Author Topic: Bluetooth Low Energy is unsuitable for COVID-19 contact tracing, say inventors  (Read 9140 times)

0 Members and 1 Guest are viewing this topic.

Offline Syntax Error

  • Frequent Contributor
  • **
  • Posts: 584
  • Country: gb
Notification: Your phone was recently close to someone who has tested positive for Covid 19. You must self isolate immediately.

Response: Like what ever, wasn't ME holding the phone anyway.
 
The following users thanked this post: Someone, splin

Offline Someone

  • Super Contributor
  • ***
  • Posts: 5154
  • Country: au
    • send complaints here
But when people are outside, there is virtually no chance of infection, and as I was trying to explain, when people are indoors the locations reported and saved to logs are invariably wrong. They are not accurate indoors. Most dangerous encounters are not in RF transparent buildings. They are in big buildings (work) or underground, neither of which is a good environment for location capture. Dont believe me? Look into "SLAM" on github.
Unreliable measures of proximity are still vastly superior compared to trying to get an individual to recall when/where they were. Perfection being the enemy of good... any system needn't be perfect, but simply a substantial improvement over whats already existing.

Notification: Your phone was recently close to someone who has tested positive for Covid 19. You must self isolate immediately.

Response: Like what ever, wasn't ME holding the phone anyway.
Thats just the balance/arguments over who should take responsibility, individuals or a state actor. Every society/country will take a different position on that, and individuals may feel unhappy with the balances chosen.
 

Offline cdevTopic starter

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
Security theater that is totally inaccurate is worse than nothing. What they need is contact tracing. Do you have a GPS tracker? Do this, turn it on, take a walk in a major city, going inside some buildings and going down into the subway. Then dump the trace and convert it into a KML trace. Since you cant upload KML here, maybe zip the file. Upload that. just do that. That will prove my point.
"What the large print giveth, the small print taketh away."
 

Offline Buriedcode

  • Super Contributor
  • ***
  • Posts: 1718
  • Country: gb
Security theater that is totally inaccurate is worse than nothing. What they need is contact tracing. Do you have a GPS tracker? Do this, turn it on, take a walk in a major city, going inside some buildings and going down into the subway. Then dump the trace and convert it into a KML trace. Since you cant upload KML here, maybe zip the file. Upload that. just do that. That will prove my point.

... And you.. expect the majority of citizens in an entire country to do this?
 

Offline Someone

  • Super Contributor
  • ***
  • Posts: 5154
  • Country: au
    • send complaints here
Security theater that is totally inaccurate is worse than nothing. What they need is contact tracing. Do you have a GPS tracker? Do this, turn it on, take a walk in a major city, going inside some buildings and going down into the subway. Then dump the trace and convert it into a KML trace. Since you cant upload KML here, maybe zip the file. Upload that. just do that. That will prove my point.

... And you.. expect the majority of citizens in an entire country to do this?
The fair comparison would be to ask the same people, before they've looked at the data, to draw the same information on a map and timestamp it. Because thats what happens at the moment.

Do people give this information when asked for it? Most of them do.
Should people be required to give this information when asked for it? Sounds political...
Should people be forced to continually provide this information? Now you're certainly getting political
 

Online Marco

  • Super Contributor
  • ***
  • Posts: 7043
  • Country: nl
Security theater that is totally inaccurate is worse than nothing.

That depends, there is a good chance that the security theatre is just saving face. I personally believe a lot of Europe is at the tail end of the pandemic ... regardless of lockdown. If security theatre lets governments end the lockdown without admitting they screwed up implementing it, well it's better than staying pot committed to lockdowns.

A bit of experimentation with the tech to see what works can still be useful for when we encounter a properly dangerous pandemic too.

I'm not sure even a bag attenuates ultrasound beyond what signal processing can rescue from noise in reasonable time.
« Last Edit: May 14, 2020, 11:01:13 am by Marco »
 

Offline cdevTopic starter

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
We are dealing with viruses the wrong way for the 21st century.

Somebody brought up a concept yesterday, "Original Antigenic Sin" 

Read up on the importance of making sure the first vaccine for a disease family that somebody gets is the right one.

