Apple iPhone contact tracing: How it came together

[ad_1]

Singapore’s new contact tracing app, TraceTogether, which is being used as a preventive measure against the Covid-19 coronavirus in the city-state.

Catherine Lai | AFP via Getty Images

One of the most ambitious projects in Apple history launched in less than a month, and was driven by just a handful of employees. 

In mid-March, with Covid-19 spreading to almost every country in the world, a small team at Apple started brainstorming how they could help. They knew that smartphones would be key to the global coronavirus response, particularly as countries started relaxing their shelter-in-place orders. To prepare for that, governments and private companies were building so-called “contact tracing” apps to monitor citizens’ movements and determine whether they might have come into contact with someone infected with the virus.

Within a few weeks, the Apple project — code-named “Bubble” — had dozens of employees working on it with executive-level support from two sponsors: Craig Federighi, a senior vice president of software engineering, and Jeff Williams, the company’s chief operating officer and de-facto head of healthcare. By the end of the month, Google had officially come on board, and about a week later, the companies’ two CEOs Tim Cook and Sundar Pichai met virtually to give their final vote of approval to the project.

That speed of development was highly unusual for Apple, a company obsessed with making its products perfect before releasing them to the world. Project Bubble also required that Apple join forces with its historic rival, Google, to co-develop technology that could be used by health authorities in countries around the world.

The software, which Apple and Google now refer to by the softer-sounding term “exposure notification” instead of “contact tracing,” is due to be released on May 1. In recent weeks, the employees have been working nights and weekends to incorporate external feedback. The companies still have their critics, but the transparency has helped them win over some unlikely supporters, including in countries like Germany where officials were initially reluctant to work with Big Tech. 

CNBC spoke with five people familiar with the project to find out how it happened, from the earliest incarnations to the present day. The insiders declined to be named because they were not authorized by their companies to speak openly about the project.

Two approaches: Bluetooth vs GPS

Edouard Bugnion, a Swiss computer architect

Edouard Bugnion

Traditional contact tracing has been used to slow the spread of pandemics for years. It begins when a public health hears about an infected person and checks in with them to find out where they’ve been, and whom they might have come into contact with. A health official will then track down those people and suggest they get tested or socially isolate themselves.

Personal technology like cellphones can be used to facilitate digital contact tracing. A phone has various technologies that can be used to pinpoint where a user has been, and which other phones have come nearby, without requiring them to remember exactly where they were and who was nearby.

As the coronavirus pandemic took off, authorities turned to digital contact tracing as a possible way to help track and slow the spread of the disease without having to hire a large number of human tracers.

Some early contact tracing apps like Trace Together in Singapore used a phone’s Bluetooth signal, which has a range of about 30 feet, to figure out when two phones were near each other. Strong signals suggest that two people are very close, while weak ones suggest that they’re too far apart for there to be potential exposure (although experts like Ashkan Soltani, the former CTO for the Federal Trade Commission have warned it’s by no means a perfect system).

If a person was identified with coronavirus, they could let Singapore’s Ministry of Health look at the app data and notify other people who had been near them recently.

But there was a big usability problem.

On an iPhone, the app had to be running all the time in the foreground, or it stopped working. That meant that phones needed to remain unlocked — a nightmare scenario if they got stolen — and burned through battery life quickly. Apple App Store reviews for Trace Together included complaints from users that the app was preventing them from receiving notifications while they were out and about.

The alternative was to use GPS, which countries like China and South Korea had already leveraged to track exposure. But apps that tracked location draw immediate concern from privacy advocates. One human rights group went as far as to refer to the location-tracking apps in China as “automated tyranny.”

Involving Apple

On March 21, a Swiss engineering professor Edouard Bugnion reached out to Apple’s developer relations team to voice some of these concerns. Bugnion, the founding CTO of VMWare, recognized then that digital contact tracing apps would need Apple’s help to work well and preserve user privacy. 

He wasn’t the only one. Within a day or two, these issues came to the attention of Apple’s Myoung Cha, who’s responsible for the business side of the company’s growing health team. Cha, a senior strategist for the company’s health care division, reports to the company’s COO, Jeff Williams. 

Cha and a small team at Apple were already exploring methods of using smartphones for contact tracing. The early team included Ron Huang, who runs Apple’s location services group, and Dr. Guy “Bud” Tribble, a veteran Apple software vice president who is referred to internally as the “privacy czar.” Tribble, who is also a medical doctor, is known outside of Apple for speaking out in favor of federal privacy legislation, noting at a Senate hearing that in 2018 that privacy should be a human right. 

Huang agreed to loop in a group of engineers who were willing to volunteer their time to the project. They included some of the company’s in-house cryptography experts, Yannick Sierra and Frederic Jacobs (Jacobs has been credited for helping create the secure messaging app Signal). The team began researching some of the protocols for electronic contact tracing already underway at the Massachusetts Institute of Techology and EPFL, a similarly well-regarded research university in Switzerland.

Their idea would be to use Bluetooth to track phones’ proximity without detailed location data, like the Singapore app — but in a way that wouldn’t require apps to be running all the time.

