Exposure Notification
Developed by | |
---|---|
Introduced | April 2020 |
Industry | Digital contact tracing |
Compatible hardware | Android & iOS smartphones |
Physical range | ~10 m (33 ft)[1] |
Exposure Notification,[2][3] originally known as the Privacy-Preserving Contact Tracing Project,[4][5] is a system with public available specifications developed by Apple Inc. and Google for using smartphones to determine whether a person may have recently been within the proximity of someone that had been infected with Coronavirus disease 2019 (COVID-19). Exposure Notification is a decentralized reporting based protocol built on a combination of Bluetooth Low Energy technology and privacy-preserving cryptography, and is designed to be implemented as an opt-in feature within COVID-19 apps developed and published by authorized health authorities.[6][7] Originally unveiled on April 10, 2020, it was first made available on iOS on May 20, 2020 as part of the iOS 13.5 update.[8]
The Covid Watch[9] nonprofit, which started as an independent research collaboration between Stanford University and the University of Waterloo, was the first in the world to publish a white paper[10], develop[11], and open source[12] a fully anonymous Bluetooth exposure alert protocol - the TCN Protocol - in collaboration with CoEpi[13] in early March 2020. This was followed by the rapid development and improvement of very similar decentralized protocols in early April 2020 like DP-3T, PACT[14], and the Apple/Google protocol.
The Apple/Google protocol is heavily-influenced by the Decentralized Privacy-Preserving Proximity Tracing (DP-3T) and the Temporary Contact Number (TCN) protocols,[15][16] but is implemented at the operating system level, which allows for more efficient operation as a background process. Protocols such as TCN, DP-3T and BlueTrace are constrained in how they operate as they have no special privilege over normal apps. This leads to issues, particularly on iOS devices where digital contact tracing apps running in the background experience significantly degraded performance.[17][18][19] The joint approach is also designed to maintain interoperability between Android and iOS devices, which constitute the sheer majority of the market.[7] EPFL Professor Edouard Bugnion played an important role in getting Apple and Google to work together [15][16]
The ACLU stated the approach "appears to mitigate the worst privacy and centralization risks, but there is still room for improvement".[20] In late April, Google and Apple shifted the emphasis of the naming of the system, describing it as an "exposure notification service", rather than "contact tracing" system.[21]
There has been doubt that Bluetooth Low Energy will be reliable enough measure distance[22] to track relevant contact because of signal reflections as well as the inability to detect safety barriers such as plexiglass windows. Furthermore, treating a simple distance-based threshold as safe is too naive to approximate virus aerosol spread; room ventilation was found to be crucial, and infections beyond the "safe" distance are possible when inappropriate ventilation is used.[23] A too low detection precision can cause missing of relevant contacts, false alerts, and will make the tracking apps largely useless. Experts estimate over 60% of smartphone users would need to install the apps. In countries where such an app is already available, adoption rates are much smaller, often less than 20%;[24] and the apps are reportedly not working well enough to be useful.[25] In Iceland, which has with 40% the highest adoption rate of such apps, the app has not helped much.[26] In Norway, where 20% of people were reported to use the app, it had not identified a single infection by mid May.[27]
Technical specification
Typically digital contact tracing protocols have two major responsibilities: encounter logging and infection reporting.[18] Exposure Notification only defines encounter logging, with the majority of the infection reporting being delegated to individual app implementations.[28]
To handle encounter logging, the system uses Bluetooth Low Energy to send tracking messages to nearby devices running the protocol to discover encounters with other people. The tracking messages contain unique identifiers that are encrypted with a secret daily key held by the sending device. These identifiers change every 15-20 minutes as well as Bluetooth MAC address in order to prevent tracking of clients by malicious third parties through observing static identifiers over time.[29]: 02:51:10
The sender's daily encryption keys are generated using a random number generator.[30] Devices record received messages, retaining them locally for 14 days. If a user tests positive for infection, the last 14 days of their daily encryption keys are uploaded to a central server, where it is then broadcast to all devices on the network. The method through which daily encryption keys are transmitted to the central server and broadcast is defined by individual app developers. The received keys are then provided to the protocol, where each client individually searches for matches in their local encounter history. If a match meeting certain risk parameters is found, the app notifies the user of potential infection.[31] Google and Apple intend to use the received signal strength (RSSI) of the beacon messages as a source to infer proximity.[32] RSSI and other signal metadata will also be encrypted to resist deanonymization attacks.[30] The system uses AES encryption as a power-saving measure.[30]
