A couple of weeks ago Canada released the COVID Alert app to the general public. The app is intended to help tracing efforts in the province to curb the spread of COVID-19. Understandably, there are some questions regarding its privacy and security implications. Although I focus here on the Canadian version of the app, the underlying architecture is used by a lot of other public health authorities all over the world. You can find the full list of countries here.
几周前,加拿大向公众发布了COVID Alert应用程序。 该应用程序旨在帮助追踪该省的工作,以遏制COVID-19的传播。 可以理解的是,有关其隐私和安全性存在一些问题。 尽管我在这里重点介绍该应用程序的加拿大版,但世界上许多其他公共卫生机构都使用了基础架构。 您可以在此处找到国家的完整列表。
The first important thing about COVID Alert is that although the app itself is being branded and released by Health Canada (and other public health authorities) much of the core technology is provided by Apple and Google for iOS and Android respectively.
关于COVID Alert的第一件重要的事情是,尽管该应用程序本身是由加拿大卫生部(和其他公共卫生机构)进行商标和发布的,但许多核心技术分别由Apple和Google提供,分别用于iOS和Android。
Earlier this year, Apple and Google, in a joint effort, released a framework called the Exposure Notification System (ENS) designed specifically for building COVID tracing apps. The framework provides a set of tools for developers on both platforms and is intended to be used by public health authorities all over the world. It has been created with the explicit goal of preserving user privacy by design in an effort to encourage broader adoption. More on that here.
今年早些时候,苹果和谷歌共同努力,发布了一个称为“曝光通知系统” (ENS)的框架,该框架专门用于构建COVID跟踪应用程序。 该框架为这两个平台上的开发人员提供了一套工具,旨在供全世界的公共卫生机构使用。 创建它的明确目标是通过设计保护用户隐私,以鼓励更广泛的采用。 在这里更多。
As of now, the system is 100% opt-in. You don’t have to download the apps if you don’t feel comfortable. Nor would you be forced to opt-in at a later stage. However, the success of the program does depend on having a certain percentage of the population signed up.
截至目前,系统已100%选择启用。 您不必下载的应用程序,如果你感觉不舒服。 您也不会被迫在稍后阶段选择加入。 但是,该计划的成功确实取决于一定比例的人口签约。
The mechanism itself is fairly straightforward and uses a decentralized approach. Let’s say we are living in an ideal scenario where a majority of people have the app on their phone. Once you install it, it runs in the background and sends out randomized “codes” every 10–15 minutes via Bluetooth.
该机制本身非常简单,并采用分散式方法。 假设我们生活在理想的情况下,大多数人都在手机上使用该应用程序。 安装后,它会在后台运行,并通过蓝牙每10-15分钟发送一次随机的“代码”。
These codes are essentially just gibberish and not tied to you in any way. Over the course of the day, you would generate dozens of these codes. For simplicity, let’s say that your code never changes and is fixed to something ridiculously simple like12345.
这些代码本质上只是胡言乱语,没有任何形式的约束。 在一天的过程中,您将生成许多这样的代码。 为了简单起见,假设您的代码永不更改,并且已固定为12345这样的简单的东西。
Phones that are near you, within a distance of 10m, and also have the app installed, are listening for these codes. If you’re hanging out with a friend, or at a busy supermarket, your phone will be exchanging codes with those around you. Your phone will store the codes that it “came in contact with”. And likewise, all the phones around will you store your code. At this point, all data is decentralized, meaning that the information is stored purely on phones and not on a server somewhere.
距离您最近的电话(10m之内)并且已安装了该应用程序,这些电话正在侦听这些代码。 如果您与朋友一起出去玩,或者在繁忙的超市中,您的电话将与周围的人交换代码。 您的手机将存储“与之联系”的代码。 同样,所有电话都将存储您的代码。 在这一点上,所有数据都是分散的,这意味着信息纯粹存储在电话中,而不存储在某处的服务器上。
Now, hypothetically, one of the people you ran into at the supermarket later tests positive. The person can then tell the app that they’ve been infected. In most cases, they would be required to submit some sort of medical proof or confirmation from a public health authority. In Germany, for example, you would scan a QR code issued by the health authority confirming your diagnosis. This is to prevent people from falsely claiming that they’ve been infected to intentionally create false alarms.
假设,现在,您在超市遇到的一个人后来测试为阳性。 然后,此人可以告诉应用程序他们已被感染。 在大多数情况下,将要求他们提交某种医疗证明或来自公共卫生当局的确认书。 例如,在德国,您将扫描由卫生当局发出的QR码,以确认您的诊断。 这是为了防止人们错误地声称自己已被感染以故意创建虚假警报。
The app would then upload all of the codes issued to that person over the last 14 days to a web server. Or in our simplistic model, the single code that they were assigned, say 56789. The server is only storing a master list of these “infected” codes.
然后,该应用会将最近14天内发给该人的所有代码上传到网络服务器。 或者在我们的简化模型中,分配它们的单个代码是56789 。 服务器仅存储这些“感染”代码的主列表。
As the final step, your app downloads a list of these infected codes from the server a few times a day and compares them against all the codes of other people that you have run into. If it finds a match, it means that you’ve been in contact with an infected person and you’re at a higher risk and are notified immediately. This would then likely translate into a higher testing priority for you. And likewise, if you test positive, then the people that came into contact with you, and so on.
作为最后一步,您的应用每天从服务器上下载几次这些受感染代码的列表,并将它们与您遇到的其他人的所有代码进行比较。 如果找到匹配项,则表示您已经与感染者联系,并且您处于较高的风险中,并会立即得到通知。 这样可能会为您带来更高的测试优先级。 同样,如果您的测试结果是肯定的,那么与您联系的人等等。
The “privacy-protecting” approach comes from the fact that the system does not theoretically need access to your location or GPS at any point. If your location is needed for any reason, you will be prompted for permission. Nor does it need access to any sort of personal information. The only thing the system really needs is a Bluetooth based device. Additionally, your codes never leave your phone unless you get infected, meaning that nobody gets access to your data, including the health authorities.
“隐私保护”方法来自以下事实:理论上该系统在任何时候都不需要访问您的位置或GPS。 如果出于任何原因需要您的位置,系统将提示您获得许可。 它也不需要访问任何类型的个人信息。 系统真正需要的唯一东西是基于蓝牙的设备。 此外,除非您被感染,否则您的密码永远不会离开您的手机,这意味着没有人可以访问您的数据,包括卫生当局。
Whether or not this technology is too far reaching, or not extensive enough, is a whole other debate. But at the very least, I hope that having a better understanding of the underlying tech can help folks make an informed decision about whether or not they’d like to opt in.
这项技术是否涉及面太广,或不够广泛,是另外一个争论。 但至少,我希望对底层技术有更好的了解可以帮助人们就是否愿意加入做出明智的决定。
翻译自: https://medium.com/bits-n-pieces/how-does-covid-tracing-work-121ff9f07c8c
622
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
