France Says Apple Bluetooth Policy Is Blocking Virus Tracker (bloomberg.com) 111
France is asking Apple to remove a technical obstacle that it says is delaying a government contact-tracing application designed to contain the coronavirus spread. Bloomberg reports: Apple's operating system prevents contact-tracing apps using its Bluetooth technology from running constantly in the background if that data is going to be moved off of the device, a limit designed to protect users' privacy. That limitation is standing in the way of the type of app that France wants to build, Digital Minister Cedric O said. The government aims to deploy its app by May 11, which is when France wants to begin to lift restrictions on movement that were imposed in mid-March. Contact-tracing apps are a tool health services can use to more accurately determine who infected people have come into contact with and governments can deploy to help make decisions about how quickly to reopen schools and businesses. An Apple spokesman referred to the company's previous joint statement about its partnership with Google, which said the technology would enable Bluetooth-based contact-tracing apps and declined to comment further.
No more privacy (Score:5, Insightful)
Clever design protects privacy (Score:5, Informative)
In this instance, the clever design of the Apple/Google protocol protects privacy pretty darn well.
The data that is sent to those you interact with is a hash (indistinguishable from random bits) which changes every ten minutes, of a random number your app generates daily.
If you test positive, you can let the people around you know that they should get tested by clicking the button to submit your random numbers to the health department. That's all anybody gets - randomly generated numbers.
More info:
https://slashdot.org/comments.... [slashdot.org]
https://slashdot.org/comments.... [slashdot.org]
Re:Clever design protects privacy (Score:4)
The data that is sent to those you interact with is a hash (indistinguishable from random bits)
Will they post the source for inspection? Otherwise how will we know those are hashes of random numbers?
Re: (Score:2)
Source code - yes. We need the source open to scrutiny by mathematicians and cryptographers before it can even be _considered_ worth trusting.
How are the random numbers generated? Are they really "random" or do they just appear to be random to the layperson?
Can the seed value be derived from subsequent "random" values? For example, does it use a linear congruential generator [stackoverflow.com]? If so and the seed is your device ID, it's not anonymous.
Are the "random" values really just hashes? Can the hash be easily brut
Re: (Score:1)
LOL
How many years of scrutiny do you think is also require before "in can even be _considered_ worth trusting"? How many more buzzwords can you include to make the threat seem maximally dire?
Just what do you imagine the threat is here? That a person identified through contact tracing might have his identity exposed? Oh the horror! That a person NOT identified may? Really?
You should think more and posture less.
Second Source (Score:2)
Re: (Score:2)
You clearly know nothing about the pervasiveness of ad tracking, app spying, or the massive data stores for sale.
You're also thinking in a single dimension - oh no, someone's identity is leaked. By the time you _do_ become worried, it will be too late. Because all the groundwork had been laid incrementally before you finally decided it was a threat to your freedom.
There is absolutely no reason we can't have the contact-tracing code scrutinized. And no, it doesn't have to take years.
Re: (Score:2)
Re: (Score:2)
Will they post the source for inspection? Otherwise how will we know those are hashes of random numbers?
Most of us know because we know that this software is created by human developers, most of which have pride in what they are doing, and if a nefarious CEO told them to create traceable "random" numbers it would leak it.
You, on the other hand, will never know. And just wondering, are you the Queen under a pseudonym, or why the "we"?
Re: (Score:3)
"Most of us know because we know that this software is created by human developers, most of which have pride in what they are doing, and if a nefarious CEO told them to create traceable "random" numbers it would leak it."
Some of us know that true randomness and untraceability are hard, and don't have confidence in their ability to get it right.
Re: (Score:2)
Some of us know that true randomness and untraceability are hard, and don't have confidence in their ability to get it right
Some of us know that Apple and Google can afford to hire the best. So you can piss off with your "confidence".
Re: (Score:2)
Even the best are not infallible, and Apple and Google fuck up all the time. Especially Apple, which currently has a number of unfixed crash bugs in OSX around everyday operations.