Version 1.0
To generate encounter identifiers, first a persistent 32-byte private tracing key () is generated by a client. From this a 16 byte daily tracing key () is derived using the algorithm , where is a HKDF function, and is the day number calculated as . These generated keys are later sent to the central reporting server should a user become infected.[citation needed]
From the daily tracing key a 16-byte temporary rolling proximity ID () is generated every 10 minutes with the algorithm , where is a HMAC function, and is the time interval number, calculated as . The time interval number represents a unique index for every 10 minute period in a 24 hour day. When two clients come within proximity of each other they exchange and locally store the current as the encounter identifier.[citation needed]
Once a registered health authority has confirmed the infection of a user, the user's for the past 14 days is uploaded to the central reporting server. Clients then download this report and individually recalculate every used in the report period, matching it against the user's local encounter log. If a matching entry is found, then contact has been established and the app presents a notification to the user warning them of potential infection.[citation needed]
Version 1.1
Unlike version 1.0 of the protocol, version 1.1 does not use a persistent tracing key, rather every day a new random 16-byte exposure key () is generated. This is analogous to the daily tracing key from version 1.0. From this two values are calculated, the associated encrypted metadata key (), and the rolling proximity key (). is calculated with the algorithm , and using the algorithm , where is the day.[citation needed]
From these values a temporary rolling proximity ID () is generated every time the BLE MAC address changes, roughly every 15-20 minutes. The following algorithm is used to calculate the value , where is an AES cryptography function with a 128-bit key. Next, 4 bytes of associated encrypted metadata () is encoded. What the metadata represents is not specified, likely to allow the later expansion of the protocol. The following algorithm is used , where is an AES-CTR function with a 128-bit key. The and are then combined and broadcast using BLE. Clients exchange and log these payloads.[citation needed]
Once a registered health authority has confirmed the infection of a user, the user's for the past 14 days is uploaded to the central reporting server. Clients then download this report and individually recalculate every used in the report period, matching it against the user's local encounter log. If a matching entry is found, then contact has been established and the app presents a notification to the user warning them of potential infection.[citation needed]
Version 1.2 of the protocol is identical to version 1.1, only introducing minor terminology changes.[33]
Adoption requirements
Modeling by researchers at Oxford University has suggested that 80% of all smartphone users in a city of one million people would have to use a tracking system to be effective against the coronavirus.[34] Since the two vendors effectively control the entire smartphone market (with Android having an 86.6% market share as of 2020, and iOS the remaining 13.4%),[35] the joint initiative between the companies puts them in a unique position compared to other potential actors in this field.[citation needed]
To address this, the Exposure Notification protocol is designed to be deployed and maintained via both platforms' respective application stores and update systems.[36] The APIs enabled through such updates will then be available for authorized applications from national health authorities.[37][38]
Privacy
Preservation of privacy was referred to as a major component of the protocol; it is designed so that no personally identifiable information can be obtained about the user or their device.[39][7][40][41] Apps implementing Exposure Notification are only allowed to collect personal information from users on a voluntary basis.[42] The companies stated that it would also sunset the protocol "on a regional basis when it is no longer needed."[36]
The Electronic Frontier Foundation showed concerns the protocol was vulnerable to "linkage attacks", where sufficiently capable third parties who had recorded beacon traffic may retroactively be able to turn this information into tracking information, for only areas in which they had already recorded beacons, for a limited time segment and for only users who have disclosed their COVID-19 status, once a device's set of daily encryption keys have been revealed.[43]
Release schedule
Deployment plan
According to the joint announcement by Apple and Google, the system is intended to be rolled out in three stages:[44][45]
- API specification and publication
- rollout of tools to enable governments to create official privacy-preserving coronavirus tracing apps
- integration of this functionality directly into iOS and Android
Apple have stated that the system is designed to work on all recent devices that can support iOS 13.[30]
