The Challenge of Developing Effective Contact Tracing Apps: A Complex Issue

Developing effective contact tracing apps is a complex issue that requires careful consideration of various factors, including the number of people using the app, the level of information available to the authorities, and the balance between public health and individual freedoms. According to experts, having only 20 people use the app may not be enough to make it effective, as relying on individuals to self-isolate when they are told to do so is a crucial aspect of contact tracing.

As one expert noted, "even if you've got 100 it may not work because you're still relying on people to self-isolate when they're told to and things and so on." This highlights the need for a system that can encourage widespread adoption and provides more information to authorities. The use of Google and Apple's approach, which relies on the operating system and is low-power, has been seen as beneficial in terms of uptake per device, but there are still questions over its impact on battery life and potential for users to uninstall the app.

Another expert warned that mandating the use of contact tracing apps could be difficult, citing concerns about individual freedoms. "it's going to be difficult right people are not going to like that um you know i suppose it's theoretically possible i mean i think i read somewhere and bear in mind i can't remember what the source was but it was something about 80 need to be have this app installed or being used for it to be really effective um you know there'll be some measure of effectiveness below this." However, even with a voluntary approach, experts agree that having a high level of adoption is crucial.

The role of big tech companies in promoting the use of contact tracing apps cannot be overstated. According to one expert, "if you've got the big tech companies which are long in particular certain cases had a strong privacy um application going on saying this is working we want you to use it you're going to get more buy-in there than if you come up with something random and you've got a lot of people that don't trust your government for example um depending on what country you're in and things." This highlights the need for governments to work closely with tech companies to promote widespread adoption.

Despite the challenges, experts believe that developing effective contact tracing apps is essential for preventing the spread of COVID-19. As one expert noted, "it's an interesting sort of management of what's going on there i mean yeah it's interesting." The development of these apps requires a nuanced approach that balances public health concerns with individual freedoms and technological limitations.

The risk of having only a single point of failure in the system is also a significant concern. As one expert noted, "one of the big downsides of kerb loss is that this is a bottleneck and it's also a single big point of failure we're all trusting that these keys are coming from this one place if that place gets gets compromised so it'll send packet one over to the machine that'll take some time to get there but eventually it'll get there and then it will send"

Overall, developing effective contact tracing apps requires careful consideration of various factors, including adoption rates, information availability, and technological limitations. While challenges remain, experts agree that these apps are essential for preventing the spread of COVID-19 and promoting public health.

"WEBVTTKind: captionsLanguage: enin the current situation of the world pretty much the whole world being in kind of lockdown um we know that certain tech firms have been working on uh contact tracing technology to try and help people work out who they've been in contact with so we've got steve and mike here um steve uh what's the deal here with the obvious medical situation at the moment i'm not going to use the c word because we'll probably get demonetised and things if we do there's a lot of talk about how we could use technology to sort of try and trace people who may have it and who they've been in contact with and i thought it's interesting particularly as apple and google have been working on technology to do this to just have a conversation about this i mean it's sort of an interesting application of technologies that exist on the phone i mean if you sit and think about how you would do this then understood the technology then you'd come up with pretty much the same approach that apple and google have come up with but the idea is is that i'm walking along the street mike walks past me my phone and his phone talk to each other and then later mike goes down with some sort of nasty disease he notifies the phone which notifies the local health service and then that can tell me that i've just been infected by someone hopefully preserving privacy and then i can then go into self-isolation so if i develop it i don't pass it on to anyone else that's the general idea some sort of automated way so if someone suddenly finds out that they've become infected because they start to show symptoms they can notify the people they may have been in contact both the ones they know but also the ones they've met in the aisle at sainsburys as they're picking up the baked beans or whatever it is they might be so it's a way of sort of keeping track of that in an easy way so it sounds like you've sorted the nail on the head there this is kind of it's tracking what people are doing but then you've got to somehow preserve privacy um yeah maybe that's the point to bring mike in on this um sure that's like that's like the two sides of one coin isn't it yeah i mean the privacy is a real problem uh in the sense that and i mean i should say that actually i'm not against this app or any of these apps in general i think obviously trying to prevent the spread of a disease is is obviously a good thing to do um i think that we we should probably separate what in our heads would be a perfect system from what a system might that might actually exist is the issue with privacy is that so google and apple's approach is you know fairly private in the sense that you don't give away who you are you just give away keys and maybe we can talk about that in a moment and it means that you can be told that you're in contact with someone who maybe has tested positive for this disease but you probably can't find out necessarily who that is but even that system isn't completely private i mean if i hypothetically if lockdown was eased out eased up a little bit and i went around to steve's house for half a day and then i get a message later on my phone that says someone on that day that you're in contact with has been exposed to some virus well it's not going to take great deductive reasoning for me to work out who that was so it is private but only to an extent right there are ways around this there are some conundrums around it but let's should we talk about in hypothetically or in principle how might something like this work yes i mean the approach that they're taking the google and apple are suggesting we take and all the other approaches