Re: (Score:2)
Those drumming on the "IT HAS TO BE PROVEN INFALLIBLE" meme remind me of Anti-VAXers. They cannot be convinced that enormous amounts of work have gone into making Vaccines as safe as they can be and that the general good is clearly to get everyone vaccinated without waiting for the PERFECT vaccine to become available. Nah, their least niggling doubt HAS to be satisfied before they can accept common sense.
Apple & Google's best is certainly better than just about everyone else's and if weaknesses are foun
Re: (Score:2)
"Apple & Google's best is certainly better than just about everyone else's and if weaknesses are found, well then they can be fixed "
Yes, very good, that's why we want it to be open source. So we can find the weaknesses. Are you new?
Re: (Score:2)
Most of us know because we know that this software is created by human developers, most of which have pride in what they are doing, and if a nefarious CEO told them to create traceable "random" numbers it would leak it.
I think that most of us know that there are enough developers who will develop whatever they are paid to develop to make your assertion "cute". But, you seriously need to reign in your worship of the cowboy programmer image. I've found it is as much a myth as the Hollywood cowboy it derives from.
Re: (Score:2)
How will you know anyway?
Are you going to pretend you are qualified to perform this inspection AND verify that the code that is executed is based on it?
I am (Score:3)
I'm not the person you replied to, but yes. Yes I audit security related source code for a living. These days it's nice to have 20 years of experience in the dual fields of information security and programming. :)
I've done analysis of Android apps. The app is the Dalvik code, so it's not hard to see what the app is doing. If what the app does is "download and execute some encrypted code", as malware often does, it's easy to see that it's doing that.
If it's acting like malware by executing encrypted code,
Re: (Score:2)
Lol, well, that ended this sub-thread pretty quickly.
Re: (Score:2)
Presumably the Android version will be open source, part of AOSP. The Apple iOS version will probably be closed.
The OS level stuff handles generating and exchanging IDs. You then need an app to submit those IDs to a health authority and check for IDs you have come into contact with. Hopefully there will be open source apps as well.
Re: (Score:2)
Re: (Score:2)
> . Once you upload them to the database... well they know exactly who uploaded them.
How? Your app sends the randomly generated numbers to the health department and then what can anyone do to know how sent it? If you figure that out, there may be a Fields medal waiting for you.
Re: (Score:2)
What is the point of sending randomly generated numbers to a health department without individual information? It's very easy to trace people, you just need 1 point on a busy location or another app on the same system or a nearby system that can correlate these random number streams with your actual personal information (eg. a Facebook or other app interaction) and you can start tracking people with a great degree of confidence (people are predictable). It becomes even worse once the stream of numbers start
Re: (Score:2)
> What is the point of sending randomly generated numbers to a health department without individual information?
There is no need to have personal information. You only need to know that you were close to an infected person - you don't care who. If you were hanging out with someone who has an active infection, you should get tested.
My post linked above explains how it works. Do you have a question about how it works, after reading the explanation?
> It's very easy to trace people, you just need ...
Re: (Score:3)
That's a false dichotomy. Apps that can assess your location based on radio data already exist. BLE is radio data and advertisers have been using it to track people going between venues.
Here's a simple example: You visit a bar, your WiFi and BT send out your MAC address frames or even join a WiFi network at the same time you have sent out 10-20 of these COVID-19 tracking frames, I can pick them up. You go to another place, I can do the same thing, but now I've identified you because your device fingerprint
Re: (Score:2)
> The health department thus sends me a stream of bits of all the ID's you've ever used, I've already identified some of them so it's easy to match up
That's not how hashes work.
Re: (Score:2)
For a few years now Android and iOS have been randomly changing Bluetooth MAC address every 15 minutes or so, making this kind of tracking much less effective.
Same with wifi. Not sure about iOS but Android now randomizes the MAC address when you connect to networks even.
So these databases only catch people with older phones and are mostly full of random numbers. They are still a little bit useful as they can track a device as it moves around a shop in blocks of 15 minutes, assuming the user left Bluetooth e
Re: (Score:1)
Re: (Score:2)
You know we can see the bytes? (Score:2)
> It's extremely likely the app will also upload your contact info and IMEI code.
