Current research suggests that my initial hunch was correct: Measuring distances between phones via Bluetooth signals doesn’t work well. If at all.
On this week’s episode of The Private Citizen, we return to discussing contact tracing apps. We now actually have some research about Bluetooth distance measuring. And it isn’t very encouraging.
Do Contact Tracing Apps Work?
Trinity college researchers Professor Dough Leith and Dr. Stephen Farrell have done quite a lot of research into digital contact tracing via Bluetooth LE. Their findings so far seem to suggest that the apps aren’t working.
They tested this in a bus:
We report on the results of a measurement study carried out on a commuter bus in Dublin, Ireland using the Google/Apple Exposure Notification (GAEN) API. Measurements were collected between 60 pairs of handset locations and are publicly available. We find that the attenuation level reported by the GAEN API need not increase with distance between handsets, consistent with there being a complex radio environment inside a bus caused by the metal-rich environment. Changing the people holding a pair of handsets, with the location of the handsets otherwise remaining unchanged, can cause variations of ±10dB in the attenuation level reported by the GAEN API.
Applying the rule used by the Swiss Covid-19 contact tracing app to trigger an exposure notification to our bus measurements we find that no exposure notifications would have been triggered despite the fact that all pairs of handsets were within 2m of one another for at least 15 minutes. Applying an alternative threshold-based exposure notification rule can somewhat improve performance to a detection rate of 5% when an exposure duration threshold of 15 minutes is used, increasing to 8% when the exposure duration threshold is reduced to 10 minutes. Stratifying the data by distance between pairs of handsets indicates that there is only a weak dependence of detection rate on distance.
…and also in a tram:
We report on the results of a Covid-19 contact tracing measurement study carried out on a commuter tram in Dublin, Ireland. Our measurements indicate that in the tram there is little correlation between received signal strength of distance between handsets. We applied the detection rules used by the Italian, Swiss and German apps to our measurement data and also characterised the impact on performance of changes in the parameters used in these detection rules. We find that the Swiss and German detection rules trigger no exposure notifications on our data, while the Italian detection rule generates a true positive rate of 50% and a false positive rate of 50%. Our analysis indicates that the performance of such detection rules is similar to that of triggering notifications by randomly selecting from the participants in our experiments, regardless of proximity.
One of the reasons for this is that it is very impactful how the two phones are held (we know how important this is from Steve Jobs):
We report on pairwise measurements of the GAEN implementation, and on how handset orientation can affect attenuation. We show that these measurements may imply a significant number of false negatives even in an almost-ideal situation, and where real control over the level of false negative is under the control of the GAEN implementer and not of a Public Health Authority.
The whole thing seem to be extremely shaky.
We report on measurements of the Bluetooth LE received signal strength taken on mobile handsets in a variety of common, real-world settings. In summary, we find that the Bluetooth LE received signal strength can vary substantially depending on the relative orientation of handsets, on absorption by the human body, reflection/absorption of radio signals in buildings and trains. Indeed we observe that the received signal strength need not decrease with increasing distance.
This suggests that the development of accurate methods for proximity detection based on Bluetooth LE received signal strength is likely to be challenging and time consuming
See also: So berechnet die Corona-Warn-App Ihr Ansteckungsrisiko , Probleme mit Corona-Warn-App auch auf iPhones – Kritik an Regierung , Corona-Warn-App: Hälfte aller Labore kann Daten digital übermitteln
Of course, Google and Apple are saying they are continuously working to improve things. They’ve also open sourced the components of the API (reference verification server, implementation code, telemetry design).
Privacy Problems of the Contact Tracing API
Even though Google specifically says the API “doesn’t use location data from your device” and “our identity is not shared with Google, Apple or other users”, Leith and Farrell have published findings that seem to suggest otherwise.
We find that the health authority client apps are generally well behaved from a privacy point of view, although the privacy of the Irish, the Polish and Latvian apps could be improved. In marked contrast, we find that the Google Play Services component of these apps is extremely troubling from a privacy viewpoint. Google Play Services contacts Google servers roughly every 20 minutes, potentially allowing fine grained location tracking via IP address. In addition, Google Play services also shares the phone IMEI, hardware serial number, SIM serial number, handset phone number and user email address with Google, together with fine-grained data on the apps running on the phone. This data collection is enabled simply by enabling Google Play Services, even when all other Google services and settings are disabled. It therefore appears to be unavoidable for users of GAEN-based contact tracing apps on Android.
This level of intrusiveness seems incompatible with a recommendation for population-wide usage. It also seems incompatible with the following statement from Google: “We understand that the success of this approach depends on people feeling confident that their private information is protected. The Exposure Notifications System was built with your privacy and security central to the design. Your identity is not shared with other users, Google or Apple.”
Why German Police Can Use Contact Tracing Lists to Solve Crimes
In episode 29, I had reported on police in Germany using the COVID-19 restaurant registration data to solve crimes. I have since learned why this is happening and want to share this information with you.
Meanwhile, more and more stalking stories like these are cropping up:
- Has the abuse of “test and trace” started already?
- Woman stalked by sandwich server via her COVID-19 contact tracing info
c.f.: Businesses face privacy minefield over contact-tracing rules, say campaigners
Let’s Get Off the Grid Together!
With Google clearly saying one thing and doing another when it comes to privacy – even when something as critical as their supposed good Samaritan API is concerned – it has once again become very clear that we, the privacy-conscious users, can’t trust these companies. Therefore, I hereby renew the call I had put out to producers of this show in my original OTG episode to help everyone find alternatives to apps that track us and ways to use our smartphones that minimise privacy intrusions.