that are being taken are relatively straightforward i mean most of us carry around with us these days some form of smartphone either an android phone or an iphone whatever it is that takes your fancy uh and these come with bluetooth built in and one of the features particularly of bluetooth for bluetooth low energy that they offer is the ability for low-power devices to sort of sit around the environment and transmit to say that they are there so apple have used this with their ibeacons technology other places have used this so that if you walk into a shop that can then say to your phone you're in mock suspenses or wherever it is and then that can bring up information on your phone relevant to the local area so you can do some hyperloop listings you could use it in your house so if you say your phone turn on the lights it knows which room you're in and turns on the right set of lights rather than having to say turn on the lights in the lounge or whatever it is the approach that they're taking is that they take this technology and make all phones regularly say every five minutes send out an advertisement with a specific code in it that says this is for exposure tracing so your phone will send something out and then all the other phones in the area will receive that and they know they've seen that phone i've got a little demonstration set up using a raspberry pi here this raspberry pi is actually sending out advertisements not of the exposure tracing type but just generic advertisements using some of the free software that came with blues on linux and i've got my phone here running an app which can show you what things can be seen at the moment so if i look at this at the moment we can see down here at the bottom as well as seeing my all my devices there's one called happy which is what happens to be the name of that raspberry pi and alongside that in very small letters it tells us the rssi effectively it's a sort of proxy for how far away that device is so at the moment it's showing that as being minus 42 if i move the device over here it's gone to minus 60. as well as since that device is in the same room we can also get some sort of idea of how far away it is from the person which means that we can also say well actually if it's too far away then they're not likely to have been in close enough contact to caught the virus and so we'll just ignore that because imagine you're walking down a street you may well have line of sight to someone the other side of the road and so you won't necessarily pick anything up from that so there's no point in recording that on the other hand if i'm sitting on the bus next to someone then you would definitely want to know about it because the chances are it's a little tricky because if you hold the phone in different directions it's in your back pocket and the other person's back pocket you'll get different types of sort of readings off there but you get some sort of sense so that can tell us what's in the same area and the idea that google apple is saying is okay every time we get one of those advertisements we note down who it is and we can build up a big table on the phone that says i have seen this phone at this time and you can then extend it if you see it five minutes later and so on you can get an idea of who you've seen and for how long you've been exposed to them a very fleeting limits as you walk past someone on the street you probably will never get picked up and never recorded being in the same shop for 10 minutes while you're doing your shopping probably will get recorded and things that's the sort of thing you want to know because that fleeting glance as you walk past probably not going to pass anything on at all now you need to do some way of knowing who that so you could just give everyone in the world a number um i would be number six you could be number 12 might could be number two that sort of thing but the problem with that is then it becomes very easy to say who's been in contact with who and you don't really need that information to contact trace to detect exposure as a way of doing this you just need to know that he's been in contact to be the other thing that apple and google have suggested is a way of anonymizing this so that i know i've been exposed to someone but i don't know who it is and there really isn't an easy way without other information i i was on this bus at this time and so on to actually de-anonymize it as i see it's a bit like sona or radar with a bit more information so you know you've got these a bit like transponders on planes where everybody has some kind of number and you can say okay you met number two number three you went past number one but it wasn't very close etcetera etcetera if i got that about right that's right you know who everyone is they're in the same area you've got a record they're in the same area and then if number six gets some particular weird thing you can then broadcast out to everyone else this identifier had this and then they can check their databases or you could upload the databases into a central place and they could then say to each other you've been exposed you probably should go into self-isolation or something for whatever the requirement is for the particular malady that is being traced at that point and so on that makes me think people are gonna be worried about these numbers and how we work out who's what number so mike how are people gonna work out who these numbers are without telling people who they are and yeah all that sort of stuff yeah so actually it's quite simple and it's quite a clever way of doing it we don't obviously send any individual identifiers out right it's just you're your phone is sending messages but they're not messages that can be used to identify you so i mean to use a very simple example let's imagine that our applications were just sending out our names then you could just use any phone to sniff on anyone walking past that day right which is probably an invasion of privacy right so um what we do instead is your phone will every 24 hours generates something called a temporary exposure key and that is essentially a secret key that you're going to keep and you're only ever going to send it out if you get diagnosed with some virus that you want to notify people about so from that key you combine that with the current time in a sort of rolling window of about 10 minutes and every sort of 10 or 15 minutes you'll take your temporary exposure key and the current time and you'll combine them using encryption into your actual rolling proximity identifier or rpi and that thing is a thing you actually transmit out using this bluetooth what will happen is you'll be out and about and you'll just get sent random rolling proximity identifiers which are just meaningless numbers and you can then stash them away on your phone for a later date now let's imagine that i'm going out and about and i've created some of these rolling proximity identifiers what happens if i go to a doctor and i get the disease and i have to notify people who i've been in contact with what i do is i upload to the cloud or up to you know the health authority or