You know we can see what it's sending, right?
If that's a new concept to you, check out what happens when you right-click a web page, choose "inspect", then click the network tab - then click a link on the page.
Re: (Score:2)
Re: (Score:2)
Just FYI, this isn't a web site.
If you'd like to have an idea of how it works, I described the operation of the whole system in my post above.
Re: You know we can see the bytes? (Score:2)
Re: (Score:2)
Again, you can keep coming up with random shit out of your ass and thinking it must be true because you thought it, or you can read where I explained how it works. Up to you.
Re: (Score:2)
We are talking about a government agency here boss.... if they want the information, and they can open up a way to get it... they will get it.
Re: (Score:1)
Well, you'll have the server logs and IPs of the device doing the uploading, those IPs can be matched to end users by network operators. Which in most parts of the world (as I know it) would require a court order or something similar.
But of course, one will have this "issue" with any kind of access to some server backend, so it's a moot point in the broader discussion. (and I'm all for Apples/Googles proposed implementation; are there potential issues? sure, in theory, but far less than with what France is
Re: (Score:2)
Yes the server logs will show that an IP used the system. And that's it.
Re: (Score:2)
> I don't know how you'd expect the health department to be able to contact the people you've been exposed to without any of that PII being available at least on your own phone if not uploaded to their "cloud repository" as well.
The health department doesn't contact anyone.
Have you read my description of how it works and the description is unclear, or are you arguing about something you haven't read?
Re: (Score:2)
And I've pointed out how moronic your description is.
If you generate a 4096-bit key every 10 minutes, you generate ~75kB/day. You typically interact with 100,000 devices per day (every car you pass on the highway, every commuter on the train, every person in a 1/4-1/2 of a KM in your radius because that's the range of BT low-energy) = 7.5GB of data you need to either keep track of or send out to the health department.
Then you need to send this data to an exponentially growing number of people as anyone inte
Re: (Score:2)
A few misconceptions there. The number of people on Earth is a 34-bit number. If everyone on Slashdot picked a 32-bit number you'd have no way of guessing who picked which number. In fact, if we all picked 1-bit numbers you'd have no way of guessing who picked which. The reason we'd use numbers larger than 1-bit is only to make it unlikely for two of us to pick the same number and generate a false positive. The way the math works, if everyone on Earth participated you'd need a 68-bit number in order to
Re: (Score:2)
"You typically interact with 100,000 devices per day"
Maybe if you live in the heart of New York City.
Re: (Score:2)
https://www.apple.com/covid19/... [apple.com]
Re: (Score:2)
"If you test positive, you can let the people around you know that they should get tested by clicking the button to submit your random numbers to the health department. That's all anybody gets - randomly generated numbers."
If you interact with people and THEN you get sick and THEN they are able to contact you via some means, THEN the interactions are trackable. Some process somewhere is capable of connecting the dots. I'm not saying its inherently bad, but you can't track people (which is what this is doing
Re: (Score:2)
> you interact with people ... and THEN they are able to contact you via some means
They don't need to contact you. They can just publish a list of randomly generated numbers sent in as "I made this number and I'm sick":
957307593695739
729579265936395
037395729573026
If your app received any of those numbers, you were hanging around someone who is infected. I don't need to know WHO I was hanging around that got sick, just that someone was. Then I get tested. The health department doesn't need to know who I
Re: (Score:2)
So a targeted attack could be to send you thousands of suspected acquaintances and see if you show up for testing. Then they can verify you were in close proximity to that/those individual(s).
Re: (Score:2)
You're saying the health department could send false acquaintance tokens to you, in order to find out whether you've been within a few feet of any of those people?
They could do that if they had the acquaintances under constant surveillance in order to capture the tokens every 10 minutes and could reverse a SHA-256 hash. Of course of they the acquaintances under surveillance, they don't need any tokens to see whether or not you are there also. And by just using their eyes, they wouldn't have to also reverse
Re: (Score:2)
Against it here and believe you should be too. Unintended consequences are indeed a law like the law of gravity. Going to happen, going to be bad. It's not the only problem - it's the problem and it's significant enough that it warrants noting giving this stuff a meh, shoulder shrug, figure it out later kind of attitude. Be against it.