The companies planned an API for development on April 28, 2020[46] and it was released to developers the following day.[47]
Release
The iOS 13.5 update released on May 20, 2020 introduced support for the Exposure Notification API.[8] Google stated that on Android, Exposure Notification will be serviced via Google Play Services (a system API component for Google services that is present on almost all Android devices outside of mainland China, and updated independently of Android itself via the Google Play store), ensuring compatibility with Android Marshmallow and later and not requiring them to be integrated into an Android firmware (which would hinder deployment).[48]
Regulatory scrutiny
On April 16, the European Union started the process of assessing the proposed system for compatibility with privacy and data protection laws.[49] On April 17, 2020, the UK's Information Commissioner's Office, a supervisory authority for data protection, published an opinion analysing both Apple and Google's protocol and the Decentralized Privacy-Preserving Proximity Tracing protocol, stating that the systems are "aligned with the principles of data protection by design and by default".[50]
Adoption by country
As of May 21, at least 22 countries had received access to the protocol.[42]
Switzerland and Austria were among the first to back the protocol.[51] On April 26, after initially backing PEPP-PT, Germany announced it would back Exposure Notification,[52] followed shortly after by Ireland [53] and Italy.[54]
Despite already adopting the centralised BlueTrace protocol,[55] Australia's Department of Health and Digital Transformation Agency are investigating whether the protocol could be implemented to overcome limitations of its COVIDSafe app.[42]
Alongside an NHSX-developed app, the United Kingdom announced plans to conduct a feasibility study in using Exposure Notification as a secondary option.[56]
On May 25, Switzerland became the first country to launch an app leveraging the protocol, SwissCovid, although initially only in a pilot phase with a limited user group.[57] The app became available on the Play Store on Android the same day.[58]
On May 29, a consortium of IT companies and volunteers in Latvia launched application Apturi Covid, which makes use of Exposure Notification API. The county's president and government ministers installed the application on their phones on the launch day. Application developers stated a goal to reach 400 000 users, approximately 20% of the country's population.[59]
On June 1, 2020, Italy launched its Immuni app, based on the Exposure Notification API. [60]
On June 9, 2020, Poland launched version 4 of its ProteGO Safe app, which is now based on the Exposure Notification API. [61]
Non-adopters
Some countries, such as France and the United Kingdom, have pursued centralized approaches to digital contact tracing, in order to maintain records of personal information that can be used to assist in investigating cases.[40][62][63] The French government has asked Apple to allow apps to perform Bluetooth operations in the background, allowing the government to create its own system independent of Exposure Notification.[64] In the United States, states such as New York, California and Massachusetts declined to use the technology, opting for manual contact tracing by "armies of people".[65] In the European Union, states like Sweden have chosen not to use digital contact tracing at all.[66]
References
- ^ Sponås, Jon Gunnar. "Things You Should Know About Bluetooth Range". blog.nordicsemi.com. Retrieved 2020-04-12.
- ^ "Exposure Notification API launches to support public health agencies". Google. 2020-05-20. Retrieved 2020-05-21.
- ^ "ExposureNotification | Apple Developer Documentation". developer.apple.com. Retrieved 2020-05-21.
- ^ "Privacy-Preserving Contact Tracing". Apple. 10 April 2020.
{{cite web}}
: CS1 maint: url-status (link) - ^ "Contact Tracing – Bluetooth Specification" (PDF) (Preliminary ed.). 2020-04-10. Archived (PDF) from the original on 2020-04-10. Retrieved 2020-04-10.
- ^ "Apple and Google are launching a joint COVID-19 tracing tool for iOS and Android". TechCrunch. Retrieved 2020-04-10.
- ^ a b c Sherr, Ian; Nieva, Richard (2020-04-10). "Apple and Google are building coronavirus tracking tech into iOS and Android". CNET. Archived from the original on 2020-04-10. Retrieved 2020-04-10.
- ^ a b "COVID-19 exposure notification settings begin to go live for iOS users with new update". TechCrunch. Retrieved 2020-05-21.
- ^ "Covid Watch". Covid Watch. 2020-03-20. Retrieved 2020-03-20.
- ^ "Covid Watch White Paper". Covid Watch. 2020-03-20. Retrieved 2020-03-20.
- ^ "First implementation of anonymous exposure alert protocol". GitHub. Retrieved 2020-03-17.
- ^ "Covid Watch Github". Github. 2020-03-17. Retrieved 2020-03-17.
- ^ "CoEpi website". CoEpi. 2020-03-17. Retrieved 2020-03-17.
- ^ "The PACT protocol specification" (PDF). PACT MIT. 2020-04-08. Retrieved 2020-04-08.
- ^ a b "Apple and Google update joint coronavirus tracing tech to improve user privacy and developer flexibility". TechCrunch. Retrieved 2020-04-26.
- ^ a b Farr, Christina (2020-04-28). "How a handful of Apple and Google employees came together to help health officials trace coronavirus". CNBC. Retrieved 2020-04-29.