whoever it is that's running the app i upload my temporary exposure keys the daily keys that i was using and then everyone else's phones will occasionally go up to the cloud and ask for any temporary exposure keys that have been released that day or for the last few days and they will use those to generate given the time that those were released the different potential rolling identifier keys or rolling proximity identifiers that could have occurred based on that temporary exposure key and if if one matches then your phone now knows that you've been exposed theoretically to some disease by being in bluetooth contact with someone who has now sort of said i've got it right so what you actually basically get is a bunch of meaningless numbers but once you get these temporary exposure keys from a sort of reputable source your phone can sort of back calculate what those rpis would have been and go oh actually i i did see that one that means i've probably been exposed now in the google and apple model this is a decentralized process so a decision as to whether to alert you or something like this is going to be made on your phone based on for example the signal strength which is included in the packet and things like how long you're in contact with them for and stuff like this other sort of you know other health services and other companies and you know governments and things are working on slightly different systems which are centralized by design which would have that kind of decision put into the cloud with many more people involved computationally isn't that really quite expensive i mean if you're potentially looking through trying to calculate i'm guessing what will be kind of like a hash on every possible time stamp that your phone has been there on every possible released is it am i right there so so i mean if you think that the um for for the current pandemic the sort of suggestion is that maybe you're contagious for maybe 14 days so you're not going to bother releasing all of your ever you know all of your temporary exposure keys that you've ever produced right if you've been running this app for a year so you you know you get diagnosed you release let's say a maximum of 14 of these keys there's 144 of these 10 or 15 minute windows in a day so you've got that 14 times that many possible encryptions that you've got to perform per key right so it is it is an issue computationally but it's not it's not a disaster right and you're only going to do it once per key either you've seen it or you haven't um and so you know it's it's doable right but this is you know this is going to be an overhead there's going to be an overhead involved in doing this you only have to work out whether it's worth alerting the user if you find the key so you know you download the temporary exposure key you perform the encryption you generate the potential rpis and you compare them with the ones you've seen and if you get a hit that's when you start looking more in a more complicated way at things like signal strength and things like this so you don't do all that unless you've got this this cryptographic hit and you said okay i actually was you know connected to that phone you know at least briefly and there's other things you can do of course of course for example if you decide the exposure of less than say five minutes isn't harmful let's say let's say that for some reason you need to be exposed for 15 minutes within two meters you can already start to throw away that data on your local device um if you know that that's not the case you know that i've only seen this identifier for three minutes i guess it's an issue it may have changed midway through that but you've only seen it for three minutes then i'm not going to be needing this i can throw it away and things and so on you've also got data on there there's a limit to how much data you have to be able to hold on to at the same time right it's not none but it's not and these are small messages i mean these are sort of 16 byte messages so you know it's not a huge amount of memory either i mean every text message you send is going to be bigger than this and if we think about the way some people text uh every email is going to be massively bigger than this i mean the text message will be at least 10 times bigger than this an email probably 100 times bigger than this just in the headers and things so it's really small amounts of data i think i was worried that if i'm thinking of every possible time in every possible day and then trying to calculate a hash based upon a potential of how many thousand keys released and just see what i mean i was more thinking of if i've got to be making those it's not the same as going right okay over this period of time did i see number six number two and number three it's actually did i see number six hashed with the time yeah so there is there is an additional amount of work because you've got to take that temporary exposure key and combine it with all the different possible times that that key was because each key comes with a sort of approximate day but it was active and so you've got maybe 144 different encryptions you're going to have to perform obviously you're only receiving new exposure keys from the cloud so maybe 10 people have used the app that day and so you've only got 10 of these to do but then maybe a million people have usually haven't been diagnosed that day it's not been a good one and now you've got a lot more encryption you've got to do but again you've also got extra data though so you can sort of you know the phone knows where it's been location-wise so it can start to give say this one never left liverpool or this one never left balamori or somewhere the google and apple model what they're doing is they're releasing an api which will allow you to do these things this bluetooth message passing and this key generation uh on the device but they're not providing an app that will do contact tracing or any kind of public service you know public health announcements or anything like that what they're assuming is that countries or you know the nhs or some other hospital will implement a system like this and use this api um so actually there isn't very much information held in these messages all you get is you know someone has been diagnosed or reportedly been diagnosed with this virus and you were in contact with them for this window of time because of this bluetooth signal what do you do right that that's a very good question i get a message on my phone that says someone has been exposed to some virus and you've had a brief amount of contact with them but you don't know who it is or where this was it's impossible to know whether i should be self-quarantining or not right i mean maybe it's gone through a wall and it was just you know a neighbor or something like that and i've not actually had any physical contact with them without more information it's nice and private in some sense you know it's difficult to trace where everyone's been going and with whom but it's difficult to get a big picture of what's going on with the spread of a pandemic or something like this which is why some countries