The stakes are very high because a wrong vaccine will make people much more vulnerable to a serious disease later Some vaccines convey broad immunity, some convey narrow immunity that prevents immunity to other strains of a pathogen.

-----------------


"We live in a sea of viruses, some of which are human pathogens. These pathogenic viruses exhibit numerous differ-
ences: DNA or RNA genomes, enveloped or naked virions, nuclear or cytoplasmic replication, diverse disease symptoms, etc.
Most antiviral drugs target specific viral proteins. Consequently, they often work for only one virus, and their efficacy can be
compromised by the rapid evolution of resistant variants. There is a need for the identification of host proteins with broad-
spectrum antiviral functions, which provide effective targets for therapeutic treatments that limit the evolution of viral resis-
tance. Here, we report that sirtuins present such an opportunity for the development of broad-spectrum antiviral treatments,
since our findings highlight these enzymes as ancient defense factors that protect against a variety of viral pathogens."


(Source: Koyuncu E, Budayeva HG, Miteva YV, Ricci DP, Silhavy TJ, Shenk T, Cristea IM. 2014. Sirtuins are evolutionarily conserved viral restriction factors. https://mbio.asm.org/content/mbio/5/6/e02249-14.full.pdf )
"What the large print giveth, the small print taketh away."
 

Offline julianhigginson

  • Frequent Contributor
  • **
  • Posts: 783
  • Country: au
I think that going on and on about the RSSI strength detection thing and thinking it has to be perfect or it's useless is missing the point.

The contact tracing app is not meant to be 100% perfect.

if it can work even a bit, it can speed up transmission tracing.
which will catch some transmissions before the transmitted to person gets sick enough to be tested and get diagnosed (by which time they have passed it on themselves). so will bring down the reproduction number.

we see in the studies on clusters so far that exposure risk relates to the amount of viruses being expelled form the source vs time near the source. You can do worse in a room far away from someone who is just breathing if you are there for hours, than if you are right next to someone who is singing or shouting or exercising for a few minutes.

having the app log some kind of proxy for distance *and* time spent nearby would be useful, I suspect. Even if not perfectly accurate. seems that it only logs contact that has lasted around 15 minutes? seems a shame it can't measure times with a bit more accuracy. or at least multiples of 15 minutes.

 
The following users thanked this post: Someone, SilverSolder, Kleinstein

Online nali

  • Frequent Contributor
  • **
  • Posts: 732
  • Country: gb
 

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 17427
  • Country: us
  • DavidH
This is a pretty interesting blog post on the UK app:
https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contact-tracing-app

The direct or of the National Cyber Security Centre (Ian Levy) is explaining how they are going to protect your privacy and security using a closed source application?  That is a laugh.
 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15794
  • Country: fr
This is a pretty interesting blog post on the UK app:
https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contact-tracing-app

The direct or of the National Cyber Security Centre (Ian Levy) is explaining how they are going to protect your privacy and security using a closed source application?  That is a laugh.

Indeed. ;D
 

Offline cdevTopic starter

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
But you won't get indoor traces that are of any use, unless the person is in a flimsy 1 or 2 story wooden building and the antenna is pointing up and a whole bunch of other ifs.

let me point you to the subject area.. "SLAM" - Simultaneous location and mapping..
 Indoors is where people get infected, I suspect. 99% of the time.

Indoor mapping is a big technical field now because many people do want to build devices that can navigate indoor spaces and know where they are. Now I am by no means an expert but I do try to keep up on this and over the years Ive fooled around with it quite a bit, especially with GPS RTK.

There is a very very large difference between indoors and outdoors. As it stands right now all indoor mapping technology is basically crap. Outdoors is a different story but still very bad in "urban canyons" i.e. cities unless one goes to lengths to optimize performance in ways that are not feasible in a cell phone setting.

Also, constantly transmitting and receiving beacons is likely to drain battery life quite a bit. (GPS now can be done with very little battery) Presumably each device will contain a log of all the other BT IDs it receives and when. If somebody is in the range of another BT ID for an extended period of time, that might be valuable if the people were outdoors and it could be verified that they were proximate to one another. But then the risk of transmission is much reduced because they are outdoors. So pretty unlikely to be useful, except as a non-covid-19 surveillance tool.

