Answers to questions about security and privacy that are floating against the 'new corona virus tracking system' jointly announced by Apple and Google
About the 'new corona virus tracking system' jointly announced by Apple and Google, the overseas technology media The Verge reads what the privacy and security measures are from the published
The biggest questions about Apple and Google's new coronavirus tracker-The Verge
The `` New Coronavirus Tracking System '' announced by Apple and Google records contact between users using Bluetooth of smartphone and people who may have contact with people infected with new coronavirus infection (COVID-19) Is a system to notify.
Apple and Google integrate `` new corona virus tracking system '' into iOS and Android-GIGAZINE
◆ What do you do?
When new viral infections, such as the new coronavirus, emerge, public health officials try to keep track of anyone who may have contacted the infected person, and isolate each one to prevent further spread. Apple and Google's tracking system will automatically detect and track people suspected of having heavy contact with infected people by public health authorities, and it will be very useful in combination with the conventional contact tracking system. Importantly, the new tracking system will be embedded at the OS level of smartphones, allowing it to operate at a larger scale than traditional contact tracking systems. Also, it should be noted that the tracking system is a joint effort by Apple and Google, not an app. The Verge said, 'The two companies guarantee privacy and security, but they leave the building of apps that use the tracking system to a third party.'
◆ How does it work?
If the tracking system is running, the smartphone will periodically send an anonymous code containing a unique ID. Smartphones existing nearby send and receive codes to and from each other and record the code itself and 'when the code was received'. Then, when it is reported that the tracking system is infected with the new coronavirus infection, the user's ID is sent to the central database, and the log on the database identifies the user who may have had a heavy contact with the infected person. Then, a warning will be sent if there is a suspicion of infection. The Verge describes it as 'a system that allows tracking without collecting accurate location information or maintaining a minimum of information on a central database'.
◆ How to report being infected?
Although not detailed in the technical documentation, one envisioned method is to allow the health care provider to submit a medical certificate. It's not clear how that would be done.
◆ How do smartphones send codes?
Anonymized code that contains the tracking system's essential ID is sent and received via Bluetooth. Battery consumption is less noticeable as Bluetooth Low Energy (BLE) is used. By using BLE beacon technology , bidirectional code exchange works.
◆ How long does the signal reach?
BLE can theoretically connect up to a distance of 100 meters, but the connection distance is highly dependent on the specific hardware settings and can easily be blocked if there is a wall etc. The most common use for BLE is to pair the AirPods case with the iPhone, which has an effective range of only 6 inches (about 15 cm). Although the technical document says that the connection distance can be fine-tuned at the software level, the details are unknown.
As a method to secure an effective social distance as a countermeasure against the new coronavirus, it is recommended to keep a distance of '1.8 meters' with others in public places, but the latest research shows that
◆ Is the tracking system an app?
In the early stages of the project (mid-May 2020), the tracking system will be incorporated as an API into apps released by public health authorities. The app was not developed by a technology company, but built by state-level public health authorities. Therefore, many important decisions, such as how to notify users, are left to public health authorities.
After that, since the tracking system will be built into the OS itself, it may be possible to turn the tracking system on and off from the 'Settings' application of the smartphone in the future. However, we recommend that you use apps from public health authorities until they are incorporated into the OS level.
◆ Is it really safe?
Based on the technical documentation, Apple and Google tracking systems track dense contacts using only codes sent and received via Bluetooth. However, it's very difficult to trace sensitive information only from code sent and received via Bluetooth, so The Verge notes that 'it seems to be a secure tracking system in most cases'. However, if a medical professional uploads a medical certificate to use the system, the personal information of the infected person will be known.
◆ Can a hacker use this system to create infected person lists?
It's very difficult, but not impossible. The central database contains codes that are transmitted to people who are heavily contacted by people infected with the new coronavirus infection. It is quite possible for a malicious person to try to get those codes. Apple and Google engineers have prevented this code from directly accessing their personal identities, but 'it is possible to envisage some scenarios where this protection does not work,' The Verge said.
The tracking system encryption specification is divided into three stages. A 'master key' that is unique to each terminal and is stored only on the terminal, a 'tracking key that is generated every day' that is generated every day, and is generated when mutual communication is performed between terminals Three levels of 'proximity ID'. It is possible to generate a lower key from a higher key, but the reverse is not possible, so that you do not know which proximity ID originated from the tracking key generated on which day without the tracking key. It has become.
Proximity IDs are sent and received for each smartphone, so even if this is obtained independently, it is no use. If someone is infected with the new coronavirus infection, the proximity ID and tracking key of the infected person will be shared, and each terminal will calculate the date from the published tracking key, and the proximity ID does not belong to the infected person. If there is, it will notify the user that 'there is a possibility that he / she has made heavy contact with the infected person.'
The Verge also points out that it is very difficult to fully protect your privacy while alerting people who may have been in heavy contact, and you need to accept trade-offs in some ways. Also, 'the best way to track an existing concentrated contact is to ask the infected person directly', so it is basically impossible to build a system to track a concentrated contact wholly anonymously. “The Verge wrote.
◆ Can Apple, Google, or a hacker use the system to track location information?
Apple and Google may collect location information of the device, but since it does not link that information to the tracking system, it is not possible to track the location only with the data exchanged on the tracking system. However, there is a possibility that the user can identify where the case was infected by checking the proximity ID and the press information.
◆ Is it possible to find out who the user is using by using the tracking system?
Smartphones keep a log of proximity IDs sent and received between terminals, but according to the specifications, you can see that the log cannot be moved from the smartphone. Also, as long as a certain log remains on a certain device, the log is protected by the encryption applied to the device itself, just as it protects text and email.
Even if a malicious user steals the device and breaks the security, it is very difficult to find out 'who was contacted' from the log of the proximity ID sent and received.
◆ What if you don't want to run this tracking system on your smartphone?
OK if you do not install the app of public health authorities. Also, when the tracking system is introduced at the OS level, you can simply turn off the tracking setting. Apple and Google argue that participation in the tracking system should be voluntary, so they should be completely uninvolved.