- ^ Bogle, technology reporter Ariel (2020-04-26). "Want the COVID-19 tracing app to work properly? Keep your iPhone charged". ABC News. Retrieved 2020-04-26.
- ^ a b Jason Bay, Joel Kek, Alvin Tan, Chai Sheng Hau, Lai Yongquan, Janice Tan, Tang Anh Quy. "BlueTrace: A privacy-preserving protocol for community-driven contact tracing across borders" (PDF). Government Technology Agency. Retrieved 12 April 2020.
{{cite web}}
: CS1 maint: multiple names: authors list (link) CS1 maint: url-status (link) - ^ "How COVIDsafe app tracks people 1.5m from you". Chronicle. Retrieved 2020-04-26.
- ^ "ACLU Comment On Apple/Google COVID-19 Contact Tracing Effort". ACLU. 2020. Retrieved 2020-04-22.
- ^ Morrison, Sara (2020-04-24). "Apple and Google's new contact tracing tool is almost ready. Just don't call it a contact tracing tool". Vox. Retrieved 2020-04-27.
- ^ Babones, Salvatore. "Countries Rolling Out Coronavirus Tracking Apps Show Why They Can't Work". Foreign Policy. Retrieved 2020-05-31.
- ^ Chang, Kenneth (2020-04-20). "How Coronavirus Infected Some, but Not All, in a Restaurant". The New York Times. ISSN 0362-4331. Retrieved 2020-05-31.
- ^ Taylor, Josh (2020-05-02). "Coronavirus apps: how Australia's Covidsafe compares to other countries' contact tracing technology". The Guardian. ISSN 0261-3077. Retrieved 2020-05-31.
- ^ Ping, Liza Lin and Chong Koh (2020-04-22). "Singapore Built a Coronavirus App, but It Hasn't Worked So Far". Wall Street Journal. ISSN 0099-9660. Retrieved 2020-05-31.
- ^ "Nearly 40% of Icelanders are using a covid app—and it hasn't helped much". MIT Technology Review. Retrieved 2020-05-31.
- ^ "Norway's Smittestopp ('Infection Stop') App as a Socio-Legal Problem – PRIO Blogs". blogs.prio.org. Retrieved 2020-05-31.
- ^ Google Inc (2020-04-10). "Android Contact Tracing API" (PDF). Google Blog. Retrieved 2020-05-08.
{{cite web}}
:|last=
has generic name (help)CS1 maint: url-status (link) - ^ "COVID-19 - 06/05/2020 12:50:00 – Parliament of Australia". parlview.aph.gov.au. Retrieved 2020-05-06.
- ^ a b c d "Apple and Google update joint coronavirus tracing tech to improve user privacy and developer flexibility". TechCrunch. Retrieved 2020-04-27.
- ^ Google Inc, Apple Inc (2020-05-01). "Exposure Notification Frequently Asked Questions Preliminary — Subject to Modification and Extension" (PDF). Apple. Retrieved 2020-05-08.
{{cite web}}
:|last=
has generic name (help)CS1 maint: url-status (link) - ^ "Is Apple and Google's Covid-19 Contact Tracing a Privacy Risk?". Wired. ISSN 1059-1028. Retrieved 2020-04-18.
- ^ Apple, Inc (April 2020). "Exposure Notification - Cryptography Specification" (PDF). Apple. Retrieved 2020-05-22.
{{cite web}}
: CS1 maint: url-status (link) - ^ Kelion, Leo (2020-04-16). "NHS coronavirus app to target 80% of smartphones". BBC News. Retrieved 2020-04-16.
- ^ "IDC - Smartphone Market Share - OS". IDC: The premier global market intelligence company. Archived from the original on 2020-04-17. Retrieved 2020-04-17.
- ^ a b Newton, Casey (2020-04-14). "Apple and Google have a clever way of encouraging people to install contact-tracing apps for COVID-19". The Verge. Retrieved 2020-04-15.
- ^ "Apple and Google launch exposure notification API, enabling public health authorities to release apps". TechCrunch. Retrieved 2020-05-21.
- ^ "Google and Apple unite to help countries like Australia fix their contact tracing apps". ABC News. 2020-05-21. Retrieved 2020-05-21.
{{cite web}}
: CS1 maint: url-status (link) - ^ "Apple and Google update joint coronavirus tracing tech to improve user privacy and developer flexibility". TechCrunch. Retrieved 2020-05-21.