Re: (Score:2)
You mean like the unintended consequences of your ignorance leading to the deaths of many people?
I'm against bullshit hypotheticals about technologies you don't know or understand when a real social threat exists that has real consequences, not just imagined ones.
Re: (Score:2)
When you see people that have it bad, it is people that have been clearly impacted with a high viral dose (medical professionals) or people that have weakend immune systems. The tracking data grab is literally a power grab... as Killary Clinton staid never let a good crisis go to waste...
Re: (Score:3)
Not wanting to let government apps track who they interact with == ignorance?
Your lack of empathy and understanding of people’s reticence to do such a thing, and you’re hostility toward them will probably lead to more deaths.
It’s always the other guy who is killing people, but rarely do we examine our own behavior. If you think this thing will save lives, calling people names will almost certain fail to persuade them, and will probably turn many more off who were on the fence.
Being unable
Re: (Score:2)
It is not possible to track people with this and not possible to determine who they interacted with if you count an interaction as more than "were withing 3m of at some point during the day".
Look, I will be the first one to resist anything that puts people living with oppressive governments at risk, but this is very well designed to prevent that kind of abuse. Maybe with enough resources it will be possible to misuse it somehow, but on the other hand in those countries you are also quite likely to have a ve
Re: (Score:2)
It won't be abused, it's the government, it will be mishandled, it will be bad and wrong at many levels. 6 months from now, someone will find the S3 bucket that had no password, or the laptop that a contractor lost working with live data for testing etc etc. They're rushing this out in 1 month time, how do you think this will be developed?
There are already apps (eg. Facebook) that can also listen to WiFi and GPS and BT at the same time as this app. It's not unlikely you'll see targeted malware at getting an
Re: No more privacy (Score:1)
Re: (Score:2)
If it allows shortening the lockdown by 1 month or even 1 week, I'll gladly share my bluetooth information.
At this point we must choose the option which less going to restrict our freedom and give the most results.
Re: (Score:2)
epic fails (Score:2)
I predict many epic fails in those non-chinese contact tracing app
Re: (Score:2)
First was, give up your privacy for national security, now its , give up your privacy for the good of everyone's health.
I'm not against it, the only problem is the law of unintended consequences.
Sounds great for America, but since this is France we're talking about, a country which actively takes companies to court over privacy violations. It may come as a surprise to you, but privacy is somewhat repspected in most European countries which is why we're generally more okay with temporarily sharing information with governments.
"Apple blocked our spying!" (Score:3, Funny)
Uh...seriously? I guess we have to discuss stuff like this if we need to change it.
Re: (Score:2)
Not just spying, anyone can use these contact tracing apps together with some other metadata to track anyone. That and the battery consumption of continuous BT pings is horrendous.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
The tiles themselves only last 6-12 months on a relatively large coin cell. BLE uses between 10 (idle) and 500mW (broadcasting) which is significant, any busy location and you're consuming basically half as much as a regular phone call.
Re: (Score:1)
Cellphone instructions used to tell you to disable Bluetooth to improve on-battery life. Don't know about current models.
Actually, this would be a great test case for free marketers. Offer models at the same price point that do or do not support tracking. Let the buyers vote with their wallets and see what happens.
Or we'll see just how far the freemarket cellphone vendors are interested in pursuing this. The reality is that whichever one they think is preferable will be priced one dollar/euro/pound cheaper,
Re: (Score:2)
Bluetooth LE [wikipedia.org], it's in the name.
Of course, no Bluetooth at all requires less energy than even Bluetooth LE.
Re: (Score:2)
yep but despite the LE people will be disabling bluetooth thinking its saving them a ton of battery for decades.
Re: (Score:2)
Spoken like you know that the solution will be indefinite, wide open access bypassing important security precautions and proper power management, all of which is certainly false.
Re: (Score:2)
Uh...seriously? I guess we have to discuss stuff like this if we need to change it.
