In article <srlte2$n6l$
1...@gioia.aioe.org>, Andy Burnelli
<
sp...@nospam.com> wrote:
>
> > the white papers (plural) were not only from apple.
>
> Point to the white paper you "claim" was written by any other than Apple,
> and if it has an Apple URL, then your claim is instant bullshit, nospam.
as i said, the original work was done at mit.
both apple *and* google implemented it for ios and android devices.
all three have extensive documentation.
also note the list of collaborators, which includes massachusetts
general hospital and several universities, who may have additional
references.
anyone who claims it's only apple (i.e. you) is ignorant and trolling.
here's a mix of overviews and white papers. there are also additional
documents available.
overviews:
<
https://news.mit.edu/2020/bluetooth-covid-19-contact-tracing-0409>
A team led by MIT researchers and including experts from many
institutions is developing a system that augments łmanual˛ contact
tracing by public health officials, while preserving the privacy of
all individuals. The system relies on short-range Bluetooth signals
emitted from peopleąs smartphones. These signals represent random
strings of numbers, likened to łchirps˛ that other nearby smartphones
can remember hearing.
...
łI keep track of what Iąve broadcasted, and you keep track of what
youąve heard, and this will allow us to tell if someone was in close
proximity to an infected person,˛ says Ron Rivest, MIT Institute
Professor and principal investigator of the project. łBut for these
broadcasts, weąre using cryptographic techniques to generate random,
rotating numbers that are not just anonymous, but pseudonymous,
constantly changing their ŚID,ą and that canąt be traced back to an
individual.˛
...
łWeąre not tracking location, not using GPS, not attaching your
personal ID or phone number to any of these random numbers your
phone is emitting,˛ says Daniel Weitzner, a principal research
scientist in the MIT Computer Science and Artificial Intelligence
Laboratory (CSAIL) and co-principal investigator of this effort.
łWhat we want is to enable everyone to participate in a shared
process of seeing if you might have been in contact, without
revealing, or forcing anyone to reveal, anything.˛
...
Rivest emphasizes that collaboration has made this project possible.
These collaborators include the Massachusetts General Hospital Center
for Global Health, CSAIL, MIT Lincoln Laboratory, Boston University,
Brown University, MIT Media Lab, The Weizmann Institute of Science,
and SRI International.
<
https://www.google.com/covid19/exposurenotifications/>
Once you opt-in to the notification system, the Exposure
Notifications System will generate a random ID for your device.
To help ensure these random keys canąt be used to identify
you or your location, they change every 10-20 minutes.
...
The Exposure Notifications System does not collect or use the
location from your device. It uses Bluetooth, which can be used
to detect if two devices are near each other ‹ without revealing
where the devices are.
white papers:
<
https://pact.mit.edu/wp-content/uploads/2020/11/The-PACT-protocol-speci
fication-2020.pdf>
We describe here the PACT (Private Automated Contact Tracing)
protocol, a simple, decentralized approach to using smartphones for
contact tracing based on Bluetooth proximity. Users of this scheme do
not reveal anything about themselves, unless they volunteer to do so.
In particular, users can volunteer to donate their private data to a
(trusted) health authority, who can then use this data to further
control the spread of the virus, but this is discretionary to the
users.
...
Furthermore, the PACT protocol satisfies the property that ł no
information, aside from these chirp values, ever leaves the userąs
phone without his permission.˛ The privacy of the user is paramount
in the PACT design.
<
https://blog.google/documents/69/Exposure_Notification_-_Cryptography_S
pecification_v1.2.1.pdf/>
This document provides the detailed technical specification for
cryptographic key scheduling for a new privacy-preserving Bluetooth
protocol to support Exposure Notification. Exposure Notification
makes it possible to combat the spread of the coronavirus ‹ the
pathogen that causes COVID-19 ‹ by alerting participants about
possible exposure, through someone they have recently been in
contact with who has subsequently been positively diagnosed. This
specification complements the Bluetooth specification, which contains
further information about the scheduling of broadcasts and the
higher- level life cycle of the Bluetooth protocol.
...
€ The key schedule is fixed and defined by operating system
components, preventing applications from including static or
predictable information that could be used for tracking.
€ A Temporary Exposure Key is required to correlate between a
userąs Rolling Proximity Identifiers. This reduces the risk of
privacy loss from broadcasting the identifiers.
€ Without the release of the Temporary Exposure Keys, itąs
computationally infeasible for an attacker to find a collision on a
Rolling Proximity Identifier. This prevents a wide range of replay
and impersonation attacks.
€ When reporting Diagnosis Keys, the correlation of Rolling Proximity
Identifiers by others is limited to 24 hour periods due to the use of
Temporary Exposure Keys that change daily. The server must not retain
metadata from clients uploading Diagnosis Keys after including those
key in the aggregated list of Diagnosis Keys per day.
<
https://blog.google/documents/70/Exposure_Notification_-_Bluetooth_Spec
ification_v1.2.2.pdf/>
This document provides the detailed technical specification for a
new privacy-preserving Bluetooth protocol to support Exposure
Notification. Exposure Notification makes it possible to combat the
spread of the coronavirus ‹ the pathogen that causes COVID-19 ‹ by
alerting participants about possible exposure to someone they have
recently been in contact with, who has subsequently been positively
diagnosed as having the virus. The Exposure Notification Service is
the vehicle for implementing exposure notification and uses the
Bluetooth Low Energy wireless technology for proximity detection of
nearby smartphones, and for the data exchange mechanism.
...
Maintaining user privacy is an essential requirement in the design of
this specification. The protocol maintains privacy by the following
means:
€ The Exposure Notification Bluetooth Specification does not use
location for proximity detection. It strictly uses Bluetooth
beaconing to detect proximity.
€ A userąs Rolling Proximity Identifier changes on average every 15
minutes, and needs the Temporary Exposure Key to be correlated to a
contact. This behavior reduces the risk of privacy loss from
broadcasting the identifiers.
€ Proximity identifiers obtained from other devices are processed
exclusively on device.
€ Users decide whether to contribute to exposure notification.
€ If diagnosed with COVID-19, users must provide their consent to
share Diagnosis Keys with the server.
€ Users have transparency into their participation in exposure
notification.