are looking for slightly more information like gps locations and actual names and addresses and you know contact with gps and things like this to build a much bigger picture of what's going on and that's where i think people start to decide you know how much privacy should we be giving away even temporarily for something like this but yes so some governments have said basically if we're going to do proper contact tracing we want more information than this right we would like gps we'd like who your family members are you know where i mean this is the same kind of contact tracing they would do anyway right if i got a disease that needed to be traced they would ask me personally who i'd been in contact with i'd tell them and they'd phone them up and ask them as well right so in some sense what they're building into their the additional information they're building into these applications isn't anything we're not kind of already doing but this is all automated and we're kind of working on the assumption that this goes away at the end of his pandemic um and you know i i don't know i'm kind of undecided but i think that some people are not not so sure about this one way to look at this is there's two ways of doing it what apple and what will traditionally be do if you want to do exposure tracing is you know someone's infected you then go and ask them who have you been in contact with and they got asked who they've been in coming so you collect that data when you know you need it the alternative approach is you collect all the data so that if you need it you can find what you want easily and it's that difference between approach if you've got all the data you can probably get better quality out of it but do you need that data what are the privacy gdpr implications about that that you need to take into account will that then put people off using it so some people will be more happy to use one which is relatively low kept to their own device there's some risk to it but other people will say no i wouldn't use that at all whereas one where the government's effectively collecting data everywhere you've been may put more people off at which point as you say you've then got actual less data because people say well i'm not putting that on my phone and if enough people do that you may end up with a system that should be better but will actually perform worse because it's actually collecting less data there's more people walking around getting infected and passing the infection on that you have no knowledge about so that's the problem i mean the sys either system is open for abuse i mean we've seen people pranking apple maps and google maps is transport data by strapping phones to dogs and so we could have sort of robot dogs running around the sort of um country broadcasting that they are a person with a key and then people say afterwards they'll go and mark them as infected so there needs to be some sort of controls because you could you could imagine causing chaos you could sort of send a little um drone around flying over the heads of large parks broadcasting infection messages and then if you'd also need to be able to verify this before that gets in steve there are enough conspiracy theories doing the rounds already let's not add yeah you don't need to use 5g for this most perfectly well steve makes a valid point which is that um any system implementing this kind of contact tracing has got to be very well programmed because i mean you know hypothetically i secrete my phone somewhere near the checkout of a of a supermarket i get contact with dozens hundreds of people throughout the day and then i report that i've got some virus right and then suddenly they're all getting these things now obviously i've got no real reason to do that but we can't assume that everyone's going to use the system exactly how we intended it to be used right so you're going to have to build in some kind of probably some kind of actual medical check right which has got to be tied into a health service of some kind and you know this all adds delays it does get quite complicated quite quickly the the thing is about this is it it really requires pretty much hundred percent um involvement people have to buy into this you have to get everybody who's a smartphone to to buy into this or it's not going to work probably what if only 20 of people had it steve well yeah i mean this is the thing is i mean the first thing to remember mine is even if you've got 100 it may not work because you're still relying on people to self-isolate when they're told to and things and so on but obviously as less people are using it you're going to catch less interactions between people as they move around if 10 of your population aren't using it because they don't have a smartphone or they don't like the privacy implications of what now in some ways that possibly wouldn't be too bad because he probably catched a second order effect of that the okay dave's a refuse nick he doesn't take his smartphone out when he goes shopping he gets infected he passes it on to mike who he bumps into in the sort of tesco around the corner um mike does use it though he then gets ill and everyone might have been in contact with gets notified and say you've lost one level but but of course if you then take out if mike then becomes a refuse nick because he doesn't like the uh security implications of what the particular apps are being used you've now got three levels before you get things and so you can start to see that actually as more people don't use it you get more problems with coming on so the more people using it the better it's going to be work so you want a system that gets as many people to use it here and i suspect if you were to model these things i'm not an epidemiologist it's not my sort of field you'd find that actually having less information but more people using it there's going to be a balance to be found between do you have more people using it with more information but at some point one is going to be better than the other and it's trying to model what that is going to be i think it's going to be an interesting question for people who are developing these apps the societies they're running in and what they offer yeah i mean i i don't think anyone knows right at the moment i think the benefit of the google and apple approach is that it's quite low power and it just sort of sits on the operating system and eventually will be app free so you won't need to you won't need to necessarily have an app installed for this api to exist and that means that the uptake per device will be quite high for the compatible devices and for the people that have you know sufficiently powerful smartphones um for the slightly more involved apps there's big questions over if they start using too much battery because they're polling gps or too much bluetooth or something like this or constantly reporting to the cloud if you take a 20 battery hit per day it's not going to be long before you give up and uninstall and that drives down the not much you know the amount of use which is exactly what we don't want right so you know there are questions over