Reading the spec: COVID-19 Contact tracing from Apple and Google
I love software because it tries to translate the real world into code. When you read specifications and API documents, you can see how engineers and system architects attempted to understand and explain the world to the computer, and you can indirectly learn a lot about engineering and the world. Usually this sort of thing means reading the official Photoshop file specification from Adobe and thinking about how computers store color, or the HTML5 standard and thinking about how the web happened. But culture and science are happening in real-time during the worldwide COVID-19 epidemic, which means that Apple and Google are working together (akin to an elephant and a whale deciding to go into business together—it’s just not in their natures) in collaboration with health and governmental organizations and rapidly publishing specifications and standards.
The three critical documents that are out now are:
- Contact Tracing: Bluetooth Specification
- Contact Tracing: Cryptography Specification
- Contact Tracing: Framework Documentation (API)
Three PDFs, which is unfortunate, but that’s the way most specs happen.
The actual process is outlined in the Bluetooth Specification. The way it will work, as best I can understand, is:
- We’re all allowed to go outside again. You go about your day with your phone in your pocket, the system will create a “Daily Tracing Key” for you. These are unique to you for the day and never leave your phone. A nice random number just for you.
- As you walk around and your Bluetooth’s MAC address changes, it will hash (in a predictable way) your DTK with some other data and create a Rolling Proximity Identifier (RPI). These are broadcast and stored by different Bluetooth devices as they come into contact (I think.)
- If someone is diagnosed with coronavirus, they presumably will hit the big red COVID button on their phone. Then their DTKs go up to the Diagnosis Server in the cloud.
- On a rolling basis, all the phones everywhere download all the new DTKs and play them back and re-hash them and compare them to all the RPIs stored on your phone, and if there’s a match—well, we’re not there yet—I’m guessing you get a notification and are advised to self-quarantine, although I think that part is yet to be worked out.
The first two PDFs are fascinating in their own right and I’m reading them slowly, because they have a lot of concepts glued together in interesting ways.
But the third PDF, the API, is accessible because it’s a guide for regular coders who are seeking to implement contact tracing in their mobile apps. It’s for iOS but it’s also just good clear documentation, written to Apple’s typically high standards. This is really important part:
Given a set of positively affected Daily Tracing Keys, the framework allows you to determine whether those Daily Tracing Keys were observed locally by the user, indicating potential exposure. If so, additional information such as date and duration may also be retrieved. Possible observations can be retrieved using
CTExposureDetectionFinishHandler, and additional information using
Just from there you can see that there’s a new pseudo-namespace in iOS-land: CT, for Contact Tracing. It’s also just interesting and weird to see the pandemic in code, with -Handler objects and methods. And then there are objects with names like
CTExposureDectionSession–that’s when the phone has downloaded all the new infected keys and performs exposure detection.
It’s especially worth reading the API documentation because of how much care is taken to know nothing specific about the individual using the phone. In a world of filling out forms, tracking users in space, and hitting buttons to call a car, this is a different way of thinking and understanding human behavior through code. It’s frankly more respectful. It’s hard to read it and not think, why don’t more things work this way? Will this pattern be part of our digital society going forward? What other kinds of physical and social interactions could we track this way, in order to preserve safety, keep people informed, and limit the amount of information giant systems can know about us? (What a weird irony that it takes two of the world’s largest companies to roll these ideas out to billions of people.)
It’s also clear that just assuming that installing a free update on your phone will somehow get things back to normal is a fantasy. This is one part of a big system of responses to a global pandemic. We’ll all be generating tons of data, and the vast majority of it will stay private or opt-in only, but how we act on that data, interpret it, and react will be yet another test of our culture. It won’t be Google or Apple who lead here. It will be doctors and governors who lead us.
It’s entirely possible that trolls and bad actors will find ways to make this a mess—after all, anyone can report a positive diagnosis. Then again, an awful lot of people are doing their best to help right now, often in spite of global and national leadership, and this feels like a good use of huge global platforms.
We’ve been living in fear of what the big platform companies were doing to do us, and now here is an example of what they can do for us, while respecting individual rights. What motivates them? I think it’s a mix of altruism and a sense of obligation, and of course also the reality that a crashed economy means people will buy far, far fewer beautiful electronic devices, so taking action is in their best interests as public companies. That’s normal. We’re all acting out of a mix of motivations. Nonetheless, this effort sets a new standard around privacy, working in public, and cooperation, and shows what is possible. We can, and should hold our giant tech orgs to this same standard in the future.
Other people are hopeful about the spec:
And a reminder that this is just a draft spec, you can’t start building apps just yet.Tags: api, apple, bulletin, covid-19, google, stackoverflow, technical specs
On a related note for any UK listeners:
Petition for open source contact tracing app
That’s good. Spot on.
I’d like to share it – but unfortunately that link doesn’t let me (Neither does it give me any details until I’ve signed i). Any ideas?
Apparently, I jumped the gun and the petition is now awaiting manual review and approval. The link will hopefully work correctly if/when it is approved – i’ll post a fresh one to be sure when/if I get approval.
The full text of the petition is as follows:
Any contact tracking app promulgated by the government must be open source.
If the government promotes or requires the use of an application for personal computing devices the source code for these applications and of any server-side components with which they work should be made available for public scrutiny.
The public must be confident that any app is secure and not invading their privacy to maximise uptake. Open sourcing permits Validation of the security of any app(s) by independent experts as well as feedback from the wider community of experts. The involvement of corporate entities with poor records on data privacy has already resulted in mistrust towards such efforts which can be readily asswaged by open sourcing. Privacy guarantees should be engineered into any such application.