Novel coronavirus was launched by Google and apple on aspiring emergency plan last Friday.

It is an urgent and complex project with great impact on privacy and public health. Similar projects have been successful in Singapore and other countries, but it remains to be seen whether U.S. public health agencies can manage such a project

We've introduced the basic outline of the project here, but there's still a lot to study in depth

1. what is this for?

When someone novel coronavirus like this year is new, public health workers try to control the spread by tracking and isolating everyone who has been infected. This is called contact tracking and is a key tool to control the epidemic.

In essence, apple and google have built an automated contact tracking system. it differs from traditional contact tracking and may be most useful when combined with traditional methods. Most importantly, it can operate on a larger scale than traditional contact tracking, which will be necessary given the extent of the epidemic spreading in most countries. Since it comes from Apple and Google, some features will eventually also be built into Android phones and iPhone at the operating system level. This makes it possible to apply the technology solution to more than 3 billion mobile phones worldwide

It's worth noting that apple and Google are working together on a framework, not an application. They are working on the pipeline system and keeping it private and secure, leaving the actual application build to others.

2. how does it work?

Basically, this system allows your phone to record other phones nearby. As long as the system is running, your phone will periodically pop up a small, unique, anonymous code, which is extracted from the unique ID of your phone. Other phones will receive and remember the code, and set up a log to record the code they received and the time they received it.

When people using the system get a positive diagnosis, they can choose to submit their ID code to the central database. When the phone uses the database for checking, it runs a local scan to see if any code in its log matches the ID in the database. If there is a match, you will receive a warning on your phone that you have been exposed.

This is a simple version, but you can already see how useful this system is. In essence, it allows you to record the touchpoints (the exact information required for the contact tracker), without any precise location data collection, with minimal information maintenance in a central database.

3. How do you think you are infected?

On this point, the published documents are not very detailed. In the specification, only a legitimate healthcare provider can submit a diagnosis to ensure that only the confirmed diagnosis generates an alert. It's not entirely clear how this will happen, but it seems to be a problem that can be solved, whether it's managed through an application or some additional authentication before the infection is registered centrally.

How do 4. phones send these signals?

The simple answer is Bluetooth.

The system uses the same antenna as your wireless headset, although it's a Bluetooth low power (ble) version of the specification, which means it doesn't drain your battery very significantly. This special system uses a ble beacon system version which has been used for many years. After modification, it can exchange two-way code between mobile phones.

Workflow of broadcast code via Bluetooth, as shown in the Bluetooth specification of the system

How far does the 5. signal reach?

We don't know yet.

theoretically, BLE can achieve connectivity up to 100 m, but this depends largely on specific hardware settings and is easily blocked by walls. Many of the most common applications, such as pairing the AirPods phone case with the iPhone, have an effective range of close to 6 inches. The project's engineers are optimistic that they can pass

At the same time, we are not entirely sure what the best range of such alarms is. Novel coronavirus rules usually suggest that they should be kept at 6 feet in public places, but this situation is easy to change as we further understand the way of transmission of the new coronavirus. Officials will also be careful to issue so many alerts that the application becomes useless, which may make the ideal scope smaller.

6. so this is an app?

To some extent. In the first part of the project, which is scheduled to be completed in mid May, the system will be built into the official public health application, signaling ble in the background. These applications will be built by national health agencies rather than technology companies, which means they will be responsible for many important decisions, such as how to inform users and what to recommend if a person is exposed.

Ultimately, the team wants to build the feature directly into the iOS and Android operating systems, similar to switching in the local dashboard or settings menu. But it takes months, and if the user needs to submit information or receive an alarm, it will still prompt the user to download the official public health application.

7. is this really safe?

In most cases, the answer seems yes. According to the file released last Friday, it is difficult to find any sensitive information based on Bluetooth code alone, which means you can run the application in the background without worrying that you are compiling anything that could lead to crime. The system itself will not identify you or record your location. Of course, if you are going to upload the diagnosis to a health officer, the health application using the system ultimately needs to know who you are.

Can 8. hackers use this system to make a big list of all sick people?

This will be very difficult, but not impossible. The central database stores all the codes issued by the infected person at the time of the infection, and it is perfectly reasonable that a scheming participant might get them. Engineers have done a good job of making sure you can't get a person's identity directly from these codes, but you can imagine some of these protections fail.

can 9. google, apple or hacker use it to find out where i have been?

only in very special cases. if someone is collecting your proximity identification code while you are testing positive and decides to share your diagnosis and they perform the entire rigamarole, described above they may use it to link you to a specific location nearby where your proximity identification code is found.

But it's important to note that neither apple nor Google share information that might put you directly on a map. Google has a lot of this information, and the company has shared it on an aggregate level, but it's not part of the system. Google and Apple may know where you are, but they didn't connect that information to the dataset. So while attackers may be able to use this information, they will eventually know less than most apps on your phone.

10. Can anyone use this to find out who I've contacted?

It will be very difficult. As mentioned earlier, your phone will record all received close proximity identification codes, but the specification clearly states that the record should never leave your phone. As long as your specific log remains on your specific device, it is protected by the same device encryption that protects text and email.

What if I don't want my phone to do this?

Don't install the application, and when you update the operating system in the summer, you just need to

12. Is this a disguised surveillance system?

This is a tricky problem.

In a sense, contact tracking is surveillance. Public health is filled with medical supervision, only because it is the only way to find an infected person whose condition is not enough to seek medical treatment. It is hoped that, given the catastrophic damage already caused by the pandemic, people will be willing to accept this level of surveillance as a temporary measure to prevent the further spread of the virus.

A better question is whether the system monitors in a fair or beneficial way. It is important that the system is voluntary and that the data it shares does not exceed its needs. Nevertheless, what we have now is an agreement, and it remains to be seen whether the government will try to implement it in a more aggressive or hegemonic way.

As the protocol is implemented in a particular application, many important decisions will be made on how to use the protocol and how much data is collected from outside the protocol. Governments will make these decisions, they may make bad decisions, or worse, they may not make decisions at all.

So even if you're excited about the layout of apple and Google here, they can only concede, and the government will take a lot of measures after taking over.

via ： of this articleThe verge