could you mandate something you know make this sort of mandatory it's going to be difficult right people are not going to like that um you know i suppose it's theoretically possible i mean i think i read somewhere and bear in mind i can't remember what the source was but it was something about 80 need to be have this app installed or being used for it to be really effective um you know there'll be some measure of effectiveness below this but if that's the case it's got to be very fluid very easy to use and there's got to be a real sort of push for everyone to kind of you do it as a public service right and you know whether or not that happens you know i'm not sure yet yeah i think there's an advantage in sort of in getting people to buy in if you've got the big tech companies which are long in particular certain cases had a strong privacy um application going on saying this is working we want you to use it you're going to get more buy-in there than if you come up with something random and you've got a lot of people that don't trust your government for example um depending on what country you're in and things so it's a sort of an interesting sort of management of what's going on there i mean yeah it's interesting well thank thanks both for getting involved in this um you know great to keep computer file going while we're remote and um hopefully my phone won't be pinging yours anytime soon see you later all right one of the big downsides of kerb loss is that this is a bottleneck and it's also a single big point of failure we're all trusting that these keys are coming from this one place if that place gets gets compromised so it'll send packet one over to the machine that'll take some time to get there but eventually it'll get there and then it will sendin the current situation of the world pretty much the whole world being in kind of lockdown um we know that certain tech firms have been working on uh contact tracing technology to try and help people work out who they've been in contact with so we've got steve and mike here um steve uh what's the deal here with the obvious medical situation at the moment i'm not going to use the c word because we'll probably get demonetised and things if we do there's a lot of talk about how we could use technology to sort of try and trace people who may have it and who they've been in contact with and i thought it's interesting particularly as apple and google have been working on technology to do this to just have a conversation about this i mean it's sort of an interesting application of technologies that exist on the phone i mean if you sit and think about how you would do this then understood the technology then you'd come up with pretty much the same approach that apple and google have come up with but the idea is is that i'm walking along the street mike walks past me my phone and his phone talk to each other and then later mike goes down with some sort of nasty disease he notifies the phone which notifies the local health service and then that can tell me that i've just been infected by someone hopefully preserving privacy and then i can then go into self-isolation so if i develop it i don't pass it on to anyone else that's the general idea some sort of automated way so if someone suddenly finds out that they've become infected because they start to show symptoms they can notify the people they may have been in contact both the ones they know but also the ones they've met in the aisle at sainsburys as they're picking up the baked beans or whatever it is they might be so it's a way of sort of keeping track of that in an easy way so it sounds like you've sorted the nail on the head there this is kind of it's tracking what people are doing but then you've got to somehow preserve privacy um yeah maybe that's the point to bring mike in on this um sure that's like that's like the two sides of one coin isn't it yeah i mean the privacy is a real problem uh in the sense that and i mean i should say that actually i'm not against this app or any of these apps in general i think obviously trying to prevent the spread of a disease is is obviously a good thing to do um i think that we we should probably separate what in our heads would be a perfect system from what a system might that might actually exist is the issue with privacy is that so google and apple's approach is you know fairly private in the sense that you don't give away who you are you just give away keys and maybe we can talk about that in a moment and it means that you can be told that you're in contact with someone who maybe has tested positive for this disease but you probably can't find out necessarily who that is but even that system isn't completely private i mean if i hypothetically if lockdown was eased out eased up a little bit and i went around to steve's house for half a day and then i get a message later on my phone that says someone on that day that you're in contact with has been exposed to some virus well it's not going to take great deductive reasoning for me to work out who that was so it is private but only to an extent right there are ways around this there are some conundrums around it but let's should we talk about in hypothetically or in principle how might something like this work yes i mean the approach that they're taking the google and apple are suggesting we take and all the other approaches that are being taken are relatively straightforward i mean most of us carry around with us these days some form of smartphone either an android phone or an iphone whatever it is that takes your fancy uh and these come with bluetooth built in and one of the features particularly of bluetooth for bluetooth low energy that they offer is the ability for low-power devices to sort of sit around the environment and transmit to say that they are there so apple have used this with their ibeacons technology other places have used this so that if you walk into a shop that can then say to your phone you're in mock suspenses or wherever it is and then that can bring up information on your phone relevant to the local area so you can do some hyperloop listings you could use it in your house so if you say your phone turn on the lights it knows which room you're in and turns on the right set of lights rather than having to say turn on the lights in the lounge or whatever it is the approach that they're taking is that they take this technology and make all phones regularly say every five minutes send out an advertisement with a specific code in it that says this is for exposure tracing so your phone will send something out and then all the other phones in the area will receive that and they know they've seen that phone i've got a little demonstration set up using a raspberry pi here this raspberry pi is actually sending out advertisements not of the exposure tracing type but just generic advertisements using some of the free software that came with blues on linux and i've got my phone here running an app which can show you what things can be seen at the moment so if i look at this at the moment we can see down here at the bottom as well as seeing my all my devices there's