 Indoors you'll notice that in cities, when people go indoors there usually is no GPS fix. Logged BT IDS will not be telling you where they are because there is no 3D fix. Unless they are right next to a window and then the lack of enough satellites will make the fix jump wildly around because  the GPS signal is boucing off buildings. It gets worse the further they are from windows.  newer GPS systems that are coming online use multiple bands and are substantially more accurate, outdoors, in urban canyons, but not inside buildings. And all GPS antennas like to be pointed up. Otherwise accuracy goes all to hell.

Read the literature. If you can find one paper that shows a technology that works with existing devices and which allows consistent indoor localization to the kinds of accuracies that can be reasonably used for contact tracing, I will be very surprised. In particular, the antennas in cell phones are not up to the task. Most of these experiments are done with robots (sometimes in this setting they are called "rovers") Look at the literature, the state of the art now has to use multiple inputs - particularly optical- video inputs and photogrammetry to get a reliable idea of location, based on the last good GPS fix, typically before they entered the building. They also use compasses and IMU. Thats called "dead reckoning"

Triangulation with cell phone sites is also nowhere near accurate enough indoors. What about wifi access ponts logged by Google, etc?  Again, not accurate enough to help much with this fine level of detail. What about visual tracking? That has a lot of romise, especially when using multiple cameras and especially D-RGB (RGB with depth sensors, similar to the MS Kinect devices)

I think that going on and on about the RSSI strength detection thing and thinking it has to be perfect or it's useless is missing the point.

The contact tracing app is not meant to be 100% perfect.

if it can work even a bit, it can speed up transmission tracing.
which will catch some transmissions before the transmitted to person gets sick enough to be tested and get diagnosed (by which time they have passed it on themselves). so will bring down the reproduction number.

we see in the studies on clusters so far that exposure risk relates to the amount of viruses being expelled form the source vs time near the source. You can do worse in a room far away from someone who is just breathing if you are there for hours, than if you are right next to someone who is singing or shouting or exercising for a few minutes.

having the app log some kind of proxy for distance *and* time spent nearby would be useful, I suspect. Even if not perfectly accurate. seems that it only logs contact that has lasted around 15 minutes? seems a shame it can't measure times with a bit more accuracy. or at least multiples of 15 minutes.

You have to understand, once somebody drops off the GPS and goes underground they could literally be anywhere.  If they fill the metro stations etc. with BT beacons, thats still not going to get it to the level of accuracy it needs to be.
« Last Edit: May 14, 2020, 04:21:08 pm by cdev »
"What the large print giveth, the small print taketh away."
 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15794
  • Country: fr
Security theater that is totally inaccurate is worse than nothing.

I do agree with that. If it's inaccurate enough that you can't actually deterrmine for sure that people have been in "contact" (thus in close proximity enough that it could matter as far as virus propagation is concerned), then it's basically useless, and worse than useless: if you still rely on it to take any kind of action or issue any kind of analysis, that's wasted time and money that could be better invested in something else.

 

Offline cdevTopic starter

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
If it becomes wrong and or arbitrary, that is a way to guarantee it does not work for its intended purpose. because people will not cooperate if they feel that the system is not taking great pain to be accurate and fair.

 (Do we want a world like Terry Gilliam's "Brazil"?)

Security theater that is totally inaccurate is worse than nothing.

I do agree with that. If it's inaccurate enough that you can't actually deterrmine for sure that people have been in "contact" (thus in close proximity enough that it could matter as far as virus propagation is concerned), then it's basically useless, and worse than useless: if you still rely on it to take any kind of action or issue any kind of analysis, that's wasted time and money that could be better invested in something else.

Creating lots of jobs may be one of its main goals.

Look at Prohibition in the US during the Depression.
« Last Edit: May 14, 2020, 04:36:53 pm by cdev »
"What the large print giveth, the small print taketh away."
 