The Apple employees also favored decentralized approaches. The idea was that a phone belonging to a user who had tested positive would send anonymous alerts directly to other phones that it had been nearby, instead of uploading all this information to a government or other central authority. This would prevent governments from building a database with detailed location or proximity information.

The Apple team also believed any system would need to be “opt-in,” where the individual gives consent to share information with other phones.

Cha shared this thinking on a call with Bugnion on April 6. “It was very clear to me from day one that Apple wanted to ensure the highest level of privacy,” Bugnion recalled.

The team knew they needed to execute quickly. By then, public health officials in many countries were taking contact tracing seriously as a way to help end lockdowns quickly and safely.

A group of researchers from Oxford University had already seen promising results in an early study: “Our models show we can stop the epidemic if approximately 60% of the population use the app, and even with lower numbers of app users, we still estimate a reduction in the number of coronavirus cases and deaths,” noted Christophe Fraser, senior author of the latest report from Oxford University’s Nuffield Department of Medicine.

Bringing in Google

Dave Burke, vice president of engineering at Google, speaks about the new Google Nexus 6P during an event on Tuesday, Sept. 29, 2015, in San Francisco.

Tony Avelar | AP

Employees at Google were thinking through similar ideas.

The key employees taking the lead on the Google side included Yul Kwon, a senior director for the company and a former deputy chief privacy officer at Facebook (incidentally, Kwon is well known outside of Google as the winner of the 2006 show “Survivor: Cook Islands.”) Senior product manager Ronald Ho, who works on Bluetooth and connectivity efforts, was also heavily involved from the outset. Google had its own codename for the project, separate from Apple’s: “Apollo.”

Eventually, the team presented their ideas to Google’s vice president of Android, Dave Burke, who talked it through Apple’s Cha.

It wasn’t a foregone conclusion that the two companies, which have a long history of bitter competition in smartphones, would cooperate. Apple co-founder Steve Jobs was convinced that Android had been built to mimic Apple’s iOS, and the two companies had a bitter legal fight before settling their differences in 2014. Although they coexist more peacefully now, they’re still tough rivals, with the two dominant smartphone platforms in the world.

But in this case, they knew they had to come together. A system for exposure notification needed to be interoperable, otherwise there would be huge gaps in coverage.

The two companies couldn’t formally announce plans to work together until they got a green-light from their CEOs. So Apple CEO Tim Cook and Alphabet CEO Sundar Pichai hashed it out on a virtual meeting several days ahead of the official announcement on April 10th.

“Contact tracing can help slow the spread of COVID-19 and can be done without compromising user privacy,” Apple CEO Tim Cook tweeted triumphantly to announce the initiative. 

The privacy stance

The joint solution is not an app. Rather, the companies have published an application programming interface — API — which is a set of specifications that public health organizations can tap into to build their own contact tracing apps.

Here’s how it works. Once Bluetooth is turned on and the user opts in, the phone sends anonymous little chirps that other phones can listen into. Critically, Apple’s API means the app can continue to send these chirps out even if it’s not running in the foreground at the time.   

To ensure user privacy, the companies have lifted ideas from various open-source efforts like MIT’s PACT and Europe’s DP-3T. Google’s Burke has acknowledged that his team was specifically inspired by the work of DP-3T, nothing that he thought it “gives the best privacy preserving aspects of the contacts tracing service.”

One specific example inspired by DP-3T is the idea of using rotating codes, which involves the apps broadcasting a cryptographic key that changes randomly, while they monitor other nearby phones. Once the reports a Covid-19 diagnosis, the app will upload the cryptographic keys that were used to generate the codes from the past few weeks onto a server. Everyone else’s app downloads those keys, and looks for a match with one of the stored codes. If it finds one, the app will notify the users that they might have been exposed.

This allows the app to notify people who may have been exposed, without having to know their identities — or allowing those identities to be stored and tracked by any central authority.

“We are developing an app and system that could be deployed in Europe, and the world,” said Carmela Truncoso, a privacy researcher at EPFL and one of the key developers behind DP-3T. “That’s a lot of people. And we owe it to them to be transparent.”

The companies are increasingly making clear to the outside world is that their API isn’t a form of automated contact tracing that should be relied upon completely. Instead, it’s intended to support humans working at public health departments. Some countries are already on board with that, including Germany, Estonia, Singapore, and Switzerland. Others, like the U.K. and France, are still considering a more centralized approach. In the U.S., states are still largely taking their own approaches.

Going forward, there are still some major question marks about the potential for fraud and abuse. And the companies will need to address how they plan to vet the apps built on top of these APIs to ensure that these developers will not exploit any privacy vulnerabilities. 

But Marcel Salathé, a prominent Swiss researcher and epidemiologist, noted on Twitter last week that he is surprised to see two tech companies take privacy so seriously, while some governments advocate for more intrusive approaches.

“I’ve made a few correct predictions about Covid,” he tweeted. “But I would not in a 100 years have predicted this: U.S. tech companies provide a privacy-preserving framework to do digital contact tracing, and some European countries are lobbying them to lower the standards.”

[ad_2]

Source link