one called happy which is what happens to be the name of that raspberry pi and alongside that in very small letters it tells us the rssi effectively it's a sort of proxy for how far away that device is so at the moment it's showing that as being minus 42 if i move the device over here it's gone to minus 60. as well as since that device is in the same room we can also get some sort of idea of how far away it is from the person which means that we can also say well actually if it's too far away then they're not likely to have been in close enough contact to caught the virus and so we'll just ignore that because imagine you're walking down a street you may well have line of sight to someone the other side of the road and so you won't necessarily pick anything up from that so there's no point in recording that on the other hand if i'm sitting on the bus next to someone then you would definitely want to know about it because the chances are it's a little tricky because if you hold the phone in different directions it's in your back pocket and the other person's back pocket you'll get different types of sort of readings off there but you get some sort of sense so that can tell us what's in the same area and the idea that google apple is saying is okay every time we get one of those advertisements we note down who it is and we can build up a big table on the phone that says i have seen this phone at this time and you can then extend it if you see it five minutes later and so on you can get an idea of who you've seen and for how long you've been exposed to them a very fleeting limits as you walk past someone on the street you probably will never get picked up and never recorded being in the same shop for 10 minutes while you're doing your shopping probably will get recorded and things that's the sort of thing you want to know because that fleeting glance as you walk past probably not going to pass anything on at all now you need to do some way of knowing who that so you could just give everyone in the world a number um i would be number six you could be number 12 might could be number two that sort of thing but the problem with that is then it becomes very easy to say who's been in contact with who and you don't really need that information to contact trace to detect exposure as a way of doing this you just need to know that he's been in contact to be the other thing that apple and google have suggested is a way of anonymizing this so that i know i've been exposed to someone but i don't know who it is and there really isn't an easy way without other information i i was on this bus at this time and so on to actually de-anonymize it as i see it's a bit like sona or radar with a bit more information so you know you've got these a bit like transponders on planes where everybody has some kind of number and you can say okay you met number two number three you went past number one but it wasn't very close etcetera etcetera if i got that about right that's right you know who everyone is they're in the same area you've got a record they're in the same area and then if number six gets some particular weird thing you can then broadcast out to everyone else this identifier had this and then they can check their databases or you could upload the databases into a central place and they could then say to each other you've been exposed you probably should go into self-isolation or something for whatever the requirement is for the particular malady that is being traced at that point and so on that makes me think people are gonna be worried about these numbers and how we work out who's what number so mike how are people gonna work out who these numbers are without telling people who they are and yeah all that sort of stuff yeah so actually it's quite simple and it's quite a clever way of doing it we don't obviously send any individual identifiers out right it's just you're your phone is sending messages but they're not messages that can be used to identify you so i mean to use a very simple example let's imagine that our applications were just sending out our names then you could just use any phone to sniff on anyone walking past that day right which is probably an invasion of privacy right so um what we do instead is your phone will every 24 hours generates something called a temporary exposure key and that is essentially a secret key that you're going to keep and you're only ever going to send it out if you get diagnosed with some virus that you want to notify people about so from that key you combine that with the current time in a sort of rolling window of about 10 minutes and every sort of 10 or 15 minutes you'll take your temporary exposure key and the current time and you'll combine them using encryption into your actual rolling proximity identifier or rpi and that thing is a thing you actually transmit out using this bluetooth what will happen is you'll be out and about and you'll just get sent random rolling proximity identifiers which are just meaningless numbers and you can then stash them away on your phone for a later date now let's imagine that i'm going out and about and i've created some of these rolling proximity identifiers what happens if i go to a doctor and i get the disease and i have to notify people who i've been in contact with what i do is i upload to the cloud or up to you know the health authority or whoever it is that's running the app i upload my temporary exposure keys the daily keys that i was using and then everyone else's phones will occasionally go up to the cloud and ask for any temporary exposure keys that have been released that day or for the last few days and they will use those to generate given the time that those were released the different potential rolling identifier keys or rolling proximity identifiers that could have occurred based on that temporary exposure key and if if one matches then your phone now knows that you've been exposed theoretically to some disease by being in bluetooth contact with someone who has now sort of said i've got it right so what you actually basically get is a bunch of meaningless numbers but once you get these temporary exposure keys from a sort of reputable source your phone can sort of back calculate what those rpis would have been and go oh actually i i did see that one that means i've probably been exposed now in the google and apple model this is a decentralized process so a decision as to whether to alert you or something like this is going to be made on your phone based on for example the signal strength which is included in the packet and things like how long you're in contact with them for and stuff like this other sort of you know other health services and other companies and you know governments and things are working on slightly different systems which are centralized by design which would have that kind of decision put into the cloud with many more people involved computationally isn't that really quite expensive i mean if you're potentially looking through trying to calculate i'm guessing what will be kind of like a hash on every possible time stamp that your phone has been there on every