s it!
The developers got it right here
To Google and Apple’s credit, they really stepped up here to provide an elegant solution to tracking novel viruses for developers to use in their applications. The system is opt-in, it has no user identification, and doesn’t rely on privacy issue laden or higher energy technologies such as geo-location.
The specifications of the system appear to be implemented perfectly to provide a platform for organizations to develop applications on to start virus tracking without compromising the user’s privacy. Barring users abusing the system through inaccurate spoofing or developer’s by-passing these APIs to implement their own privacy intrusive systems, most privacy advocates are happy with this system to track pandemics now and in the future.
Comments are closed, but trackbacks and pingbacks are open.