Offline cdevTopic starter

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
I'm just saying, that the data recorded when somebody is indoors or in subways, (or tunnels) is likely to be useless, or close to it.

Trains, above ground? May be better but stil most trains now have metal cars with tinted windows. Tinted windows oftentimes eat up a lot of GPS signal, but trains without tinted windows, they may be able to get a fix from time to time.

Enclosed places, more so than outdoors, are where people get infected.

Security theater that is totally inaccurate is worse than nothing. What they need is contact tracing. Do you have a GPS tracker? Do this, turn it on, take a walk in a major city, going inside some buildings and going down into the subway. Then dump the trace and convert it into a KML trace. Since you cant upload KML here, maybe zip the file. Upload that. just do that. That will prove my point.

... And you.. expect the majority of citizens in an entire country to do this?

Arent they supposed to install an app that uploads all sorts of data that in essence, does that?  My point is that in any modern city, GPS traces recorded by a GPS tracker are going to be very very inaccurate. When they are indoors or underground, most of the time  there wont be any location data, with the occasional sudden apperance of a blit here a dot there, this results in wildly jagged traces all over the place (caused by multipath, which is the main problem with cheap GPS antennas, or antennas not pointed up. A qudrifilar helix is the best kind of antenna for this kind of situation. Its significantly better in rejecting multipath and funtioning when not oriented straight up..) .
« Last Edit: May 14, 2020, 04:50:12 pm by cdev »
"What the large print giveth, the small print taketh away."
 

Offline SparkyFX

  • Frequent Contributor
  • **
  • Posts: 676
  • Country: de
I think that going on and on about the RSSI strength detection thing and thinking it has to be perfect or it's useless is missing the point.

The contact tracing app is not meant to be 100% perfect.

if it can work even a bit, it can speed up transmission tracing.
which will catch some transmissions before the transmitted to person gets sick enough to be tested and get diagnosed (by which time they have passed it on themselves). so will bring down the reproduction number.
No solution can be perfect, that is not the question. The question is more or less if the advantages outweigh the current method of isolating cohorts based on location/occupation or if this additional intermediate step introduces a false sense of security for users and delays things, given the disadvantages it has. The contact tracing is done at the very beginning to isolate an outbreak, but once this stage is over whole groups of people need to isolate themselves (lockdown). Surely people want to go back to normal after the first wave passed and then it might be back to the stage of contact tracing.

Besides the problems with RF based distance measurement, there still is a whole set of other practical problems, e.g. leaving the phone somewhere (charger) while taking a break, people without a smartphone, empty battery, airplane mode.. which makes it pointless to trust such a solution entirely and that means fallback to isolate cohorts anyway. That means to also isolate people that were never infected (which you only know after a quarantine), but you are on the safe side of things and it means same rules apply for everyone. I consider there would be quite some unrest when there is contradicting information provided by an incomplete source.

« Last Edit: May 14, 2020, 11:23:00 pm by SparkyFX »
Support your local planet.
 

Offline cdevTopic starter

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
Good luck, stay safe!  :palm:
"What the large print giveth, the small print taketh away."
 

Offline Buriedcode

  • Super Contributor
  • ***
  • Posts: 1718
  • Country: gb
This is a pretty interesting blog post on the UK app:
https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contact-tracing-app

The direct or of the National Cyber Security Centre (Ian Levy) is explaining how they are going to protect your privacy and security using a closed source application?  That is a laugh.

I thought it was open source? https://github.com/nhsx/COVID-19-app-iOS-BETA
 

Offline Someone

  • Super Contributor
  • ***
  • Posts: 5154
  • Country: au
    • send complaints here
This is a pretty interesting blog post on the UK app:
https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contact-tracing-app

The direct or of the National Cyber Security Centre (Ian Levy) is explaining how they are going to protect your privacy and security using a closed source application?  That is a laugh.

I thought it was open source? https://github.com/nhsx/COVID-19-app-iOS-BETA
Even if the users app is open source (and able to be built from source to verify thats whats actually installed etc), it is only a small part of the system.