possible released is it am i right there so so i mean if you think that the um for for the current pandemic the sort of suggestion is that maybe you're contagious for maybe 14 days so you're not going to bother releasing all of your ever you know all of your temporary exposure keys that you've ever produced right if you've been running this app for a year so you you know you get diagnosed you release let's say a maximum of 14 of these keys there's 144 of these 10 or 15 minute windows in a day so you've got that 14 times that many possible encryptions that you've got to perform per key right so it is it is an issue computationally but it's not it's not a disaster right and you're only going to do it once per key either you've seen it or you haven't um and so you know it's it's doable right but this is you know this is going to be an overhead there's going to be an overhead involved in doing this you only have to work out whether it's worth alerting the user if you find the key so you know you download the temporary exposure key you perform the encryption you generate the potential rpis and you compare them with the ones you've seen and if you get a hit that's when you start looking more in a more complicated way at things like signal strength and things like this so you don't do all that unless you've got this this cryptographic hit and you said okay i actually was you know connected to that phone you know at least briefly and there's other things you can do of course of course for example if you decide the exposure of less than say five minutes isn't harmful let's say let's say that for some reason you need to be exposed for 15 minutes within two meters you can already start to throw away that data on your local device um if you know that that's not the case you know that i've only seen this identifier for three minutes i guess it's an issue it may have changed midway through that but you've only seen it for three minutes then i'm not going to be needing this i can throw it away and things and so on you've also got data on there there's a limit to how much data you have to be able to hold on to at the same time right it's not none but it's not and these are small messages i mean these are sort of 16 byte messages so you know it's not a huge amount of memory either i mean every text message you send is going to be bigger than this and if we think about the way some people text uh every email is going to be massively bigger than this i mean the text message will be at least 10 times bigger than this an email probably 100 times bigger than this just in the headers and things so it's really small amounts of data i think i was worried that if i'm thinking of every possible time in every possible day and then trying to calculate a hash based upon a potential of how many thousand keys released and just see what i mean i was more thinking of if i've got to be making those it's not the same as going right okay over this period of time did i see number six number two and number three it's actually did i see number six hashed with the time yeah so there is there is an additional amount of work because you've got to take that temporary exposure key and combine it with all the different possible times that that key was because each key comes with a sort of approximate day but it was active and so you've got maybe 144 different encryptions you're going to have to perform obviously you're only receiving new exposure keys from the cloud so maybe 10 people have used the app that day and so you've only got 10 of these to do but then maybe a million people have usually haven't been diagnosed that day it's not been a good one and now you've got a lot more encryption you've got to do but again you've also got extra data though so you can sort of you know the phone knows where it's been location-wise so it can start to give say this one never left liverpool or this one never left balamori or somewhere the google and apple model what they're doing is they're releasing an api which will allow you to do these things this bluetooth message passing and this key generation uh on the device but they're not providing an app that will do contact tracing or any kind of public service you know public health announcements or anything like that what they're assuming is that countries or you know the nhs or some other hospital will implement a system like this and use this api um so actually there isn't very much information held in these messages all you get is you know someone has been diagnosed or reportedly been diagnosed with this virus and you were in contact with them for this window of time because of this bluetooth signal what do you do right that that's a very good question i get a message on my phone that says someone has been exposed to some virus and you've had a brief amount of contact with them but you don't know who it is or where this was it's impossible to know whether i should be self-quarantining or not right i mean maybe it's gone through a wall and it was just you know a neighbor or something like that and i've not actually had any physical contact with them without more information it's nice and private in some sense you know it's difficult to trace where everyone's been going and with whom but it's difficult to get a big picture of what's going on with the spread of a pandemic or something like this which is why some countries are looking for slightly more information like gps locations and actual names and addresses and you know contact with gps and things like this to build a much bigger picture of what's going on and that's where i think people start to decide you know how much privacy should we be giving away even temporarily for something like this but yes so some governments have said basically if we're going to do proper contact tracing we want more information than this right we would like gps we'd like who your family members are you know where i mean this is the same kind of contact tracing they would do anyway right if i got a disease that needed to be traced they would ask me personally who i'd been in contact with i'd tell them and they'd phone them up and ask them as well right so in some sense what they're building into their the additional information they're building into these applications isn't anything we're not kind of already doing but this is all automated and we're kind of working on the assumption that this goes away at the end of his pandemic um and you know i i don't know i'm kind of undecided but i think that some people are not not so sure about this one way to look at this is there's two ways of doing it what apple and what will traditionally be do if you want to do exposure tracing is you know someone's infected you then go and ask them who have you been in contact with and they got asked who they've been in coming so you collect that data when you know you need it the alternative approach is you collect all the data so that if you need it you can find what you want easily and it's that difference between approach if you've got all the data you can probably get better quality out of it but do you need that data what are the privacy gdpr