Yes, we need to change this perception that "spying" is elusively linked to some profit motive or evil government agenda, especially since we're not talking about the USA, but rather a country which has a specific department setup to hand and preserve privacy infringement cases of citizens. Get a grip.
Re: (Score:2)
It was my understanding (though I haven't had need to dig into it too much as an iOS developer) that once you gave it permission it could leave the bluetooth on in the background. I'm not aware of these additional restrictions does anyone know where the documentation on this is?
when your app be teh crap (Score:1)
This will go nowhere (Score:3)
I think that Apple and Google are much more capable of designing something that _works_ and keeps people's privacy intact than the French government does. I also think that Apple and Google have a much stronger motivation to protect people's privacy. Apple because that's what they do, Google because _this_ is not something they want to be seen profiting from.
And the data that the French government wants to be unprotected is much more useful for a government than for an advertisement business.
Tracking who? (Score:2)
Re: (Score:1)
May 11. You think a country can't do more than one thing at the same time?
It's important to understand that the people on /. aren't the ones responsible for solving these problems, and it's a good thing.
Re: (Score:2)
It's important to understand that people in the government responsible for solving these problems are no differerent than the people here on /.
They may even be worse.
French government ruled out the idea of forcing french industries into producing protective stuff and tests. Instead they had the brilliant idea to order it abroad, then to discover that demand overflown supply, and that it was troublesome to get the order shipped.
Re: (Score:2)
Yes they are. They don't understand technology at all.
Re: Tracking who? (Score:2)
Neither do most people on Slashdot.
Re: (Score:2)
Not true. Politicians field a much higher percentage of psychopaths than Slashdot.
Re: (Score:1)
When a person who is sick gets reported as sick, the software recalls who they had contact with.
Some people are so sick when finally seeking help, they cant talk about the few weeks of contact they had.
Health experts who do the contract tracking look over the data sets.
The app recalls contact with another smartphone.
Most nominal nations just use the telco data. No app needed. Every use of a telco account in th
No thanks (Score:2)
Apple's operating system prevents contact-tracing apps using its Bluetooth technology from running constantly in the background if that data is going to be moved off of the device, a limit designed to protect users' privacy.
Good.
Q: What are they going to do with this data AFTER this virus is contained and beaten with a vaccine?
A:Whatever they think is in their best interests.
2025: "...The government aims to deploy its app by May 11, which is when France wants to begin to lift restrictions on movement
Re: (Score:2)
Your timeline is stretched. In less than 10y after its establishment, the EC managed to destroy the sovereignty of its member nations and establish its own legal primacy.
No. Next question (Score:2)
For the same reason we don't want government backdoors into encryption. If it's open for you it's potentially open for everybody.
Re: (Score:1)
Good! (Score:3)
Just my 2 cents
I hope this gets incorporated into Android (Score:1)
Re: (Score:2)
If I were Tim Cook I'd offer a free licence for this technology to Sundar Pichai.
Apple and Google are developing this API together. No license needed. As described, the system shouldn't use to many resources either.
Reversed headline. (Score:2)
Headline should be France's new app violates Apple's privacy policy.
We have to fight against privacy invasions, and this is the perfect example of what to object to.
Redesign the app so it doesn't have to do this. Keep the data on the phone until the person is declared sick, then let the USER release the information.
Re: (Score:2)
It's not clear that it does violate any privacy policy. They might have done a good job with the privacy side.
The issue is that iOS aggressively kills off background apps to save battery life. It affects a lot of stuff. This app needs to run all the time to send out the Bluetooth pings.
Apple is building that functionality into the OS itself. Once available the app won't need to run all the time, it will just be a front end for managing the data that the OS collected.
Re: (Score:2)
It's not clear that it does violate any privacy policy. They might have done a good job with the privacy side.
The issue is that iOS aggressively kills off background apps to save battery life. It affects a lot of stuff. This app needs to run all the time to send out the Bluetooth pings.
How do apps like Tile work then? Don't they have to be constantly sending out bluetooth pings to look for Tile devices? Do some companies have special dispensation from Apple to let their apps stay resident in the background?
