Currently there is a lot of discussion about using an app on your mobile phone, which uses Bluetooth to track who you have been in the vicinity of. When later it is found that you are infected with Covid-19 the data in the app can be used to warn those people that you have had contact with. In the Dutch press Corona App might fail in the FD, of Be critical of a Corona App on NU.nl. Internationally this is also being discussed.
Using bluetooth would be less privacy-invasive then a system whereby GPS data is tracked, collected and stored. At EasyLogic we have quite a lot of experience with track- and trace systems based on bluetooth or other radio technologies. We know how they behave in reality very well. In theory bluetooth looks like a good solution, in practice this is much more difficult than you might think.
Sometimes bluetooth signals can cross walls very easily. Yet sometimes the presence of a human body is sufficient to completely shield a bluetooth signal. Reflections of radio signals from metal objects (cars, fridges) can create the impression that a bluetooth device is in the immediate vicinity, without this being so in reality.
To determine the distance between a bluetooth transmitter and a receiver signal strength (RSSI) is used. We know from experience that this is an imprecise and noisy indicator. With dynamic filtering something can be said about the location of two devices, but that is also not extremely accurate. And a fast moving person, like a cyclist will be around too briefly to be reliably detected at all.
And finally, Apple and Google have built a technique in their telephones with which the MAC address, the unique identifier of the bluetooth device, get spoofed. This was built in precisely to prevent the tracking of telephones. Only when devices pair, like with a headphone, is a permanent identifier exchanged allowing easy coupling in future. And pairing is exactly what you do not want to do with a stranger’s phone.
And without that link or the exchange of other identifying data (such as an e-mail address, a phone-number or an IMEI) the app will never be able to warn the other phones it has seen if you suddenly become ill. That would require a central register with MAC addresses. And then your privacy is just as much at risk as with a GPS tracking system.
So next to all sorts of social engineering issues (what if I’m ill and deliberately stand outside the door of my biggest competitor, what if my nextdoor neighbour is ill, but my app thinks he is next to me) there are issues to do with the use of radio waves:
- radio signals are not precise enough to really determine who was in the vicinity;
- contacts will be missed, but also false contacts will be detected;
- bluetooth is not good enough to detect fast moving passers by;
- with the MAC spoofing, and even using a fixed MAC address a central register is always needed for the app to work, affecting privacy.
Google and Apple announce a solution which can be used by app-developers but the shortcomings of this solution are acknowledged in the article.