implications about that that you need to take into account will that then put people off using it so some people will be more happy to use one which is relatively low kept to their own device there's some risk to it but other people will say no i wouldn't use that at all whereas one where the government's effectively collecting data everywhere you've been may put more people off at which point as you say you've then got actual less data because people say well i'm not putting that on my phone and if enough people do that you may end up with a system that should be better but will actually perform worse because it's actually collecting less data there's more people walking around getting infected and passing the infection on that you have no knowledge about so that's the problem i mean the sys either system is open for abuse i mean we've seen people pranking apple maps and google maps is transport data by strapping phones to dogs and so we could have sort of robot dogs running around the sort of um country broadcasting that they are a person with a key and then people say afterwards they'll go and mark them as infected so there needs to be some sort of controls because you could you could imagine causing chaos you could sort of send a little um drone around flying over the heads of large parks broadcasting infection messages and then if you'd also need to be able to verify this before that gets in steve there are enough conspiracy theories doing the rounds already let's not add yeah you don't need to use 5g for this most perfectly well steve makes a valid point which is that um any system implementing this kind of contact tracing has got to be very well programmed because i mean you know hypothetically i secrete my phone somewhere near the checkout of a of a supermarket i get contact with dozens hundreds of people throughout the day and then i report that i've got some virus right and then suddenly they're all getting these things now obviously i've got no real reason to do that but we can't assume that everyone's going to use the system exactly how we intended it to be used right so you're going to have to build in some kind of probably some kind of actual medical check right which has got to be tied into a health service of some kind and you know this all adds delays it does get quite complicated quite quickly the the thing is about this is it it really requires pretty much hundred percent um involvement people have to buy into this you have to get everybody who's a smartphone to to buy into this or it's not going to work probably what if only 20 of people had it steve well yeah i mean this is the thing is i mean the first thing to remember mine is even if you've got 100 it may not work because you're still relying on people to self-isolate when they're told to and things and so on but obviously as less people are using it you're going to catch less interactions between people as they move around if 10 of your population aren't using it because they don't have a smartphone or they don't like the privacy implications of what now in some ways that possibly wouldn't be too bad because he probably catched a second order effect of that the okay dave's a refuse nick he doesn't take his smartphone out when he goes shopping he gets infected he passes it on to mike who he bumps into in the sort of tesco around the corner um mike does use it though he then gets ill and everyone might have been in contact with gets notified and say you've lost one level but but of course if you then take out if mike then becomes a refuse nick because he doesn't like the uh security implications of what the particular apps are being used you've now got three levels before you get things and so you can start to see that actually as more people don't use it you get more problems with coming on so the more people using it the better it's going to be work so you want a system that gets as many people to use it here and i suspect if you were to model these things i'm not an epidemiologist it's not my sort of field you'd find that actually having less information but more people using it there's going to be a balance to be found between do you have more people using it with more information but at some point one is going to be better than the other and it's trying to model what that is going to be i think it's going to be an interesting question for people who are developing these apps the societies they're running in and what they offer yeah i mean i i don't think anyone knows right at the moment i think the benefit of the google and apple approach is that it's quite low power and it just sort of sits on the operating system and eventually will be app free so you won't need to you won't need to necessarily have an app installed for this api to exist and that means that the uptake per device will be quite high for the compatible devices and for the people that have you know sufficiently powerful smartphones um for the slightly more involved apps there's big questions over if they start using too much battery because they're polling gps or too much bluetooth or something like this or constantly reporting to the cloud if you take a 20 battery hit per day it's not going to be long before you give up and uninstall and that drives down the not much you know the amount of use which is exactly what we don't want right so you know there are questions over could you mandate something you know make this sort of mandatory it's going to be difficult right people are not going to like that um you know i suppose it's theoretically possible i mean i think i read somewhere and bear in mind i can't remember what the source was but it was something about 80 need to be have this app installed or being used for it to be really effective um you know there'll be some measure of effectiveness below this but if that's the case it's got to be very fluid very easy to use and there's got to be a real sort of push for everyone to kind of you do it as a public service right and you know whether or not that happens you know i'm not sure yet yeah i think there's an advantage in sort of in getting people to buy in if you've got the big tech companies which are long in particular certain cases had a strong privacy um application going on saying this is working we want you to use it you're going to get more buy-in there than if you come up with something random and you've got a lot of people that don't trust your government for example um depending on what country you're in and things so it's a sort of an interesting sort of management of what's going on there i mean yeah it's interesting well thank thanks both for getting involved in this um you know great to keep computer file going while we're remote and um hopefully my phone won't be pinging yours anytime soon see you later all right one of the big downsides of kerb loss is that this is a bottleneck and it's also a single big point of failure we're all trusting that these keys are coming from this one place if that place gets gets compromised so it'll send packet one over to the machine that'll take some time to get there but eventually it'll get there and then it will send\n"