You now have a week without an episode coming up, so may I suggest you use some of that time and think about the problem. Maybe, you can help out with an idea or two and we can pool all of these to come up with a system, some documentation or a set of guidelines that help all of us. Please, get in contact!
Producer Feedback
Evgeny Kuznetsov wrote a very nice response to episode 34, in which I talked about the definition of socialism:
Thank you, man, I think you did an awesome job of laying it all out. Definitely appreciated in the world where nobody seems to know or care what exactly the terms mean any longer! I think your concept of socialism as an artificial religion is awesome and I’m definitely using it next time I get involved in a social-economical discussion.
It’s actually a very interesting thing, albeit maybe outside the scope of The Private Citizen, and I think you’ve made a very important point. While it’s obvious capitalism is failing (as evidenced by negative interest rates that simply make no sense in capitalism), and it can hardly work in the economy where the cost of developing a product is huge while the cost of making multiple copies of it is relatively low (as in 3D printing) or approaches zero (as in software development), many people (even those who actually read Marx) fail to understand that the very notion of “socialism is what comes after capitalism, the same way as capitalism is what comes after feudalism” is just a wild (albeit educated) guess by Marx and followers, not a scientific fact.
In many ways the Soviet propaganda was based on this very concept: as the technology evolves, capitalism is no longer the optimal system and will have to be replaced by socialism, just like capitalism itself replaced feudalism, so we should practice socialism right away because it’s inevitably coming one way or another (and communism comes next, but that’s still in the future). The obvious fallacy here is that we don’t really know for sure socialism comes next after capitalism, and even if that’s so, we don’t really know for sure what socialism really looks like. You did a great job of outlining just that, so thank you again!
Best of luck with your vacation trip, and looking forward to the new episodes!
Fadi Mansour also mirrored many of these sentiments.
I also had another email from Frank, continuing our discussion from episode 33:
First I would like to say how much I enjoy interacting with you like this. It really does add a lot to the listening experience, the show is so much more fun when we the listeners have a part in it, and I thank you for that.
Please understand my intention wasn’t to imply that your show needs to be completely free. My intent was to point out there is another show that gives to its listeners, just as you’re giving to yours. Garry Collins starts out saying how he doesn’t plan to have any ads, but it looks like at some point in the near future there may be a select few that he approves of. That goes way beyond the free/voluntary model you’re doing. He’s going to capitulate, and have ads (Ugh…). You truly are giving to your listeners, and it is a lot of work. I do recognize that. I think at some point you’re going to be a successful author with a great book and good message, keep going.
At for the, “American Dream”, “American Trap” this doesn’t just apply to America. I’m pretty sure this is happening everywhere. People just want to be in control of their lives, but there are very real economic shackles, and quite a bit of control is given up simply by the choices we collectively make. Here in Texas right now, we have long lines of expensive cars and trucks in food lines getting handouts. Many of these people driving $45,000 vehicles are now without a livelihood, and in a food line. They may have the look of wealth, but because of personal choice, soon may not even have a place to live in very short order. I’m amazed to see how close to the margin most of America is. The majority of people in the, “US” do not have any personal savings, hence no staying power in a time of need. We are experiencing it right now. People are losing their asses and don’t have a pot to piss in. A lot of this can be avoided simply by having a plan, and living within their means.
He goes on to explain how he’s started using an Apple 2e to plot his own finances and used this to take financial control of his life. I’ve edited this email a bit for brevity.
A Private Citizen who is in control of their own life will have a plan. Sadly most of America does not. A big part of personal freedom comes from taking responsibility for ourselves, and moving our own lives forward. Unfortunately many in America think it’s the job of government to do this for them. This is one of the biggest mistakes many of us in the United States are making. Enjoy your motorcycle trip, and I’ll look forward to hearing more from you and continuing this dialog going forward. To me you are a celebrity, and I’m honored to participate with you in this discourse.
While some seem to think I don’t feature dissenting opinions on the show, I beg to differ. I encourage everyone to write in. More viewpoints make for more interesting discussions for everyone. Please feel free to contact me!
Well, the bike is fixed, dad’s doing better and we’ll be off to Norway soon. I’ll be back with more podcast episodes afterwards.
Toss a Coin to Your Podcaster
I am a freelance journalist and writer, volunteering my free time because I love digging into stories and because I love podcasting. If you want to help keep The Private Citizen on the air, consider becoming one of my Patreon supporters.
You can also support the show by sending money to via PayPal, if you prefer.
This is entirely optional. This show operates under the value-for-value model, meaning I want you to give back only what you feel this show is worth to you. If that comes down to nothing, that’s OK with me, pard. But if you help out, it’s more likely that I’ll be able to keep doing this indefinitely.
Thanks and Credits
I like to credit everyone who’s helped with any aspect of this production and thus became a part of the show.
Aside from the people who have provided feedback and research and are credited as such above, I’m thankful to Raúl Cabezalí, who composed and recorded the show’s theme, a song called Acoustic Routes. I am also thankful to Bytemark, who are providing the hosting for this episode’s audio file.
But above all, I’d like to thank the following people, who have supported this episode through Patreon or PayPal and thus keep this show on the air: Niall Donegan, Michael Mullan-Jensen, Jonathan M. Hethey, Georges Walther, Dave, Butterbeans, Mark Holland, Steve Hoos, Shelby Cruver, Kai Siers, Vlad, Jackie Plage, 1i11g, Fadi Mansour, Philip Klostermann, ikn, Jaroslav Lichtblau, Matt Jelliman, Joe Poser, Dirk Dede, David Potter, Dave Umrysh, Mika, Vytautas Sadauskas, RikyM, drivezero, Martin, Jonathan Edwards, Barry Williams, Silviu Vulcan and S.J.