On Friday, just two weeks after the program was first introduced, Apple and Google updated their aggressive automated contact-tracing hypothesis. An Apple spokeswoman said the improvements were the result of input obtained from both parties on the requirements and how they could be improved. The corporations have published a website called “Frequently Asked Questions,” which repeats most of the details already posted.
On a call following the statement, officials from each organization vowed to remove the service for the first time since the epidemic had been properly contained. Such a decision will have to be taken region-by-region, so it’s unclear whether such a conclusion can be achieved by public health officials. The developers, however, made a clear comment that the APIs were not meant to be retained indefinitely.
Many of the improvements appear intended to resolve the questions around privacy that came up following the initial publication. Under the latest encryption standard, the regular tracing keys are now generated automatically, rather than mathematically extracted from the private key of a customer. Crucially, if a person wants to record their successful outcome the regular tracing key is exchanged with the central database. Any cryptography experts worried that such attacks under the old encryption protocol could be able to connect the keys to a single person. Linking a person to diagnosis with the randomly produced keys will be more difficult. As part of the shift the regular key is now referred to as the “temporary tracing key,” and there is no longer the long-term tracing key used in the original specification.
The new encryption standard also sets down unique safeguards around the metadata associated with Bluetooth communications from the network. Together with the random codes, computers can often transmit their base power level (used in proximity calculation) and what variant of the application they run. This knowledge could theoretically be used to fingerprint individual people, so engineers were setting up a new method to encrypt them so they could not be decoded in transit.
The companies often modify the vocabulary they use to define the project. The protocols were originally described as a contact-tracing method, now it is referred to as a program for “exposure warning.” Although the current applications and protocols that help certain conventional contact tracing tasks, they are unable to perform the more advanced work of interviewing individuals and detecting infection clusters, which will then guide future initiatives in public health. The businesses state the name change reflects that the current program will be “working the interests of public health agencies to track broader associations.”
None of the reforms on Friday answer the issue of how health officials will check positive results to deter bots or other false positives and it seems likely that individual software developers will address the problem. Given the large differences in the international health systems, engineers said they thought it was better for authorities to build their inspection methods to comply with their delivery monitoring program.
Some of the main unanswered concerns about the initiative are how it will be implemented by public health organizations, although no further information on potential collaborations has been provided by the firms. Nevertheless, they said hundreds of partners, including public health organizations, had debated the initiative.