[clug] Apple-Google Contact Tracing API. V1 released May 20, 2020

jhock at iinet.net.au jhock at iinet.net.au
Tue May 26 01:29:23 UTC 2020 


On 25 May 2020 10:13:40 am AEST, Alex Satrapa via linux <linux at lists.samba.org> wrote:
>> Does anyone see security or privacy issues with the spec?
>
>The attack vectors will only be tracking the IP address of who uploads
>contacts, and the over-the-shoulder viewing of notifications from the
>app
>to the user. 

I don't understand this. 

Will the app be using IP addresses? I thought that it would be using Bluetooth to record keys of close contacts and then mobile data, or possibly Wi-Fi (which would be IP addresses), to somehow check if those Bluetooth keys were possibly covid-19 contacts. 

Oh. Is this during the registration process? Nope, still confused. 

> Without a corresponding tracking database (eg: geolocation
>via
>mobile phone towers or physical surveillance) there's no way of
>identifying
>which contact keys came from whom. You can't even watch for repeated
>keys
>unless people are working together.
>

This sounds good for privacy. 

>There is the possibility of the system being broken by
>non-COVID-positive
>people uploading their contact keys as a form of disruption.

This was a possibility with the poorly designed COVIDSafe app. People were confused about registering their details and publishing their Bluetooth keys. The former was to register their details with the Department of Health (DoH) so that they could be contacted if they were near someone who was identified as having covid-19. 

The latter was to notify the DoH that they had been tested positive for covid-19 and for their app to tell the DoH the keys for contact processing. 

The confusion could be mitigated by better documentation in the app. For example, "press this button if you have been tested positive for covid-19". 

>> It’s unclear to me how the keys-device connection is made within the
>server database.
>> The Notification side of the server must push a notification to
>devices
>(presumably when they connect to upload keys).
>
>The other way around: the central database only holds a list of
>contact-tags uploaded by the COVID-19-positive subject. The other
>participants in the contact-tracing network regularly check the central
>database to fetch any new contact-tags added to it, then the local
>device
>notifies the local user that they've had contact with a suspect and
>need to
>get tested. There's no matching done at the server end, it's only there
>as
>a repository of contact-tags uploaded by subjects.
>

If this is how it's done then I'd be more comfortable using that app. 

John.

More information about the linux mailing list