- ^ a b Newton, Casey (2020-05-08). "Why countries keep bowing to Apple and Google's contact tracing app requirements". The Verge. Retrieved 2020-05-21.
- ^ Sherr, Ian. "Apple, Google announce new privacy features for coronavirus tracking tech". CNET. Retrieved 2020-05-21.
- ^ a b c "Google and Apple unite to help countries like Australia fix their contact tracing apps". ABC News. 2020-05-21. Retrieved 2020-05-21.
{{cite web}}
: CS1 maint: url-status (link) - ^ Gebhart, Bennett Cyphers and Gennie (2020-04-28). "Apple and Google's COVID-19 Exposure Notification API: Questions and Answers". Electronic Frontier Foundation. Retrieved 2020-05-21.
- ^ "Apple and Google partner on COVID-19 contact tracing technology". 2020-04-10. Retrieved 2020-04-10.
- ^ "Apple and Google partner on COVID-19 contact tracing technology". Apple. 2020-04-10. Retrieved 2020-04-10.
- ^ "First version of Apple and Google's contact tracing API should be available to developers next week". TechCrunch. Retrieved 2020-04-27.
- ^ Etherington, Darrell. "Apple and Google release first seed of COVID-19 exposure notification API for contact tracing app developers". TechCrunch. Retrieved 2020-05-10.
- ^ Bohn, Dieter (2020-04-13). "Android phones will get the COVID-19 tracking updates via Google Play". The Verge. Retrieved 2020-04-16.
- ^ Drozdiak, Natalia (16 April 2020). "Google, Apple Covid-19 Tracking Tech Faces EU Scrutiny". Bloomberg News.
{{cite web}}
: CS1 maint: url-status (link) - ^ ICO (17 April 2020). "Apple and Google joint initiative on COVID-19 contact tracing technology" (PDF). Information Commissioner's Office.
{{cite web}}
: CS1 maint: url-status (link) - ^ "Switzerland, Austria align with 'Gapple' on corona contact tracing". Reuters. 2020-04-22. Retrieved 2020-05-06.
- ^ "Germany flips to Apple-Google approach on smartphone contact tracing". Reuters. 2020-04-26. Retrieved 2020-04-26.
- ^ "HSE Covid-19 tracing app data will be stored on individual devices". The Irish Times. 2020-04-29. Retrieved 2020-05-06.
- ^ "Is it Safe? THE IMMUNI APP Digital Surveillance during the Coronavirus Pandemic". Byline Times / La Stampa. 2020-05-01. Retrieved 2020-05-06.
- ^ "Five questions we need answered about the government's coronavirus contact tracing app". ABC News. 2020-04-16. Retrieved 2020-05-21.
{{cite web}}
: CS1 maint: url-status (link) - ^ Neville, Sarah; Bradshaw, Tim; Warrell, Helen. "UK starts to build second contact tracing app". Financial Times. Retrieved 8 May 2020.
- ^ "SwissCovid App startet in die Pilotphase" [SwissCovid app launched into pilot phase] (in German). 25 May 2020. Retrieved 25 May 2020.
- ^ "SwissCovid (Early Access)". Retrieved 26 May 2020.
- ^ "Latvian 'Stop Covid' app first of its kind in the world". lsm.lv. Retrieved 2020-05-20.
- ^ "Italy launches COVID-19 contact-tracing app amid privacy concerns". Reuters. 1 June 2020. Retrieved 3 June 2020.
- ^ "Ministerstwo cyfryzacji uruchomilo aplikacje protego safe do sledzenia koronawirusa" (in Polish). 9 June 2020. Retrieved 9 June 2020.
- ^ Kelion, Leo (2020-05-20). "Apple and Google's Covid-19 'watershed moment'". BBC News. Retrieved 2020-05-21.
- ^ "Government admits NHS app will not be ready for launch of contact tracing scheme". The Independent. 2020-05-20. Retrieved 2020-05-21.
- ^ Fouquet, Helene (20 April 2020). "France Says Apple Bluetooth Policy Is Blocking Virus Tracker". Bloomberg. Retrieved 27 April 2020.
{{cite web}}
: CS1 maint: url-status (link) - ^ Volgelstein, Fred; Knight, Will (2020-05-08). "Health Officials Say 'No Thanks' to Contact-Tracing Tech". Wired. Retrieved 2020-05-10.
- ^ "Coronavirus: Nordic countries reluctant to include Sweden in 'travel bubbles'". The Local. 2020-05-22. Retrieved 2020-05-26.