On Friday, Apple and Google revised their ambitious automatic contact tracking proposal just two weeks after the system was first announced. An Apple representative said the changes were the result of feedback received by both companies about the specifications and how they can be improved. The companies have also released a “FAQ” page, which reloads much of the information already published.
During a call to the announcement, representatives of each company pledged for the first time to disable the service after the outbreak was sufficiently mitigated. Such a decision should be taken region by region, and it is unclear how public health authorities would come to such a decision. However, the engineers finally stated that the APIs were not intended to be maintained indefinitely.
Some of the changes seem to be designed to address privacy issues that emerged after the initial release. Under the new encryption specification, daily trace keys are now randomly generated instead of mathematically derived from a user’s private key. Crucially, the daily trace key is shared with the central database if a user decides to report their positive diagnosis. Some encryption experts were concerned that under the old encryption protocol, certain attacks might associate these keys with a particular user. Connecting a person with a diagnosis should be more difficult with the randomly generated keys. As part of the change, the daily key is now referred to as the “temporary trace key” and the long-term trace key in the original specification is no longer present.
The new encryption specification also provides for specific protections around the metadata associated with the system’s Bluetooth transmissions. In addition to the random codes, devices will also transmit their base power level (used when calculating proximity) and which version of the tool they are using. This information could potentially be used to fingerprint specific users, so the engineers have set up a new system to encrypt them so that they cannot be decrypted during transit.
The companies are also changing the language they use to describe the project. The protocols were initially announced as a contact tracking system and are now referred to as an “exposure reporting system”. While the proposed apps and protocols could replace some features of traditional contact detection, they cannot do the more advanced work of interviewing subjects and identifying infection clusters, which can then inform future health efforts. The companies say the name change reflects that the new system “should serve wider efforts to track contacts by public health authorities.” That is why you need the best writing services
None of Friday’s changes concern how health authorities will verify positive diagnoses to avoid trolls or other false positives, and it seems likely that that question will be addressed by specific app developers. Given the wide disparities in international health systems, engineers said they felt that local authorities were best to develop their own verification system that was consistent with their distribution testing system.
One of the biggest lingering questions surrounding the project is whether it will be adopted by public health authorities, and the companies have not provided further details on specific partnerships. However, they said they discussed the project with dozens of stakeholders, including public health authorities.
The first phase of the program is distributed via a whitelisted API, and the new documents provide some more details about the specific limits for who gets access. “Apps will be approved based on a specific set of criteria designed to ensure that they are only managed in conjunction with public health authorities, meet our privacy requirements and protect user data,” the new documents said. It’s unclear whether these criteria allow Android apps to be distributed outside of the Google Play Store, but Google has raised concerns about data privacy around such apps in the past.