Contact Tracing: The Technology

Jul 9, 2020, 13:59 PM by BBB National Programs

Imagine that you have been placed in charge of setting up a contact tracing system using the smartphones already in the hands of the public. As we explained in our first piece in this series, one of the main goals of this system is to alert those who may have come into contact with others infected with coronavirus. Certain information—such as the precise location where such contact has taken place—may be useful but is not strictly necessary to the app’s purpose. And, for the sake of privacy, you want to avoid releasing identifying information about those participating in the system.

Not too long ago, such a system would have been virtually impossible without centrally monitoring and logging the location and movements of all participating smartphones—and their users. Such a system would be prone to abuse and invasions of privacy, and many members of the public would likely decline to participate for those reasons.

That is no longer the case.

In a joint project, Google and Apple are implementing a smartphone contact tracing system using a special protocol, ubiquitous on smartphones, that avoids most of these pitfalls: Bluetooth LE.


What is Bluetooth LE?

Bluetooth is familiar to mobile device users as the ubiquitous wireless protocol used by phones, tablets, laptops, and other electronics for short-range wireless communication. First introduced in the late 1990s, Bluetooth is used to wirelessly connect everything from headphones to keyboards to medical devices.

Bluetooth LE—standing for Low Energy—was introduced in 2009 to deal with an issue that had plagued Bluetooth since its inception: power consumption. Standard Bluetooth worked well enough but tended to rapidly drain power from devices. By substantially reducing the power required, Bluetooth LE was designed to allow Bluetooth connectivity in a wider range of devices—allowing for the creation of tiny devices powered by a “button” battery for months, or even years.

Bluetooth LE is especially useful for applications that involve proximity (or “closeness”) detection in the immediate area, with a typical range of about 30 feet. For instance: small tracker devices are widely sold (“Tile” is a popular brand) which, when attached to a keychain or other easily lost object, enable its easy location by using a smartphone. These devices use Bluetooth LE to continuously operate and transmit a signal without rapidly draining the battery. Other applications include fitness wristbands, healthcare devices, and “smart home” appliances.

Because Bluetooth LE has been built into every phone for nearly a decade and was designed with proximity detection in mind, it is ideal for continuously detecting which smartphones are near each other (and thus, which smartphone owners are near each other). This is accomplished by directing phones to transmit identifiers to each other, which are then received and logged. This transmission can happen on a continuous basis without draining users’ batteries.

But that’s only part of the solution.

To encourage widespread adoption and avoid privacy issues, the system developed by Google and Apple doesn’t involve transmitting identifiers easily traced to individual phones or owners, but instead uses rolling, or ephemeral identifiers.


What is an ephemeral ID?

The Bluetooth LE specification already provides for rolling identifiers (Media Access Control, or “MAC” addresses), to prevent phones from being identified and tracked. While adequate for most uses, changing the MAC address periodically is likely not enough to ensure user privacy for contact tracing, due to known weaknesses in the protocol. Instead of relying on MAC addresses to anonymize users, the contract tracing system developed by Google and Apple takes this concept a step further.

Under this system, a phone participating in a contact tracing program generates an apparently random identifier, not directly traceable to the phone or its owner, and continually transmits it to nearby phones using Bluetooth LE. This identifier is changed every 10–20 minutes (the ID thus being “rolling” or “ephemeral”), every time the phone’s Bluetooth LE MAC address routinely changes, and is derived from a “Temporary Exposure Key,” (“TEK”) which is changed daily. Each participating phone also “listens” for other phones’ broadcasts and will receive and store the identifiers of nearby phones for fourteen days.

If a participating user is diagnosed as positive for coronavirus, that user can alert the contact tracing app of the diagnosis. With the user’s consent, the app will then upload the phone’s last fourteen days of TEKs to a central server. Every other phone running the contact tracing app will automatically download these anonymous keys, use them to derive the ephemeral IDs for the diagnosed person’s phone over the previous 14 days, then compare them against the phone’s own list of collected identifiers.