You took $1.2Billion from Apple, now spend it! (Score:3)
In New Zealand one solution considered by the Government was to issue a contact tracing ‘CovidCard' [stuff.co.nz], a credit card that uses bluetooth. Privacy being taken into consideration here in NZ.
France can easily afford to do something similar using the $1.2B cash they recently shook down Apple for, Oui ou non?
Re: (Score:2)
This is the same thing, except on your phone. Not sure why you think the government tracking your location and contacts is not destroying your privacy. More people died defending these freedoms in the early 20th century than will ever die from COVID-19. Nice sacrifice you chose to make.
Re: (Score:2)
Privacy-Preserving Contact Tracing (Score:2)
https://www.apple.com/covid19/... [apple.com]
These Issues Breakdown Consistently (Score:2)
Those for whom the government tends to look after well, tend to trust the government and ridicule those who don't. The more affluent one is, the more likely they are to be in this trusting group.
Those who the government doesn't that as well, is distrustful of such overtures.
While the former group likes to think of themselves as the better educated group, and formally this may be true, their lack of understanding of basic human psychology (which they ostensibly all took in college), and their hostility towa
Of Course, This Will Never Happen (Score:2)
Let's say France gets it's way, and ten years from now, we all learn that they totally did abuse the ability, and it's seen as a huge mistake.
How many of those who are ridiculing the opponents will come back to the discussions they had and sincerely apologize for the name-calling?
The answer is 0.
This lack of skin in the game is a reason that Internet debates are rarely productive. The cost to carry a position, right or wrong, is negligible, and accountability is non-existent.
Rant and rail against all of th
Re: (Score:2)
Let's say France gets it's way, and ten years from now, we all learn that they totally did abuse the ability, and it's seen as a huge mistake.
Right now Apple has about a billion reasons to tell the French government "go **** yourself". What the French want will _not_ go on the App Store. Not when Apple and Google together are offering an API that keeps privacy safe, that will have been tested and found working in all countries other than France, that automatically works with any app using the API.
For example, if eventually you travel from France to the UK, and you sit with your French phone with a French app using the Apple / Google API on a p
If This Virus Only Effected the Poor (Score:2)
Nobody would give a shit. Except the poor.
That the virus has the potential to effect the wealthy at an arguably greater rate (due to greater mobility), is why this is such a "crisis".
When the ruling-class feels scared, the rights of everyone else start disappearing, and quickly.
Find a cure, make it super-expensive so only the affluent can afford it, then we all go back to normal while the have-nots go back to dying quietly.
Hooray for Apple (Score:2)
Thanks, Apple.
France can go fuck itself.
And protect their battery life (Score:2)
I've always found running bluetooth continuously is a good way to halve the battery life of your phone.
The concerns are almost cute (Score:3)
It's almost cute how so many people are suddenly worried about their privacy with the contact tracing apps. I understand the concerns, of course, but this is something Apple and Google has the capacity to do, whether or not there is a pandemic and/or government approvals. It's not like this requires some new hardware, it's implementable completely in software. So if the tech giants choose so, this can be pushed to the devices through any update. It could even be there already - we cannot really know. Even if these were blocked, nothing prevents to add them later...
Re: (Score:2)
It's almost cute how so many people are suddenly worried about their privacy with the contact tracing apps
Thanks. Nobody seems to have noticed this. If Apple or Google wanted to know where you are all the time, they would know, and you wouldn't know about it. They write the OS. There's nothing you could do and no way to find out. Except for whistleblowers who would give it all away obviously, which is why it isn't done.
Re: (Score:2)
It's not a bug, it's a feature (Score:2)
This is by design. Admittedly, I've run into problems related to this too...and in fact, Android does this too. To conserve battery, both OS's try to run "pause" things in the background, particularly when the phone isn't active.
I agree that there should be a provided way around this, following Digital Signatures, explicit/non-trivial permissions from the user on a per-app basis (VPN clients like OpenVPN for instance,) etc. What should not happen is a blanket nullification of the restriction.