Since people don't seem to read the links here:
Quote
When you download and run the app, your phone is assigned a big random number (a 128 bit GUID) to act as your fixed but anonymous identity (we’ll call it the installation ID from now on). Only your device and the NHS server ever know that. The app asks the user the first part of their postcode (LS1 or SW1A, for example, for NHS resource planning, mainly) and it records the model of your phone (for example ‘Apple iPhone 10,2’). Your phone and the system also end up agreeing a few cryptographic keys, including a key used to authenticate your installation, and some system parameters. Nothing identifying and no personal data are taken from the device or the user.

Every day, your device generates a random elliptic curve key pair and encrypts your installation ID (and some other administrative stuff like time periods) with it in a way that only the NHS server can recover, giving you a daily, random-looking, encrypted 'blob'.
Central state actor holding the keys and the information. The app is a part of the whole system, and while the user app might be good on privacy for the particular things it does (lets make a generous assumption here) the rest of the system can be full of holes. So the government stands up and makes lots of noise about how secure and private the user app is, entirely honestly, distracting people from how the system actually works and the privacy issues it has.
 

Offline cdevTopic starter

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
Issue: Individuals are tracked by Google Analytics. #11

https://github.com/nhsx/COVID-19-app-iOS-BETA/issues/11

Describe the bug

Individuals are tracked by Google Analytics.

When accessing the Privacy Policy tracking code is passed from the application to the covid19.nhs.uk website which is processed by Google Analytics. Data captured could be used to re-identify an individual.

COVID-19-app-iOS-BETA/Sonar/Appearance/LogoStrapline.swift

Lines 45 to 48 in 370a518

 @IBAction func infoTapped(_ sender: UIButton) {
     let url = URL(string: "https://covid19.nhs.uk/?utm_source=nhscovid19ios&utm_medium=mobileapp&utm_campaign=nhscovid19app&utm_content=statuspage")!
     UIApplication.shared.open(url)
 }
Expected behaviour

Individuals are NOT tracked by Google Analytics
"What the large print giveth, the small print taketh away."
 

Offline vk6zgo

  • Super Contributor
  • ***
  • Posts: 7852
  • Country: au
My first thought when this App was mooted was that very low transmitted power levels can result in high received signal levels in a "direct line of sight" situation, so if the detection relied upon signal strength, there would be a lot of false positives.

I then rejected that, saying to myself that I don't know enough about Blue tooth, & on second thoughts, maybe the two devices exchanged "handshakes", measured the time  this took, & knowing the speed of light, calculated the distance between them.

The problem with that is possibly latency in both devices is different, so adding another layer of possible error.

But as I said, I know damn all about Bluetooth.

I don't have a smartphone, just a dumb one, as I have a desktop PC & an IPad, & didn't  see any sense in adding a "pretend computer" to that lot!






« Last Edit: May 15, 2020, 04:30:10 am by vk6zgo »
 

Offline julianhigginson

  • Frequent Contributor
  • **
  • Posts: 783
  • Country: au
You have to understand, once somebody drops off the GPS and goes underground they could literally be anywhere.  If they fill the metro stations etc. with BT beacons, thats still not going to get it to the level of accuracy it needs to be.

I understand a fair bit... I worked for a nursecall manufacturer for a couple of years, a few years ago now... we spent a *lot* of time trying to work out how to add location to alarm events while keeping the users' pendants low power, in ways that didn't also leave room for massive invasions of privacy or allow for incorrect locations to be sent.

That was a very hard problem, and AFAIK the work on that project is still ongoing (as a background kind of thing) years after I left.

The thing is, you've stated the problem with infection risk yourself...  looking at the infection cluster data we have so far, a person's infection risk is about a person's proximity to an infected person  indoors for an extended time....  it's not actually about *where* you are, but *who* you are near for long periods of time.

BLE beacon tech on a smartphone can give us that. To some degree.

now hear me out.. Yes it's obvious and I understand that the beacon app going off RSSI can't tell if you're 1m away from someone with a stud wall between you, or 5m away in the same room... that's definitely a shortfall in what the technology offers... BUT you can still identify long term proximity events... what you do with that data - refining it into usable information - becomes a problem for the people doing the actual contact tracing..