If a match is found—signifying that the phone’s user has recently been in the vicinity of someone who later tested positive for coronavirus—the app will alert the user that a potential exposure has occurred and provide information about what to do next.


Why is this useful for contact tracing?

In balancing the requirements for a smartphone contact tracing system—privacy, effectiveness, power efficiency, vulnerability to bad actors, and so on—Bluetooth LE provides an effective means of notifying users of potential contacts in a timely fashion, while mitigating most of the other concerns. The system places little burden on users and won’t drain their smartphone batteries. It doesn’t record the locations of users, only their temporary proximity—keeping the users’ locations private both from system administrators and potential hackers.

Unlike GPS (Global Positioning System), commonly used for maps and directions, contact tracing identifiers don’t indicate the location of smartphones at the time they made contact, only the fact that contact was made. This enhances the privacy aspects of the contact tracing system—even supposing that a hostile actor were able to compromise the system and identify individual phones, the actual location and path of the phones would remain inaccessible, as that data is never recorded by the system.


Looking Forward

By using Bluetooth LE instead of a location-based system (such as GPS), Google and Apple’s contact tracing system increases the likelihood that it can successfully make a difference in fighting coronavirus without sacrificing individual privacy to do it. This is not to say that it is perfect: as with any technological system, weaknesses or vulnerabilities often emerge when implemented.

BBB National Programs and other privacy organizations continue to monitor the development and implementation of this and other contact tracing systems. Nevertheless, Google and Apple’s system shows real promise as a means of increasing individual awareness of potential coronavirus contacts—and doing it without violating privacy, while using a feature already found on everyone’s phones.

Suggested Articles


The Critical Components for Self-Regulation in Direct Selling

Direct selling – when done correctly – can benefit distributors and consumers. Unfortunately, it only takes a few bad actors to compromise the integrity of an entire industry. The direct selling industry faces difficult and important challenges in enhancing consumer and regulatory confidence in the marketing of its products and services. Successful and effective self-regulation has often been described as a marathon and not a sprint and, as such, requires ongoing commitment and participation from the industry. DSSRC has been encouraged by the engagement and receptivity of the industry to our self-regulatory efforts, as well as the public support expressed by government agencies like the FTC and leaders such as the DSA to make the space a better one for salesforce members and the consumers they reach.
Read more

Truth-in-Advertising: Who Makes the Rules?

It is a common misunderstanding that the National Advertising Division (NAD) creates or establishes standards for the U.S. advertising industry. NAD does not make the rules, but instead serves as one arm of the U.S. system of independent advertising self-regulation to hold companies to established standards for claim substantiation. Substantiation standards may be set by laws, guidance documents, or industry organizations. This post outlines how NAD looks to those different sources for guidance when reviewing advertising claims.
Read more

Turning Lemons into Lemon-Aid – How to Navigate a Vehicle Warranty Claim During the Pandemic

The COVID-19 pandemic has affected all aspects of our lives, from the ability to socialize to the ability to work. Keeping up with routine vehicle maintenance, for many who have been moving around less since the pandemic began, has become less routine. So, what happens when you discover an issue with your vehicle? To make sure your vehicle gets fixed, follow these guidelines and, if your vehicle cannot be fixed, we at BBB AUTO LINE have some guidelines for that, too.
Read more

Call to Action: Improve Green Marketing and Avoid Greenwashing

Green marketing can be a strong marketing tool for companies to differentiate their sustainable approach to business and help consumers choose more sustainable products. But with the variety and volume of green marketing today, does it? Are environmental claims supported so that consumers can make choices that help the planet? While some observers call for more rigorous standards, governmental guidelines regulating environmental marketing already exist. Industry self-regulation also plays an important role in leveling the playing field on green marketing so that consumer purchases align with their environmental goals.
Read more