Here’s How the Exposure Notification System from Apple and Google Protects Your Privacy – Los Angeles IT Consultants

In iOS 13.5 Apple incorporated a new Exposure Notification API in response to the global COVID-19 pandemic. We’ve seen a few people freak out about this, but seriously, calm down, folks. At best, the Exposure Notification API could lower contact tracing costs, reduce the spread of COVID-19, prevent life-changing health consequences, and save lives. At worst, it won’t prove particularly effective. In neither case does it pose any threat to personal privacy.

Why have Apple and Google—two companies that normally compete tooth and nail—formed this unprecedented partnership? Contact tracing is one of the key techniques employed by public health authorities in slowing the spread of COVID-19. It involves gathering information from an infected person about those they’ve been in contact with, enabling authorities to learn who might have been the source of the infection and who they may have infected. It’s a slow, laborious, and error-prone process—do you know or even remember all the people you’ve come in contact with over the past few weeks?—but it’s helpful nonetheless.

To speed up this process and make it more accurate, Apple and Google are building exposure notification capabilities into their respective smartphone operating systems. A large percentage of the population carries a smartphone running either iOS or Android, and since these phones have the capability to detect when other phones are in their vicinity via Bluetooth, Apple and Google realized they could use technology to alert people when they had been exposed to a person who later tests positive for COVID-19.

Their solution comes in two phases. In the first phase, Apple and Google released the Exposure Notification API, and that’s what happened with iOS 13.5. This API, or application programming interface, allows apps written by public health authorities to work across both iOS and Android devices, something that’s never been possible before. The first key fact to understand is that only public health authorities will be allowed to write apps that leverage the Exposure Notification API. It cannot be incorporated into sketchy social media apps.

Unfortunately, it seems likely that many people will never learn about or download those apps. So in the second phase, Apple and Google will build the exposure notification technology directly into iOS and Android, so it can work without a public health authority app being installed.

The second key fact to understand is the entire system is opt-in. You must explicitly consent to the terms and conditions of the program before it becomes active on your phone. That’s true whether you get an app in the first phase or rely on the integration in the second phase. And, of course, if you change your mind, you can always turn it off in the app or the operating system settings.

How does it work? Apple and Google have developed an ingenious approach that ensures that those who opt-in to the technology can use it without worrying about privacy violations.

Your phone creates a Bluetooth beacon with a unique ID derived from a randomly generated diagnosis encryption key. The system generates a fresh diagnosis key every 24 hours and stores it on your phone for 14 days, deleting all older keys. Plus, the unique Bluetooth beacon ID that your phone broadcasts to other phones in your vicinity changes every 15 minutes. Similarly, your phone reads the unique IDs from nearby phones and stores them locally. This approach ensures privacy in three important ways:

  1. No personal information is shared. The ID is based on a random encryption key and changes constantly, so there’s no way it could be traced back to your phone, much less to you personally.
  2. No location information is stored. The only data that’s generated and transferred between the phones are these unique IDs. The system does not record or share location information, and Apple and Google have said they won’t approve any public health authority app that uses this system and also records location separately.
  3. No data is uploaded unless you test positive. As long as you remain uninfected by COVID-19, no data from your phone is uploaded to the Apple- and Google-controlled servers.

What happens if you test positive for COVID-19? (Sorry!) In that case, you would need to use a public health authority app to report your test results. You’ll likely have to enter a code or other piece of information to validate the diagnosis—a requirement necessary to prevent fake reporting.

When the app confirms your diagnosis, it triggers your phone to upload up to the last 14 days of diagnosis encryption keys—remember, these are just the keys from which the IDs are derived, not the IDs themselves—to the servers. Fewer days might be uploaded depending on when the exposure could have occurred.

All the phones enrolled in the system constantly download these diagnosis keys from devices of infected people. Then they perform cryptographic operations to see if those keys match any of the locally stored Bluetooth IDs captured during the period covered by the key. If there’s a match, that means you were in proximity to an infected person, and the system generates a notification with information about the day the exposure happened, how long it lasted, and the Bluetooth signal strength (which can indicate how close you were). A public health authority app will provide detailed instructions on how to proceed; if someone doesn’t have the app yet, the smartphone operating system will explain how to get it. Additional privacy protections are built into these steps:

  1. No one is forced to report a positive diagnosis. Just as you have to opt-in to the proximity ID sharing, you must explicitly choose to share your positive diagnosis. Not sharing puts others, including your loved ones, at risk, but that’s your decision to make.
  2. Shared diagnosis keys cannot identify you. The information that your phone uploads in the case of a positive diagnosis is limited to—at most—14 encryption keys. Those keys, which are then shared with others’ phones, contain no personal or location information.
  3. The matching process takes place only on users’ phones. Since the diagnosis keys and the derived IDs only meet on individual phones, there’s no way Apple, Google, or any government agency could match them up to establish a relationship.
  4. The notification information is too general to identify individuals. In most cases, there will be no way to connect an exposure notification back to an individual. Obviously, if you were in contact with only one or two people on a relevant day, that’s less true, but in such a situation, they’re likely known to you anyway.

Finally, Apple and Google have said they’ll disable the exposure notification system on a regional basis when it is no longer needed.

We apologize if that sounds complicated. It is, and necessarily so, because Apple and Google have put a tremendous amount of thought and technical and cryptographic experience into developing this exposure notification system. They are the preeminent technology companies on the planet, and their knowledge, skills, and expertise are as good as it gets. A simpler system—and, unfortunately, we’ll probably see plenty of other apps that won’t be as well designed—would likely have loopholes or could be exploited in unanticipated ways.

You can read more about the system from Apple and Google, including a FAQ and the technical specifications.

Our take? We are participating in this exposure notification system. It’s the least we can do to help keep our loved ones and others in our communities safe. In a pandemic, we all have to work to help others.

(Featured image based on an original by Dennis Kummer on Unsplash)


Microsoft’s commitment to customers during COVID-19

This post from Microsoft’s leadership team details their commitment to customers during the COVID-19 crisis. It outlines how Microsoft’s top priority is the health and safety of employees, customers, partners, and communities. It also explains how Teams is available for EVERYONE and what Microsoft is doing to keep the application running smoothly.

Read More…

Apple Releases COVID-19 Screening Tool App and Web Site

In partnership with the US Centers for Disease Control, Apple has released a free COVID-19 Screening Tool iOS app and nearly identical Web site. The interactive screening tool poses a series of questions about symptoms, risk factors, and recent exposure. Then it offers customized CDC recommendations, including guidance on social distancing and self-isolating, how to monitor symptoms, whether or not a test is recommended, and when to contact a medical provider. In addition, the app and Web site provide useful information about COVID-19, advice about how to keep yourself safe, and details on what to expect from testing. There’s nothing here that the CDC and other health agencies haven’t published elsewhere, but the screening tool can provide some peace of mind and reduce unnecessary load on overworked healthcare providers.

(Featured image by Apple)

Need to Stay in Touch? Try One of These Videoconferencing Apps – IT Consultants in Los Angeles

Videoconferencing has gone mainstream. If you work in a sufficiently large organization, you probably have already been indoctrinated into a recommended solution, whether it’s the built-in videoconferencing features of Slack or Microsoft Teams, or a dedicated videoconferencing system like Zoom or Webex.

But what if you’re in a small workgroup, are a freelancer, need to communicate with members of a non-profit group, or just want to stay in touch with friends and family? There are numerous options, but here are a few free options we recommend.

One note: As with text chat, you often have to meet people where they are, rather than where you’d prefer. You might like Skype, but be flexible if someone else schedules a Zoom meeting or if you want to talk with an elderly relative who can only use FaceTime.

FaceTime

Since FaceTime is limited to users of Apple devices, it’s both the easiest and most limiting of your videoconferencing choices. If everyone you want to talk with is an Apple user, you’re all set. But if you’re going to include even one Windows or Android user, look elsewhere.

Setting up and using FaceTime is simple because every Apple user already has the FaceTime app, it ties into your contacts, and everyone already has the necessary iCloud account. FaceTime calls can include up to 32 people, and it’s entirely free.

To start a new call, either tap the + button (iOS) or start typing someone’s name (Mac). Or, if you’ve talked to that person or group recently, just select them in the list.

You can also start a FaceTime call from any Messages conversation by tapping the avatar icons at the top of Messages and then tapping the FaceTime button.

Adding someone to a call is easy, if hidden. On an iPhone, tap the screen to reveal the controls, then swipe up on them to reveal more, including Add Person. On the Mac, click the sidebar button to reveal the sidebar and the Add Person button.

FaceTime in iOS includes numerous effects that are popular largely with children, including Animoji that replace your face with a cartoon, video filters (try Comic Book with an Animoji head), shapes, activity stickers, Memoji stickers, and emoji stickers. Alas, you can’t switch to a virtual background as you can with Zoom.

The big thing that FaceTime lacks in comparison with other options is screen sharing, which lets you show others in the video call what you see on your screen. The closest you can come is to flip the camera on your iPhone or iPad and point it at your Mac’s screen. FaceTime also lacks recording, though you can use iOS’s Screen Recording or macOS’s QuickTime Player to do that.

Google Hangouts

Whereas Apple separates text messaging and video calling into Messages and FaceTime, Google combines those capabilities in Google Hangouts. It works in iOS and Android, and on the Web, so it can be used on any computer. Google’s Web approach means it’s easy to follow an invitation link to join a hangout on the Mac, although that’s best done in Google Chrome or Firefox, neither of which needs a plug-in. Safari does require a plug-in.

If you already have a text conversation going with one or more people, it’s easy to start a video call by clicking the video button. You can also start a video call with one person and, once you’re in the call, click the Invite People icon, click Copy Link To Share, and then send that link to people in any way you want. Every participant does need a Google account, and only ten can join a video call at once.

In comparison with the others, Google Hangouts is bare-bones. It offers no effects, virtual backgrounds, built-in recording, or other gewgaws, and the way it separates the chat in a video call from the text conversation in a hangout is confusing. But if you need to communicate with a set of people who use Hangouts regularly, it works.

Skype

Microsoft’s Skype is the granddaddy of Internet telephony apps. It’s available for free for macOS, Windows, iOS, and Android, making it a good cross-platform choice. Since it uses Microsoft Live logins, it’s most easily used by those who are already deep in the Microsoft ecosystem, but you can invite someone to join a conversation as a guest without an account. Guests invited by link can even join from within Google Chrome (but not Safari) without needing the Skype app.

The easiest way to start a video call is from an existing conversation; just click the video button in a conversation. To get the link to a conversation, click the bold names at the top left of the conversation.

Skype offers extras for jazzing up the associated text chats—emoticons, stickers, and “mojis,” which are short video clips from movies. Its video calling options—for up to 50 people—are extensive. You can take a still photo of the screens in the call and share them in a gallery of images, carry on the text chat in a sidebar, and turn on “subtitles” that automatically transcribe what everyone in the call says. Skype lacks virtual backgrounds, but it can blur your background for more privacy. Screen sharing is supported, though not built-in recording.

All these options make for a somewhat convoluted interface, but Skype works well and may be the best free option overall.

Zoom

In the last few months, Zoom has become the best-known entry in the videoconferencing field. It’s popular with organizations, thanks to enterprise-level features and a simple experience for joining group calls, coupled with high-quality audio and video. The main downside is that the company has been criticized for lax security and poor privacy practices.

You need a Zoom account only to host a videoconference; the people you invite don’t need to sign up. Joining a video call for the first time is easy—you merely click an invitation link, and the Web page that loads either downloads the app (on a computer) or provides a button to get it (smartphone). Subsequent connections launch the app and connect you to the meeting.

For those who don’t pay $14.99 per month for a Pro account, Zoom’s Basic account is free. With the exception of limiting calls to 40 minutes, it’s fully featured. Nothing prevents you from starting another call immediately, and there are no limits on the number of calls you can make. The Basic and Pro plans are limited to 100 participants at a time, but Pro plan subscribers can pay for more.

Along with its popular virtual backgrounds feature, which lets you upload a photo or video to put behind you in the picture (a snazzy executive office, a tropical beach, or whatever), Zoom offers a number of compelling options. It lets multiple people share screens at once, lets people display reaction emoji (handy for showing approval while staying muted), can record audio or video locally (Pro accounts can record to the cloud), and much more.

Making a Choice

If you’re videoconferencing only with Apple users, try FaceTime to start. If FaceTime doesn’t float your boat, or you need cross-platform video calls, Skype beats out Google Hangouts handily. Zoom is probably the best of the lot, though you have to decide if breaking its 40-minute limit is worth $14.99 per month. If not, fall back on Skype.

(Featured image by ThisIsEngineering from Pexels)


Preparing Your Organization for a Possible COVID-19 Quarantine

As of this writing, the respiratory disease COVID-19 has caused nearly 3000 deaths and infected over 80,000 people worldwide. There are relatively few cases in North America currently, but that could increase significantly. For high-quality information about COVID-19, turn to the World Health Organization and the US Centers for Disease Control and Prevention.

For now, the Centers for Disease Control are recommending sensible precautions. They include regular hand washing or using alcohol-based hand sanitizer, covering coughs and sneezes (with your elbow), and staying home and avoiding public spaces if you’re feeling unwell. (These are smart things to do during flu season anyway, given that 10,000 people in the US have died of influenza already this season.)

What if local health officials were to declare a quarantine? Without lapsing into doomsday scenarios, it is always reasonable to make sure that you are personally ready for a natural disaster or other emergency. The Prepared has a detailed guide to help you prepare for a COVID-19 scare or quarantine.

We want to focus on how organizations—either those you run or work for—might prepare for a public health scare or possible quarantine, particularly in the context of your technology use. Here are our thoughts, and contact us if you want help with your preparedness plans.

Infection Prevention

If your organization has numerous employees or serves the public, put some thought into how you can reduce the chance of infection. That might include providing hand sanitizer dispensers, wiping down frequently touched surfaces with household cleaners, and a more frequent cleaning schedule for restrooms.

For an Apple-specific tip, try using or encouraging the use of Apple Pay to reduce the need to touch credit card terminals!

Also, it’s best to avoid shaking hands with customers and colleagues. Perhaps the Japanese custom of bowing will gain traction elsewhere in the world.

Internal Communications

In the event that public health officials discourage people from gathering, think about how your company will communicate internally with people working from home. Many organizations allow such flexibility now anyway, so it’s likely that yours has at least informal communication channels via phone and email, and chat systems like Slack.

Consider formalizing those channels if need be, and if your directory service doesn’t already contain this information, publish a list of phone numbers and email addresses so everyone can contact co-workers easily. If your organization relies on IP telephony, make sure everyone understands how to use softphones or can configure an office phone at home. If you have a switchboard, investigate how it can be operated remotely.

If your organization’s email system is usually available only from computers owned by the organization, make sure webmail access is enabled and that everyone understands how to access it. Similarly, it’s worth making sure everyone has email access from their phones.

Chat systems like Slack or Microsoft Teams can be effective ways for far-flung groups to communicate because they provide real-time communication segregated into topic- or group-specific channels. If you’re not already using such a system and would like to investigate adding it to your communications strategy, contact us for advice.

Remote Access to Organizational Services

For connectivity to office-based file servers and other systems, make sure everyone has access to your VPN and knows how to use it. (Don’t have a VPN, or virtual private network? Again, call us—a VPN is an essential way to provide remote access while ensuring security.)

Are there any specialized servers or services, such as an accounting system, that have security safeguards related to specific access points? Think about what additional access may need to be provided for an employee working from home.

Physical Environment

If most or all employees are working from home, what does that mean for your office? Do physical security systems or climate settings need to be adjusted? Do you want to set up video cameras or other remote monitoring hardware? Who’s going to water the plants? On a more serious note, if you have on-premises servers, make sure they can be administered entirely remotely, including power cycling.

It’s also worth determining who will have responsibility for the office in the event of problems, which could still occur even if no one is there. What if a water pipe in the building breaks, or there’s a burglary? Make sure it’s clear who will respond.

Business Functions

Think about the regularly scheduled aspects of running the business, with an eye toward those that might assume the presence of certain people. Can they run payroll, accounts receivable, and accounts payable remotely? Make sure that every key position has at least one backup, so if one person falls ill, the organization’s ability to function won’t be compromised.

If international travel is a significant part of your organization’s mission, you’re already figuring out how to compensate through videoconferencing and similar technologies. But if you regularly travel only within the country or your area, think about which trips are essential and which can be replaced using online conferencing tools.

Finally, consider how your clients and customers will react to the situation. It’s unfortunately likely that there will be less work taking place, so you may see decreased revenues, but certain organizations may see an increased workload. For instance, if the number of patients in hospitals skyrockets, those who support healthcare systems may struggle under the load alongside the doctors and nurses.

We certainly hope that all these preparations prove unnecessary, but they’re worthwhile regardless. Too many businesses have failed after a fire, hurricane, or earthquake renders an office uninhabitable, and such natural disasters are all too common. As the Boy Scout motto says, “Be prepared.”

(Featured image based on an original by Gerd Altmann from Pixabay)