In other words the dumb open source BLE app isn't "the contact tracing", it's an important tool in a sustained and serious contact tracing effort.

scenario one:
1) I, an un-diagnosed plague bearing wretch, go to a restaurant.
2) you go to the restaurant next door and get seated at a table right next to me, but on the other side of the wall
3) our phones make beacon friends as we sit down for an hour and eat our respective meals.
4) the next day I feel bad.
5) the day after i feel worse, and get tested
6) test comes back positive.
7) I give my app's recorded beacon buddies to the contact tracer people, and give them a list as best as possible of everywhere I spend extended periods of time over the last few days before I got sick (thanks, google location history!)
8) they find you in my list and contact you.
9) they confirm where you were on the day our beacon friendship blossomed.
10) they discover you weren't in the same space as me, and realise that you're probably not at risk.

Scenario 2 - the diff edition:
2) on this day cruel fate made you pick the same restaurant as me (I mean we're beacon buddies right, it's natural we would have the same tastes in pizza) and sit across the room, all socially distanced like we're not really beacon buddies. but we know different.
10) they discover we were in the same room for an hour. so you get tested. AT the point where it's highly unlikely you would be contagious or sick. so you need a test too.
11) you come back positive (I'm really sorry, buddy.... I.... I didn't know... I had no idea....)
12) you've just been given the chance to save everyone you spend time with from a big chance of being infected. Also you've got the chance of commencing any available treatment right at the onset of infection rather than once you're very sick. 

TL;DR is:
beacon app bad
people using beacon app intelligently good.
 

Offline SparkyFX

  • Frequent Contributor
  • **
  • Posts: 676
  • Country: de
the rest of the system can be full of holes. So the government stands up and makes lots of noise about how secure and private the user app is, entirely honestly, distracting people from how the system actually works and the privacy issues it has.
It is the same (type of) government that funds Solar Roadways-like applications... okay?

Coming of age usually includes to find out how clueless many many people are (inside or especially outside their field of expertise), and that is the step conspiracy theorists never got over.
« Last Edit: May 15, 2020, 09:50:29 am by SparkyFX »
Support your local planet.
 
The following users thanked this post: Someone

Offline tszaboo

  • Super Contributor
  • ***
  • Posts: 8217
  • Country: nl
  • Current job: ATEX product design
I think that going on and on about the RSSI strength detection thing and thinking it has to be perfect or it's useless is missing the point.
Yeah, but this is a virus. It doesnt work like radioactivity or as a aura around people. That 1.5m rule they say everywhere is better than nothing but it is not even close to modeling all the transmission methods. You can spend probably hours within 1.5m from someone, and turn up fine, if you are facing the opposite way. On the other hand if someone sneezes at you from 10m, you might get what they have. Or you touch a door knob, that someone infected touched a day ago.
Or they grab a bottle of milk, that you buy, put in the fridge, the virus goes to sleep mode, and reactivate itself two weeks later.
So I guess bluetooth should track these as well.

There is a way for mobile phones to help in this situation. Build in an infrared temperature meter, to quickly measure forehead temperature.
 

Offline cdevTopic starter

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
I am going to go out on a limb here and say that the worst, by far situation for a city dweller is public transportation. Everywhere else I am in the city, I have some modicum of controi, I can choose to walk way on the dege of the sidewalk or even step off the curve and walk in the street (against the traffic so I can see it coming) But the one place where people cant prevent being right next to people is in the subway or to a lesser extent on busses.

The only technology that works for telling where people actually are in that setting is high resolution CCTV.

I think this Bluetooth effort is destined to be unsuccessful for the reasons they said.

By the way, people should be aware how often various surveillance devices are being used now in public places. If you are wondering, its easy to show how often transponder type devices like "EZ-Pass" are queried. These devices arent just where tolls are collected, they are everywhere.  License plate readers and most likely devices that log Bluetooth Mac addresses too.


« Last Edit: May 15, 2020, 09:19:58 pm by cdev »
"What the large print giveth, the small print taketh away."
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf