Germany

UK gives up on centralized coronavirus contacts-tracing app — will ‘likely’ switch to model backed by Apple and Google

Posted by | Apple, apple inc, Apps, Bluetooth, contacts tracing, coronavirus, COVID-19, Denmark, Europe, european union, Germany, Google, Health, ireland, Italy, Matt Hancock, Mobile, mobile app, NHS, NHS COVID-19, northern ireland, privacy, smartphone, smartphones, switzerland, United Kingdom | No Comments

The UK has given up building a centralized coronavirus contacts-tracing app and will instead switch to a decentralized app architecture, the BBC has reported. This suggests its any future app will be capable of plugging into the joint ‘exposure notification’ API which has been developed in recent weeks by Apple and Google.

The UK’s decision to abandon a bespoke app architecture comes more than a month after ministers had been reported to be eyeing such a switch. They went on to award a contract to an IT supplier to develop a decentralized tracing app in parallel as a backup — while continuing to test the centralized app, which is called NHS COVID-19.

At the same time, a number of European countries have now successfully launched contracts-tracing apps with a decentralized app architecture that’s able to plug into the ‘Gapple’ API — including Denmark, Germany, Italy, Latvia and Switzerland. Several more such apps remain in testing. While EU Member States just agreed on a technical framework to enable cross-border interoperability of apps based on the same architecture.

Germany — which launched the decentralized ‘Corona Warning App’ this week — announced its software had been downloaded 6.5M times in the first 24 hours. The country had initially appeared to favor a centralized approach but switched to a decentralized model back in April in the face of pushback from privacy and security experts.

The UK’s NHS COVID-19 app, meanwhile, has not progressed past field tests, after facing a plethora of technical barriers and privacy challenges — as a direct consequence of the government’s decision to opt for a proprietary system which uploads proximity data to a central server, rather than processing exposure notifications locally on device.

Apple and Google’s API, which is being used by all Europe’s decentralized apps, does not support centralized app architectures — meaning the UK app faced technical hurdles related to accessing Bluetooth in the background. The centralized choice also raised big questions around cross-border interoperability, as we’ve explained before. Questions had also been raised over the risk of mission creep and a lack of transparency and legal certainty over what would be done with people’s data.

So the UK’s move to abandon the approach and adopt a decentralized model is hardly surprising — although the time it’s taken the government to arrive at the obvious conclusion does raise some major questions over its competence at handling technology projects.

Michael Veale, a lecturer in digital rights and regulation at UCL — who has been involved in the development of the DP3T decentralized contacts-tracing standard, which influenced Apple and Google’s choice of API — welcomed the UK’s decision to ditch a centralized app architecture but questioned why the government has wasted so much time.

“This is a welcome, if a heavily and unnecessarily delayed, move by NHSX,” Veale told TechCrunch. “The Google -Apple system in a way is home-grown: Originating with research at a large consortium of universities led by Switzerland and including UCL in the UK. NHSX has no end of options and no reasonable excuse to not get the app out quickly now. Germany and Switzerland both have high quality open source code that can be easily adapted. The NHS England app will now be compatible with Northern Ireland, the Republic of Ireland, and also the many destinations for holidaymakers in and out of the UK.”

Perhaps unsurprisingly, UK ministers are now heavily de-emphasizing the importance of having an app in the fight against the coronavirus at all.

The Department for Health and Social Care’s, Lord Bethell, told the Science and Technology Committee yesterday the app will not now be ready until the winter. “We’re seeking to get something going for the winter, but it isn’t a priority for us,” he said.

Yet the centralized version of the NHS COVID-19 app has been in testing in a limited geographical pilot on the Isle of Wight since early May — and up until the middle of last month health minister, Matt Hancock, had said it would be rolled out nationally in mid May.

Of course that timeframe came and went without launch. And now the prospect of the UK having an app at all is being booted right into the back end of the year.

Compare and contrast that with government messaging at its daily coronavirus briefings back in May — when Hancock made “download the app” one of the key slogans — and the word ‘omnishambles‘ springs to mind…

NHSX relayed our request for comment on the switch to a decentralized system and the new timeframe for an app launch to the Department of Health and Social Care (DHSC) — but the department had not responded to us at the time of publication.

Earlier this week the BBC reported that a former Apple executive, Simon Thompson, was taking charge of the delayed app project — while the two lead managers, the NHSX’s Matthew Gould and Geraint Lewis — were reported to be stepping back.

Back in April, Gould told the Science and Technology Committee the app would “technically” be ready to launch in 2-3 weeks’ time, though he also said any national launch would depend on the preparedness of a wider government program of coronavirus testing and manual contacts tracing. He also emphasized the need for a major PR campaign to educate the public on downloading and using the app.

Government briefings to the press today have included suggestions that app testers on the Isle of Wight told it they were not comfortable receiving COVID-19 notifications via text message — and that the human touch of a phone call is preferred.

However none of the European countries that have already deployed contacts-tracing apps has promoted the software as a one-stop panacea for tackling COVID-19. Rather tracing apps are intended to supplement manual contacts-tracing methods — the latter involving the use of trained humans making phone calls to people who have been diagnosed with COVID-19 to ask who they might have been in contact with over the infectious period.

Even with major resource put into manual contacts-tracing, apps — which use Bluetooth signals to estimate proximity between smartphone users in order to calculate virus expose risk — could still play an important role by, for example, being able to trace strangers who are sat near an infected person on public transport.

Update: The DHSC has now issued a statement addressing reports of the switch of app architecture for the NHS COVID-19 app — in which it confirms, in between reams of blame-shifting spin, that it’s testing a new app that is able to plug into the Apple and Google API — and which it says it may go on to launch nationally, but without providing any time frame.

It also claims it’s working with Apple and Google to try to enhance how their technology estimates the distance between smartphone users.

“Through the systematic testing, a number of technical challenges were identified — including the reliability of detecting contacts on specific operating systems — which cannot be resolved in isolation with the app in its current form,” DHSC writes of the centralized NHS COVID-19 app.

“While it does not yet present a viable solution, at this stage an app based on the Google / Apple API appears most likely to address some of the specific limitations identified through our field testing.  However, there is still more work to do on the Google / Apple solution which does not currently estimate distance in the way required.”

Based on this, the focus of work will shift from the current app design and to work instead with Google and Apple to understand how using their solution can meet the specific needs of the public,” it adds. 

We reached out to Apple and Google for comment. Apple declined to comment.

According to one source, the UK has been pressing for the tech giants’ API to include device model and RSSI info alongside the ephemeral IDs which devices that come into proximity exchange with each other — presumably to try to improve distance calculations via a better understanding of the specific hardware involved.

However introducing additional, fixed pieces of device-linked data would have the effect of undermining the privacy protections baked into the decentralized system — which uses ephemeral, rotating IDs in order to prevent third party tracking of app users. Any fixed data-points being exchanged would risk unpicking the whole anti-tracking approach.

Norway, another European country which opted for a centralized approach for coronavirus contacts tracing — but got an app launched in mid April — made the decision to suspend its operation this week, after an intervention by the national privacy watchdog. In that case the app was collecting both GPS and Bluetooth —  posing a massive privacy risk. The watchdog warned the public health agency the tool was no longer a proportionate intervention — owing to what are now low levels of coronavirus risk in the country.

Powered by WPeMatico

UK’s NHS COVID-19 app lacks robust legal safeguards against data misuse, warns committee

Posted by | Apps, Bluetooth, data protection law, digital rights, Elizabeth Denham, Europe, Germany, Health, human rights, identity management, ireland, Matt Hancock, Mobile, National Health Service, NHS, NHS COVID-19, NHSX, northern ireland, privacy, privacy policy, terms of service, United Kingdom | No Comments

A UK parliamentary committee that focuses on human rights issues has called for primary legislation to be put in place to ensure that legal protections wrap around the national coronavirus contact tracing app.

The app, called NHS COVID-19, is being fast tracked for public use — with a test ongoing this week in the Isle of Wight. It’s set to use Bluetooth Low Energy signals to log social interactions between users to try to automate some contacts tracing based on an algorithmic assessment of users’ infection risk.

The NHSX has said the app could be ready for launch within a matter of weeks but the committee says key choices related to the system architecture create huge risks for people’s rights that demand the safeguard of primary legislation.

“Assurances from Ministers about privacy are not enough. The Government has given assurances about protection of privacy so they should have no objection to those assurances being enshrined in law,” said committee chair, Harriet Harman MP, in a statement.

“The contact tracing app involves unprecedented data gathering. There must be robust legal protection for individuals about what that data will be used for, who will have access to it and how it will be safeguarded from hacking.

“Parliament was able quickly to agree to give the Government sweeping powers. It is perfectly possible for parliament to do the same for legislation to protect privacy.”

The NHSX, a digital arm of the country’s National Health Service, is in the process of testing the app — which it’s said could be launched nationally within a few weeks.

The government has opted for a system design that will centralize large amounts of social graph data when users experiencing COVID-19 symptoms (or who have had a formal diagnosis) choose to upload their proximity logs.

Earlier this week we reported on one of the committee hearings — when it took testimony from NHSX CEO Matthew Gould and the UK’s information commissioner, Elizabeth Denham, among other witnesses.

Warning now over a lack of parliamentary scrutiny — around what it describes as an unprecedented expansion of state surveillance — the committee report calls for primary legislation to ensure “necessary legal clarity and certainty as to how data gathered could be used, stored and disposed of”.

The committee also wants to see an independent body set up to carry out oversight monitoring and guard against ‘mission creep’ — a concern that’s also been raised by a number of UK privacy and security experts in an open letter late last month.

“A Digital Contact Tracing Human Rights Commissioner should be responsible for oversight and they should be able to deal with complaints from the Public and report to Parliament,” the committee suggests.

Prior to publishing its report, the committee wrote to health minister Matt Hancock, raising a full spectrum of concerns — receiving a letter in response.

In this letter, dated May 4, Hancock told it: “We do not consider that legislation is necessary in order to build and deliver the contact tracing app. It is consistent with the powers of, and duties imposed on, the Secretary of State at a time of national crisis in the interests of protecting public health.”

The committee’s view is Hancock’s ‘letter of assurance’ is not enough given the huge risks attached to the state tracking citizens’ social graph data.

“The current data protection framework is contained in a number of different documents and it is nearly impossible for the public to understand what it means for their data which may be collected by the digital contact tracing system. Government’s assurances around data protection and privacy standards will not carry any weight unless the Government is prepared to enshrine these assurances in legislation,” it writes in the report, calling for a bill that it says myst include include a number of “provisions and protections”.

Among the protections the committee is calling for are limits on who has access to data and for what purpose.

“Data held centrally may not be accessed or processed without specific statutory authorisation, for the purpose of combatting Covid-19 and provided adequate security protections are in place for any systems on which this data may be processed,” it urges.

It also wants legal protections against data reconstruction — by different pieces of data being combined “to reconstruct information about an individual”.

The report takes a very strong line — warning that no app should be released without “strong protections and guarantees” on “efficacy and proportionality”.

“Without clear efficacy and benefits of the app, the level of data being collected will be not be justifiable and it will therefore fall foul of data protection law and human rights protections,” says the committee.

The report also calls for regular reviews of the app — looking at efficacy; data safety; and “how privacy is being protected in the use of any such data”.

It also makes a blanket call for transparency, with the committee writing that the government and health authorities “must at all times be transparent about how the app, and data collected through it, is being used”.

A lack of transparency around the project was another of the concerns raised by the 177 academics who signed the open letter last month.

The government has committed to publishing data protection impact assessments for the app. But the ICO’s Denham still hadn’t had sight of this document as of this Monday.

Another call by the committee is for a time-limit to be attached to any data gathered by or generated via the app. “Any digital contact tracing (and data associated with it) must be permanently deleted when no longer required and in any event may not be kept beyond the duration of the public health emergency,” it writes.

We’ve reached out to the Department of Health and NHSX for comment on the human rights committee’s report.

Let’s go through Matt Hancock’s letter to @HarrietHarman @HumanRightsCtte on the NHSX app and take a closer look at some of these statements 1/ https://t.co/sQe2U8wkiy

— Michael Veale (@mikarv) May 7, 2020

There’s another element to this fast moving story: Yesterday the Financial Times reported that the NHSX has inked a new contract with an IT supplier which suggests it might be looking to change the app architecture — moving away from a centralized database to a decentralized system for contacts tracing. Although NHSX has not confirmed any such switch at this point.

Some other countries have reversed course in their choice of app architecture after running into technical challenges related to Bluetooth. The need to ensure public trust in the system was also cited by Germany for switching to a decentralized model.

The human rights committee report highlights a specific app efficacy issue of relevance to the UK, which it points out is also linked to these system architecture choices, noting that: “The Republic of Ireland has elected to use a decentralised app and if a centralised app is in use in Northern Ireland, there are risks that the two systems will not be interoperable which would be most unfortunate.”

Professor Lilian Edwards, a legal expert from Newcastle University, who has co-authored a draft bill proposing a set of safeguards for coronavirus apps (much of which was subsequently taken up by Australia for a legal instrument that wraps public health contact info during the coronavirus crisis) — and who also now sits as an independent advisor on an ethics committee that’s been set up for the NHSX app — welcomed the committee report.

Speaking in a personal capacity she told TechCrunch: “My team and I welcome this.”

But she flagged a couple of omissions in the report. “They have left out two of the recommendations from my bill — one of which, I totally expected; that there be no compulsion to carry a phone. Because they will just be assumed within our legal system but I don’t think it would have hurt to have said it. But ok.

“The second point — which is important — is the point about there not being compulsion to install the app or to display it. And there not being, therefore, discrimination against you if you don’t. Like not being allowed to go to your workplace is an obvious example. Or not being allowed to go to a football game when they reopen. And that’s the key point where the struggle is.”

The conflict, says Edwards, is on the one hand you could argue what’s the point of doing digital contact tracing at all if you can’t make sure people are able to receive notifications that they might be a contact. But — on the other — if you allow compulsion that then “leaves it open to be very discriminatory” — meaning people could abuse the requirement to target and exclude others from a workplace, for example.

“There are people who’ve got perfectly valid reasons to not want to have this on their phone,” Edwards added. “Particularly if it’s centralized rather than decentralized.”

She also noted that the first version of her draft coronavirus safeguards bill had allowed compulsion re: having the app on the phone but required it to be balanced by a proportionality analysis — meaning any such compulsion must be “proportionate to a legitimate aim”.

But after Australia opted for zero compulsion in its legal instrument she said she and her team decided to revise their bill to also strike out the provision entirely.

Edwards suggested the human rights committee may not have included this particular provision in their recommendations because parliamentary committees are only able to comment on evidence they receive during an inquiry. “So I don’t think it would have been in their remit to recommend on that,” she noted, adding: “It isn’t actually an indication that they’re not interested in these concepts; it’s just procedure I think.”

She also highlighted the issues of so-called ‘immunity passports’ — something the government has reportedly been in discussions with startups about building as part of its digital coronavirus response, but which the committee report also does not touch on.

However, without full clarity on the government’s evolving plans for its digital coronavirus response, and with, inevitably, a high degree of change and flux amid a public health emergency situation, it’s clearly difficult for committees to interrogate so many fast moving pieces.

“The select committees have actually done really, really well,” added Edwards. “But it just shows how the ground has shifted so much in a week.”

This report was updated with additional comment

Powered by WPeMatico

NHS COVID-19: The UK’s coronavirus contacts-tracing app explained

Posted by | Android, api, app-store, Apple, Apps, Australia, Bluetooth, contacts tracing apps, coronavirus, COVID-19, data protection law, estonia, Europe, european union, Germany, Google, Health, iOS, iPhone, ireland, mobile app, National Health Service, NHS COVID-19, northern ireland, operating systems, privacy, Security, Singapore, smartphone, smartphones, switzerland, TC, United Kingdom | No Comments

The UK has this week started testing a coronavirus contacts-tracing app which NHSX, a digital arm of the country’s National Health Service, has been planning and developing since early March. The test is taking place in the Isle of Wight, a 380km2 island off the south coast of England, with a population of around 140,000.

The NHS COVID-19 app uses Bluetooth Low Energy handshakes to register proximity events (aka ‘contacts’) between smartphone users, with factors such as the duration of the ‘contact event’ and the distance between the devices feeding an NHS clinical algorithm that’s being designed to estimate infection risk and trigger notifications if a user subsequently experiences COVID-19 symptoms.

The government is promoting the app as an essential component of its response to fighting the coronavirus — the health minister’s new mantra being: ‘Protect the NHS, stay home, download the app’ — and the NHSX has said it expects the app to be “technically” ready to deploy two to three weeks after this week’s trial.

However there are major questions over how effective the tool will prove to be, especially given the government’s decision to ‘go it alone’ on the design of its digital contacts-tracing system — which raises some specific technical challenges linked to how modern smartphone platforms operate, as well as around international interoperability with other national apps targeting the same purpose.

In addition, the UK app allows users to self report symptoms of COVID-19 — which could lead to many false alerts being generated. That in turn might trigger notification fatigue and/or encourage users to ignore alerts if the ratio of false alarms exceeds genuine alerts.

Keep calm and download the app?

How users will generally respond to this technology is a major unknown. Yet mainstream adoption will be needed to maximize utility; not just one-time downloads. Dealing with the coronavirus will be a marathon not a sprint — which means sustaining usage will be vital to the app functioning as intended. And that will require users to trust that the app is both useful for the claimed public health purpose, by being effective at shrinking infection risk, and also that using it will not create any kind of disadvantages for them personally or for their friends and family.

The NHSX has said it will publish the code for the app, the DPIA (data protection impact assessment) and the privacy and security models — all of which sounds great, though we’re still waiting to see those key details. Publishing all that before the app launches would clearly be a boon to user trust.

A separate consideration is whether there should be a dedicated legislation wrapper put around the app to ensure clear and firm legal bounds on its use (and to prevent abuse and data misuse).

As it stands the NHS COVID-19 app is being accelerated towards release without this — relying on existing legislative frameworks (with some potential conflicts); and with no specific oversight body to handle any complaints. That too could impact user trust.

The overarching idea behind digital contacts tracing is to leverage uptake of smartphone technology to automate some contacts tracing, with the advantage that such a tool might be able to register fleeting contacts, such as between strangers on the street or public transport, that may more difficult for manual contacts-tracing methods to identify. Though whether these sorts of fleeting contacts create a significant risk of infection with the SARS-CoV-2 virus has not yet been quantified.

All experts are crystal clear on one thing: Digital contacts tracing is only going to be — at very best — a supplement to manual contact tracing. People who do not own or carry smartphones or who do not or cannot use the app obviously won’t register in any captured data. Technical issues may also create barriers and data gaps. It’s certainly not a magic bullet — and may, in the end, turn out to be ill-suited for this use case (we’ve written a general primer on digital contacts tracing here).

One major component of the UK approach is that it’s opted to create a so-called ‘centralized’ system for coronavirus contacts tracing — which leads to a number of specific challenges.

While the NHS COVID-19 app stores contacts events on the user’s device initially, at the point when (or if) a user chooses to report themselves having coronavirus symptoms then all their contacts events data is uploaded to a central server. This means it’s not just a user’s own identifier but a list of any identifiers they have encountered over the past 28 days — so, essentially, a graph of their recent social interactions.

This data cannot be deleted after the fact, according to the NHSX, which has also said it may be used for “research” purposes related to public health — raising further questions around privacy and trust.

Questions around the legal bases for this centralized approach also remain to be answered in detail by the government. UK and EU data protection law emphasize data minimization as a key principle; and while there’s flexibility built into these frameworks for a public health emergency there is still a requirement on the government to detail and justify key data processing decisions.

The UK’s decision to centralize contacts data has another obvious and immediate consequence: It means the NHS COVID-19 app will not be able to plug into an API that’s being jointly developed by Apple and Google to provide technical support for Bluetooth-based national contacts-tracing apps — and due to be release this month.

The tech giants have elected to support decentralized app architectures for these apps — which, conversely, do not centralize social graph data. Instead, infection risk calculations are performed locally on the device.

By design, these approaches avoid providing a central authority with information on who infected whom.

In the decentralized scenario, an infected user consents to their ephemeral identifier being shared with other users so apps can do matching locally, on the end-user device — meaning exposure notifications are generated without a central authority needing to be in the loop. (It’s also worth noting there are ways for decentralized protocols to feed aggregated contact data back to a central authority for epidemiological research, though the design is intended to prevent users’ social graph being exposed. A system of ‘exposure notification’, as Apple and Google are now branding it, has no need for such data, is their key argument. The NHSX counters that by suggesting social graph data could provide useful epidemiological insights — such as around how the virus is being spread.)

At the point a user of the NHS COVID-19 app experiences symptoms or gets a formal coronavirus diagnosis — and chooses to inform the authorities — the app will upload their recent contacts to a central server where infection risk calculations are performed.

The system will then send exposure notifications to other devices — in instances where the software deems there may be at risk of infection. Users might, for example, be asked to self isolate to see if they develop symptoms after coming into contact with an infected person, or told to seek a test to determine if they have COVID-19 or not.

A key detail here is that users of the NHS COVID-19 app are assigned a fixed identifier — basically a large, random number — which the government calls an “installation ID”. It claims this identifier is ‘anonymous’. However this is where political spin in service of encouraging public uptake of the app is being allowed to obscure a very different legal reality: A fixed identifier linked to a device is in fact pseudonymous data, which remains personal data under UK and EU law. Because, while the user’s identity has been ‘obscured’, there’s still a clear risk of re-identification.

Truly ‘anonymous’ data is a very high bar to achieve when you’re dealing with large data-sets. In the NHS COVID-19 app case there’s no reason beyond spin for the government to claim the data is “anonymous”; given the system design involves a device-linked fixed identifier that’s uploaded to a central authority alongside at least some geographical data (a partial postcode: which the app also asks users to input — so “the NHS can plan your local NHS response”, per the official explainer).

The NHSX has also said future versions of the app may ask users to share even more personal data, including their location. (And location data-sets are notoriously difficult to defend against re-identification.)

Nonetheless the government has maintained that individual users of the app will not be identified. But under such a system architecture this assertion sums to ‘trust us with your data’; the technology itself has not been designed to remove the need for individual users to trust a central authority, as is the case with bona fide decentralized protocols.

This is why Apple and Google are opting to support the latter approach — it cuts the internationally thorny issue of ‘government trust’ out of their equation.

However it also means governments that do want to centralize data face a technical headache to get their apps to function smoothly on the only two smartphone platforms that matter.

Technical and geopolitical headaches

The specific technical issue here relates to how these mainstream platforms manage background access to Bluetooth.

Using Bluetooth as a proxy for measuring coronavirus infection risk is of course a very new and novel technology. Singapore was reported to be the first country to attempt this. Its TraceTogether app, which launched in March, reportedly gained only limited (<20%) uptake — with technical issues on iOS being at least partly blamed for the low uptake.

The problem that the TraceTogether app faced initially is the software needed to be actively running and the iPhone open (not locked) for the tracing function to work. That obviously interferes with the normal multitasking of the average iPhone user — discouraging usage of the app.

It’s worth emphasizing that the UK is doing things a bit differently vs Singapore, though, in that it’s using Bluetooth handshakes rather than a Bluetooth advertising channel to power the contacts logging.

The NHS COVID-19 app has been designed to listen passively for other Bluetooth devices and then wake up in order to perform the handshake. This is intended as a workaround for these platform limits on background Bluetooth access. However it is still a workaround — and there are ongoing questions over how robustly it will perform in practice. 

An analysis by The Register suggests the app will face a fresh set of issues in that iPhones specifically will fail to wake each other up to perform the handshakes — unless there’s also an Android device in the vicinity. If correct, it could result in big gaps in the tracing data (around 40% of UK smartphones run iOS vs 60% running Android).

Battery drain may also resurface as an issue with the UK system, though the NHSX has claimed its workaround solves this. (Though it’s not clear if they’ve tested what happens if an iPhone user switches on a battery saving mode which limits background app activity, for example.)

Other Bluetooth-based contract-tracing apps that have tried to workaround platforms limits have also faced issues with interference related to other Bluetooth devices — such as Australia’s recently launched app. So there are a number of potential issues that could trouble performance.

Being outside the Apple-Google API also certainly means the UK app is at the mercy of future platform updates which could derail the specific workaround. Best laid plans that don’t involve using an official interface as your plug are inevitably operating on shaky ground.

Finally, there’s a huge and complex issue that’s essentially being glossed over by government right now: Interoperability with other national apps.

How will the UK app work across borders? What happens when Brits start travelling again? With no obvious route for centralized vs decentralized systems to interface and play nice with each other there’s a major question mark over what happens when UK citizens want to travel to countries with decentralized systems (or indeed vice versa). Mandatory quarantines because the government picked a less interoperable app architecture? Let’s hope not.

Notably, the Republic of Ireland has opted for a decentralized approach for its national app, whereas Northern Ireland, which is part of the UK but shares a land border with the Republic, will — baring any NHSX flip — be saddled with a centralized and thus opposing choice. It’s the Brexit schism all over again in app form.

Earlier this week the NHSX was asked about this cross-border issue by a UK parliamentary committee — and admitted it creates a challenge “we’ll have to work through”, though it did not suggest how it proposes to do that.

And while that’s a very pressing backyard challenge, the same interoperability gremlins arise across the English Channel — where a number of European countries are opting for decentralized apps, including Estonia, Germany and Switzerland. While Apple and Google’s choice at the platform level means future US apps may also be encouraged down a decentralized route. (The two US tech giants are demonstrably flexing their market power to press on and influence governments’ app design choices internationally.)

So countries that fix on a ‘DIY’ approach for the digital component of their domestic pandemic response may find it leads to some unwelcome isolation for their citizens at the international level.

Powered by WPeMatico

Germany ditches centralized approach to app for COVID-19 contacts tracing

Posted by | Android, api, Apple, Apps, Bluetooth, contact tracing, coronavirus, COVID-19, decentralization, DP-3T, Europe, european commission, european union, France, Germany, Google, Health, iOS, mobile app, operating systems, p2p, PEPP-PT, privacy, smartphones, surveillance, United Kingdom | No Comments

Germany has U-turned on building a centralized COVID-19 contacts tracing app — and will instead adopt a decentralized architecture, Reuters reported Sunday, citing a joint statement by chancellery minister Helge Braun and health minister Jens Spahn.

In Europe in recent weeks, a battle has raged between different groups backing centralized vs decentralized infrastructure for apps being fast-tracked by governments which will use Bluetooth-based smartphone proximity as a proxy for infection risk — in the hopes of supporting the public health response to the coronavirus by automating some contacts tracing.

Centralized approaches that have been proposed in the region would see pseudonymized proximity data stored and processed on a server controlled by a national authority, such as a healthcare service. However concerns have been raised about allowing authorities to scoop up citizens’ social graph, with privacy experts warning of the risk of function creep and even state surveillance.

Decentralized contacts tracing infrastructure, by contrast, means ephemeral IDs are stored locally on device — and only uploaded with a user’s permission after a confirmed COVID-19 diagnosis. A relay server is used to broadcast infected IDs — enabling devices to locally compute if there’s a risk that requires notification. So social graph data is not centralized.

The change of tack by the German government marks a major blow to a homegrown standardization effort, called PEPP-PT, that had been aggressively backing centralization — while claiming to ‘preserve privacy’ on account of not tracking location data. It quickly scrambled to propose a centralized architecture for tracking coronavirus contacts, led by Germany’s Fraunhofer Institute, and claiming the German government as a major early backer, despite PEPP-PT later saying it would support decentralized protocols too.

As we reported earlier, the effort faced strident criticism from European privacy experts — including a group of academics developing a decentralized protocol called DP-3T — who argue p2p architecture is truly privacy preserving. Concerns were also raised about a lack of transparency around who is behind PEPP-PT and the protocols they claimed to support, with no code published for review.

The European Commission, meanwhile, has also recommended the use of decentralization technologies to help boost trust in such apps in order to encourage wider adoption.

EU parliamentarians have also warned regional governments against trying to centralize proximity data during the coronavirus crisis.

But it was Apple and Google jumping into the fray earlier this month by announcing joint support for decentralized contacts tracing that was the bigger blow — with no prospect of platform-level technical restrictions being lifted. iOS limits background access to Bluetooth for privacy and security reasons, so national apps that do not meet this decentralized standard won’t benefit from API support — and will likely be far less usable, draining battery and functioning only if actively running.

Nonetheless PEPP-PT told journalists just over a week ago that it was engaged in fruitful discussions with Apple and Google about making changes to their approach to accommodate centralized protocols.

Notably, the tech giants never confirmed that claim. They have only since doubled down on the principle of decentralization for the cross-platform API for public health apps — and system-wide contacts tracing which is due to launch next month.

At the time of writing PEPP-PT’s spokesman, Hans-Christian Boos, had not responded to a request for comment on the German government withdrawing support.

Boos previously claimed PEPP-PT had around 40 governments lining up to join the standard. However in recent days the momentum in Europe has been going in the other direction. A number of academic institutions that had initially backed PEPP-PT have also withdrawn support.

In a statement emailed to TechCrunch, the DP-3T project welcomed Germany’s U-turn. “DP-3T is very happy to see that Germany is adopting a decentralized approach to contact tracing and we look forward to its next steps implementing such a technique in a privacy preserving manner,” the group told us.

Berlin’s withdrawal leaves France and the UK the two main regional backers of centralized apps for coronavirus contacts tracing. And while the German U-turn is certainly a hammer blow for the centralized camp in Europe the French government appears solid in its support — at least for now.

France has been developing a centralized coronavirus contacts tracing protocol, called ROBERT, working with Germany’s Fraunhofer Institute and others.

In an opinion issued Sunday, France’s data protection watchdog, the CNIL, did not take active issue with centralizing pseudonymized proximity IDs — saying EU law does not in principle forbid such a system — although the watchdog emphasized the need to minimize the risk of individuals being re-identified.

It’s notable that France’s digital minister, Cédric O, has been applying high profile public pressure to Apple over Bluetooth restrictions — telling Bloomberg last week that Apple’s policy is a blocker to the virus tracker.

Yesterday O was also tweeting to defend the utility of the planned ‘Stop Covid’ app.

« Oui l’application #StopCovid est utile ». Volontaire, anonyme, transparente et temporaire, elle apporte les garanties de protection des libertés individuelles. À la disposition des acteurs sanitaires, elle les aidera dans la lutte contre le #COVID19 https://t.co/12xYG5Z8ZC

— Cédric O (@cedric_o) April 26, 2020

We reached out to France’s digital ministry for comment on Germany’s decision to switch to a decentralized approach but at the time of writing the department had not responded.

In a press release today the government highlights the CNIL view that its approach is compliant with data protection rules, and commits to publishing a data protection impact assessment ahead of launching the app.

If France presses ahead it’s not clear how the country will avoid its app being ignored or abandoned by smartphone users who find it irritating to use. (Although it’s worth noting that Google’s Android platform has a substantial marketshare in the market, with circa 80% vs 20% for iOS, per Kantar.)

A debate in the French parliament tomorrow is due to include discussion of contacts tracing apps.

We’ve also reached out to the UK’s NHSX — which has been developing a COVID-19 contacts tracing app for the UK market — and will update this report with any response.

In a blog post Friday the UK public healthcare unit’s digital transformation division said it’s “working with Apple and Google on their welcome support for tracing apps around the world”, a PR line that entirely sidesteps the controversy around centralized vs decentralized app infrastructures.

The UK has previously been reported to be planning to centralize proximity data — raising questions about the efficacy of its planned app too, given iOS restrictions on background access to Bluetooth.

“As part of our commitment to transparency, we will be publishing the key security and privacy designs alongside the source code so privacy experts can ‘look under the bonnet’ and help us ensure the security is absolutely world class,” the NHSX’s Matthew Gould and Dr Geraint Lewis added in the statement.

Update: The NHSX still hasn’t responded to the questions we sent it this morning about how the app will function but a spokesperson has now told the BBC it intends to push ahead with a centralized approach — and is planning to make use of a workaround to mitigate iOS restrictions by waking up the app in the background every time the phone detects another device running the same software.

Per the BBC: “It then executes some code before returning to a dormant state. This all happens at speed, but there is still an energy impact. By contrast, Apple’s own solution allows the matching to be done without the app having to wake up at all.”

When we followed up with NHSX’s press office to ask why we hadn’t received a response to our questions we were CC’d into another email to additional comms staff, one of whom responded to the group email without realizing our email address was included in the thread — writing: “I thought a line hadn’t been cleared? I checked the NHSEI process earlier and one hadn’t been through there.”

Powered by WPeMatico

Apple and Google update joint coronavirus tracing tech to improve user privacy and developer flexibility

Posted by | Android, Apple, Apps, Bluetooth, Cédric O, contacts tracing, coronavirus, COVID-19, cryptography, dave burke, Europe, european union, France, Germany, Google, Health, privacy, TC | No Comments

Apple and Google have provided a number of updates about the technical details of their joint contact tracing system, which they’re now exclusively referring to as an “exposure notification” technology, since the companies say this is a better way to describe what they’re offering. The system is just one part of a contact tracing system, they note, not the entire thing. Changes include modifications made to the API that the companies say provide stronger privacy protections for individual users, and changes to how the API works that they claim will enable health authorities building apps that make use of it to develop more effective software.

The additional measures being implemented to protect privacy include changing the cryptography mechanism for generating the keys used to trace potential contacts. They’re no longer specifically bound to a 24-hour period, and they’re now randomly generated instead of derived from a so-called “tracing key” that was permanently attached to a device. In theory, with the old system, an advanced enough attack with direct access to the device could potentially be used to figure out how individual rotating keys were generated from the tracing key, though that would be very, very difficult. Apple and Google clarified that it was included for the sake of efficiency originally, but they later realized they didn’t actually need this to ensure the system worked as intended, so they eliminated it altogether.

The new method makes it even more difficult for a would-be bad actor to determine how the keys are derived, and then attempt to use that information to use them to track specific individuals. Apple and Google’s goal is to ensure this system does not link contact tracing information to any individual’s identity (except for the individual’s own use) and this should help further ensure that’s the case.

The companies will now also be encrypting any metadata associated with specific Bluetooth signals, including the strength of signal and other info. This metadata can theoretically be used in sophisticated reverse identification attempts, by comparing the metadata associated with a specific Bluetooth signal with known profiles of Bluetooth radio signal types as broken down by device and device generation. Taken alone, it’s not much of a risk in terms of exposure, but this additional step means it’s even harder to use that as one of a number of vectors for potential identification for malicious use.

It’s worth noting that Google and Apple say this is intended as a fixed length service, and so it has a built-in way to disable the feature at a time to be determined by regional authorities, on a case-by-case basis.

Finally on the privacy front, any apps built using the API will now be provided exposure time in five-minute intervals, with a maximum total exposure time reported of 30 minutes. Rounding these to specific five-minute duration blocks and capping the overall limit across the board helps ensure this info, too, is harder to link to any specific individual when paired with other metadata.

On the developer and health authority side, Apple and Google will now be providing signal strength information in the form of Bluetooth radio power output data, which will provide a more accurate measure of distance between two devices in the case of contact, particularly when used with existing received signal strength info from the corresponding device that the API already provides access to.

Individual developers can also set their own parameters in terms of how strong a signal is and what duration will trigger an exposure event. This is better for public health authorities because it allows them to be specific about what level of contact actually defines a potential contact, as it varies depending on geography in terms of the official guidance from health agencies. Similarly, developers can now determine how many days have passed since an individual contact event, which might alter their guidance to a user (i.e. if it’s already been 14 days, measures would be very different from if it’s been two).

Apple and Google are also changing the encryption algorithm used to AES, from the HMAC system they were previously using. The reason for this switch is that the companies have found that by using AES encryption, which can be accelerated locally using on-board hardware in many mobile devices, the API will be more energy efficiency and have less of a performance impact on smartphones.

As we reported Thursday, Apple and Google also confirmed that they’re aiming to distribute next week the beta seed version of the OS update that will support these devices. On Apple’s side, the update will support any iOS hardware released over the course of the past four years running iOS 13. On the Android side, it would cover around 2 billion devices globally, Android said.

Coronavirus tracing: Platforms versus governments

One key outstanding question is what will happen in the case of governments that choose to use centralized protocols for COVID-19 contact tracing apps, with proximity data uploaded to a central server — rather than opting for a decentralized approach, which Apple and Google are supporting with an API.

In Europe, the two major EU economies, France and Germany, are both developing contact tracing apps based on centralized protocols — the latter planning deep links to labs to support digital notification of COVID-19 test results. The U.K. is also building a tracing app that will reportedly centralize data with the local health authority.

This week Bloomberg reported that the French government is pressuring Apple to remove technical restrictions on Bluetooth access in iOS, with the digital minister, Cedric O, saying in an interview Monday: “We’re asking Apple to lift the technical hurdle to allow us to develop a sovereign European health solution that will be tied our health system.”

While a German-led standardization push around COVID-19 contact tracing apps, called PEPP-PT — that’s so far only given public backing to a centralized protocol, despite claiming it will support both approaches — said last week that it wants to see changes to be made to the Google-Apple API to accommodate centralized protocols.

Asked about this issue an Apple spokesman told us it’s not commenting on the apps/plans of specific countries. But the spokesman pointed back to a position on Bluetooth it set out in an earlier statement with Google — in which the companies write that user privacy and security are “central” to their design.

Judging by the updates to Apple and Google’s technical specifications and API framework, as detailed above, the answer to whether the tech giants will bow to government pressure to support state centralization of proximity social graph data looks to be a strong “no.”

The latest tweaks look intended to reinforce individual privacy and further shrink the ability of outside entities to repurpose the system to track people and/or harvest a map of all their contacts.

The sharpening of the Apple and Google’s nomenclature is also interesting in this regard — with the pair now talking about “exposure notification” rather than “contact tracing” as preferred terminology for the digital intervention. This shift of emphasis suggests they’re keen to avoid any risk of their role being (mis)interpreted as supporting broader state surveillance of citizens’ social graphs, under the guise of a coronavirus response.

Backers of decentralized protocols for COVID-19 contact tracing — such as DP-3T, a key influence for the Apple-Google joint effort that’s being developed by a coalition of European academics — have warned consistently of the risk of surveillance creep if proximity data is pooled on a central server.

Apple and Google’s change of terminology doesn’t bode well for governments with ambitions to build what they’re counter-branding as “sovereign” fixes — aka data grabs that do involve centralizing exposure data. Although whether this means we’re headed for a big standoff between certain governments and Apple over iOS security restrictions — à la Apple vs the FBI — remains to be seen.

Earlier today, Apple and Google’s EU privacy chiefs also took part in a panel discussion organized by a group of European parliamentarians, which specifically considered the question of centralized versus decentralized models for contact tracing.

Asked about supporting centralized models for contact tracing, the tech giants offered a dodge, rather than a clear “no.”

“Our goal is to really provide an API to accelerate applications. We’re not obliging anyone to use it as a solution. It’s a component to help make it easier to build applications,” said Google’s Dave Burke, VP of Android engineering.

“When we build something we have to pick an architecture that works,” he went on. “And it has to work globally, for all countries around the world. And when we did the analysis and looked at different approaches we were very heavily inspired by the DP-3T group and their approach — and that’s what we have adopted as a solution. We think that gives the best privacy preserving aspects of the contacts tracing service. We think it’s also quite rich in epidemiological data that we think can be derived from it. And we also think it’s very flexible in what it could do. [The choice of approach is] really up to every member state — that’s not the part that we’re doing. We’re just operating system providers and we’re trying to provide a thin layer of an API that we think can help accelerate these apps but keep the phone in a secure, private mode of operation.”

“That’s really important for the expectations of users,” Burke added. “They expect the devices to keep their data private and safe. And then they expect their devices to also work well.”

DP-3T’s Michael Veale was also on the panel — busting what he described as some of the “myths” about decentralized contacts tracing versus centralized approaches.

“The [decentralized] system is designed to provide data to epidemiologists to help them refine and improve the risk score — even daily,” he said. “This is totally possible. We can do this using advanced methods. People can even choose to provide additional data if they want to epidemiologists — which is not really required for improving the risk score but might help.”

“Some people think a decentralized model means you can’t have a health authority do that first call [to a person exposed to a risk of infection]. That’s not true. What we don’t do is we don’t tag phone numbers and identities like a centralized model can to the social network. Because that allows misuse,” he added. “All we allow is that at the end of the day the health authority receives a list separate from the network of whose phone number they can call.”

MEP Sophie in ‘t Veld, who organzied the online event, noted at the top of the discussion they had also invited PEPP-PT to join the call but said no one from the coalition had been able to attend the video conference.

Powered by WPeMatico

US patents hit record 333,530 granted in 2019; IBM, Samsung (not the FAANGs) lead the pack

Posted by | 3 D, Amazon, Amazon Technologies Inc., Android, apple inc, AT&T, biotechnology, car, China, Companies, CRISPR, EMC, Germany, Government, Hewlett-Packard Enterprise, huawei, IBM, industries, Japan, lawsuit, Microsoft, mpeg la, Netflix, oracle, Panasonic, patents, printing, Qualcomm, quantum computing, Samsung, Samsung Electronics, south korea, technology trends, telecommunications, United States | No Comments

We may have moved on from a nearly-daily cycle of news involving tech giants sparring in courts over intellectual property infringement, but patents continue to be a major cornerstone of how companies and people measure their progress and create moats around the work that they have done in hopes of building that into profitable enterprises in the future. IFI Claims, a company that tracks patent activity in the US, released its annual tally of IP work today underscoring that theme: it noted that 2019 saw a new high-watermark of 333,530 patents granted by the US Patent and Trademark Office.

The figures are notable for a few reasons. One is that this is the most patents ever granted in a single year; and the second that this represents a 15% jump on a year before. The high overall number speaks to the enduring interest in safeguarding IP, while the 15% jump has to do with the fact that patent numbers actually dipped last year (down 3.5%) while the number that were filed and still in application form (not granted) was bigger than ever. If we can draw something from that, it might be that filers and the USPTO were both taking a little more time to file and process, not a reduction in the use of patents altogether.

But patents do not tell the whole story in another very important regard.

Namely, the world’s most valuable, and most high profile tech companies are not always the ones that rank the highest in patents filed.

Consider the so-called FAANG group, Facebook, Apple, Amazon, Netflix and Google: Facebook is at number-36 (one of the fastest movers but still not top 10) with 989 patents; Apple is at number-seven with 2,490 patents; Amazon is at number-nine with 2,427 patents; Netflix doesn’t make the top 50 at all; and the Android, search and advertising behemoth Google is merely at slot 15 with 2,102 patents (and no special mention for growth).

Indeed, the fact that one of the oldest tech companies, IBM, is also the biggest patent filer almost seems ironic in that regard.

As with previous years — the last 27, to be exact — IBM has continued to hold on to the top spot for patents granted, with 9,262 in total for the year. Samsung Electronics, at 6,469, is a distant second.

These numbers, again, don’t tell the whole story: IFI Claims notes that Samsung ranks number-one when you consider all active patent “families”, which might get filed across a number of divisions (for example a Samsung Electronics subsidiary filing separately) and count the overall number of patents to date (versus those filed this year). In this regard, Samsung stands at 76,638, with IBM the distant number-two at 37,304 patent families.

Part of this can be explained when you consider their businesses: Samsung makes a huge range of consumer and enterprise products. IBM, on the other hand, essentially moved out of the consumer electronics market years ago and these days mostly focuses on enterprise and B2B and far less hardware. That means a much smaller priority placed on that kind of R&D, and subsequent range of families.

Two other areas that are worth tracking are biggest movers and technology trends.

In the first of these, it’s very interesting to see a car company rising to the top. Kia jumped 58 places and is now at number-41 (921 patents) — notable when you think about how cars are the next “hardware” and that we are entering a pretty exciting phase of connected vehicles, self-driving and alternative energy to propel them.

Others rounding out fastest-growing were Hewlett Packard Enterprise, up 28 places to number-48 (794 patents); Facebook, up 22 places to number-36 (989 patents); Micron Technology, up nine places to number-25 (1,268), Huawei, up six places to number-10 (2,418), BOE Technology, up four places to number-13 (2,177), and Microsoft, up three places to number-4 (3,081 patents).

In terms of technology trends, IFI looks over a period of five years, where there is now a strong current of medical and biotechnology innovation running through the list right now, with hybrid plant creation topping the list of trending technology, followed by CRISPR gene-editing technology, and then medicinal preparations (led by cancer therapies). “Tech” in the computer processor sense only starts at number-four with dashboards and other car-related tech; with quantum computing, 3-D printing and flying vehicle tech all also featuring.

Indeed, if you have wondered if we are in a fallow period of innovation in mobile, internet and straight computer technology… look no further than this list to prove out that thought.

Unsurprisingly, US companies account for 49% of U.S. patents granted in 2019 up from 46 percent a year before. Japan accounts for 16% to be the second-largest, with South Korea at 7% (Samsung carrying a big part of that, I’m guessing), and China passing Germany to be at number-four with 5%.

  1. International Business Machines Corp 9262
  2. Samsung Electronics Co Ltd 6469
  3. Canon Inc 3548
  4. Microsoft Technology Licensing LLC 3081
  5. Intel Corp 3020
  6. LG Electronics Inc 2805
  7. Apple Inc 2490
  8. Ford Global Technologies LLC 2468
  9. Amazon Technologies Inc 2427
  10. Huawei Technologies Co Ltd 2418
  11. Qualcomm Inc 2348
  12. Taiwan Semiconductor Manufacturing Co TSMC Ltd 2331
  13. BOE Technology Group Co Ltd 2177
  14. Sony Corp 2142
  15. Google LLC 2102
  16. Toyota Motor Corp 2034
  17. Samsung Display Co Ltd 1946
  18. General Electric Co 1818
  19. Telefonaktiebolaget LM Ericsson AB 1607
  20. Hyundai Motor Co 1504
  21. Panasonic Intellectual Property Management Co Ltd 1387
  22. Boeing Co 1383
  23. Seiko Epson Corp 1345
  24. GM Global Technology Operations LLC 1285
  25. Micron Technology Inc 1268
  26. United Technologies Corp 1252
  27. Mitsubishi Electric Corp 1244
  28. Toshiba Corp 1170
  29. AT&T Intellectual Property I LP 1158
  30. Robert Bosch GmbH 1107
  31. Honda Motor Co Ltd 1080
  32. Denso Corp 1052
  33. Cisco Technology Inc 1050
  34. Halliburton Energy Services Inc 1020
  35. Fujitsu Ltd 1008
  36. Facebook Inc 989
  37. Ricoh Co Ltd 980
  38. Koninklijke Philips NV 973
  39. EMC IP Holding Co LLC 926
  40. NEC Corp 923
  41. Kia Motors Corp 921
  42. Texas Instruments Inc 894
  43. LG Display Co Ltd 865
  44. Oracle International Corp 847
  45. Murata Manufacturing Co Ltd 842
  46. Sharp Corp 819
  47. SK Hynix Inc 798
  48. Hewlett Packard Enterprise Development LP 794
  49. Fujifilm Corp 791
  50. LG Chem Ltd 791

Powered by WPeMatico

Cherry goes downmarket with its new Viola mechanical keyboard switches

Posted by | CES 2020, cherry, Gadgets, Germany, hardware, mechanical keyboards, mx, viola | No Comments

Cherry has long been the de facto standard for mechanical keyboard switches. Since mechanical keyboards are, almost by default, significantly more expensive than membrane or dome-switch keyboards, that has kept the company out of a large part of the market. Now, on the last day of CES 2020, the company is launching its new Viola switch, the company’s first fully mechanical switch for the value market, meant for keyboards that will cost somewhere between $50 and $100.

As the Cherry team told me ahead of today’s announcement, its engineers spent well over a year on designing this new switch, which only has a handful of parts and which moves some of the complexity into the circuit board on the keyboard itself. A lot of the work went into designing the new self-cleaning contact system (which the company quickly patented) and to ensure that the switches’ materials would be able to handle regular use despite the simplicity of the design.

Because of this new design, the new Viola switches are now hot-swappable, so if one ever goes bad, swapping in a new one shouldn’t take more than a few seconds. And because the company stuck with the same industry-standard cross-stem design for attaching keycaps, keyboard manufacturers can reuse their existing designs, too.

Like most new switches, the Cherry Viola supports LED lighting, which in the case of this new design can be mounted right on the circuit board of the keyboard.

If you’re a keyboard aficionado, you won’t confuse the new Viola switch with any of Cherry’s high-end MX switches. For a lot of users who want a mechanical keyboard at a value price, this looks like it’ll be a great option.

I didn’t get a chance to spend a lot of time with the new switches, but as best as I could tell, the current version resembles a quiet MX Brown switch. Cherry itself discourages any comparisons, though. Even the name is clearly meant to remove any confusion that this switch is part of the MX series. And while Cherry has plans to offer similar switch variants as the MX Black, Brown, Blue and Red, it won’t recycle those colors for those switches either. While the company tells me it isn’t all that worried about the new switches cannibalizing the MX market, it’s not leaving that to chance either.

One major difference with the Viola switches is that Cherry isn’t giving any guarantee for how many keystrokes they will withstand — at least not yet. The company tells me it may give some guidance at a later point.

Like all other Cherry switches, the Viola switches are built in the company’s factory in Germany and all of its suppliers, too, are building their products in the country as well.

For the MX switches, though, the company is now raising its guarantee from 50 million keystrokes (which was already a lot) to 100 million. Some pro-gamers actually reach those numbers (and the switches usually continue to function well beyond that), but for everybody else, it’s just an assurance that the company stands behind its products. To achieve this, the team made some minor adjustments to switches and especially the guide rails on the inside of the switch housing. That won’t change the actual typing experience, though.

The first keyboards with the 100-million MX switches are already available, and the first Viola keyboards will become available soon.

CES 2020 coverage - TechCrunch

Powered by WPeMatico

Microsoft’s HoloLens 2 starts shipping

Posted by | augmented reality, Australia, barcelona, Canada, China, Computer Vision, computing, France, Gadgets, Germany, hardware, head-mounted displays, holography, hololens 2, ireland, Japan, machine learning, Microsoft, microsoft hardware, Microsoft HoloLens, Microsoft Ignite 2019, mixed reality, New Zealand, United Kingdom, Windows 10 | No Comments

Earlier this year, at Mobile World Congress in Barcelona, Microsoft announced the second generation of its HoloLens augmented reality visor. Today, the $3,500 HoloLens 2 is going on sale in the United States, Japan, China, Germany, Canada, United Kingdom, Ireland, France, Australia and New Zealand, the same countries where it was previously available for pre-order.

Ahead of the launch, I got to spend some time with the latest model after a brief demo in Barcelona earlier this year. Users will immediately notice the larger field of view, which still doesn’t cover your full field of view, but offers a far better experience compared to the first version (where you often felt like you were looking at the virtual objects through a stamp-sized window).

The team also greatly enhanced the overall feel of wearing the device. It’s not light, at 1.3 pounds, but with the front visor that flips up and the new mounting system it is far more comfortable.

In regular use, existing users will also immediately notice the new gestures for opening the Start menu (this is Windows 10, after all). Instead of a “bloom” gesture, which often resulted in false positives, you now simply tap on the palm of your hand, where a Microsoft logo now appears when you look at it.

Eye tracking, too, has been greatly improved and works well, even over large distances, and the new machine learning model also does a far better job at tracking all of your fingers. All of this is powered by a lot of custom hardware, including Microsoft’s second-generation “holographic processing unit.”

Microsoft has also enhanced some of the cloud tools it built for HoloLens, including Azure Spatial Anchors, which allow for persistent holograms in a given space that anybody else who is using a holographic app can then see in the same spot.

Taken together, all of the changes result in a more comfortable and smarter device, with reduced latency when you look at the various objects around you and interact with them.

Powered by WPeMatico

Germany says it won’t ban Huawei or any 5G supplier up front

Posted by | 5g, 5g security, angela merkel, China, Europe, european union, Germany, huawei, Mobile, mobile technology, Security, telecommunications | No Comments

Germany is resisting US pressure to shut out Chinese tech giant Huawei from its 5G networks — saying it will not ban any supplier for the next-gen mobile networks on an up front basis, per Reuters.

“Essentially our approach is as follows: We are not taking a pre-emptive decision to ban any actor, or any company,” government spokesman, Steffen Seibert, told a news conference in Berlin yesterday.

The country’s Federal Network Agency is slated to be publishing detailed security guidance on the technical and governance criteria for 5G networks in the next few days.

The next-gen mobile technology delivers faster speeds and lower latency than current-gen cellular technologies, as well as supporting many more connections per cell site. So it’s being viewed as the enabling foundation for a raft of futuristic technologies — from connected and autonomous vehicles to real-time telesurgery.

But increased network capabilities that support many more critical functions means rising security risk. The complexity of 5G networks — marketed by operators as “intelligent connectivity” — also increases the surface area for attacks. So future network security is now a major geopolitical concern.

German business newspaper Handelsblatt, which says it has reviewed a draft of the incoming 5G security requirements, reports that chancellor Angela Merkel stepped in to intervene to exclude a clause which would have blocked Huawei’s market access — fearing a rift with China if the tech giant is shut out.

Earlier this year it says the federal government pledged the highest possible security standards for regulating next-gen mobile networks, saying also that systems should only be sourced from “trusted suppliers”. But those commitments have now been watered down by economic considerations at the top of the German government.

The decision not to block Huawei’s access has attracted criticism within Germany, and flies in the face of continued US pressure on allies to ban the Chinese tech giant over security and espionage risks.

The US imposed its own export controls on Huawei in May.

A key concern attached to Huawei is that back in 2017 China’s Communist Party passed a national intelligence law which gives the state swingeing powers to compel assistance from companies and individuals to gather foreign and domestic intelligence.

For network operators outside China the problem is Huawei has the lead as a global 5G supplier — meaning any ban on it as a supplier would translate into delays to network rollouts. Years of delay and billions of dollars of cost to 5G launches, according to warnings by German operators.

Another issue is that Huawei’s 5G technology has also been criticized on security grounds.

A report this spring by a UK oversight body set up to assess the company’s approach to security was damning — finding “serious and systematic defects” in its software engineering and cyber security competence.

Though a leak shortly afterwards from the UK government suggested it would allow Huawei partial access — to supply non-core elements of networks.

An official UK government decision on Huawei has been delayed, causing ongoing uncertainty for local carriers. In the meanwhile a government review of the telecoms supply chain this summer called for tougher security standards and updated regulations — with major fines for failure. So it’s possible that stringent UK regulations might sum to a de facto ban if Huawei’s approach to security isn’t seen to take major steps forward soon.

According to Handelsblatt’s report, Germany’s incoming guidance for 5G network operators will require carriers identify critical areas of network architecture and apply an increased level of security. (Although it’s worth pointing out there’s ongoing debate about how to define critical/core network areas in 5G networks.)

The Federal Office for Information Security (BSI) will be responsible for carrying out security inspections of networks.

Last week a pan-EU security threat assessment of 5G technology highlighted risks from “non-EU state or state-backed actors” — in a coded jab at Huawei.

The report also flagged increased security challenges attached to 5G vs current gen networks on account of the expanded role of software in the networks and apps running on 5G. And warned of too much dependence on individual 5G suppliers, and of operators relying overly on a single supplier.

Shortly afterwards the WSJ obtained a private risk assessment by EU governments — which appears to dial up regional concerns over Huawei, focusing on threats linked to 5G providers in countries with “no democratic and legal restrictions in place”.

Among the discussed risks in this non-public report are the insertion of concealed hardware, software or flaws into 5G networks; and the risk of uncontrolled software updates, backdoors or undocumented testing features left in the production version of networking products.

“These vulnerabilities are not ones which can be remedied by making small technical changes, but are strategic and lasting in nature,” a source familiar with the discussions told the WSJ — which implies that short term economic considerations risk translating into major strategic vulnerabilities down the line.

5G alternatives are in short supply, though.

US Senator Mark Warner recently floated the idea of creating a consortium of ‘Five Eyes’ allies — aka the U.S., Australia, Canada, New Zealand and the UK — to finance and build “a Western open-democracy type equivalent” to Huawei.

But any such move would clearly take time, even as Huawei continues selling services around the world and embedding its 5G kit into next-gen networks.

Powered by WPeMatico

Google brings its Jacquard wearables tech to Levi’s Trucker Jacket

Posted by | Android, Australia, Clothing, Fashion, France, Gadgets, Germany, Google, Google ATAP, hardware, Italy, jacket, Jacquard, Japan, noise cancelling, TC, United Kingdom, United States, Wearables | No Comments

Back in 2015, Google’s ATAP team demoed a new kind of wearable tech at Google I/O that used functional fabrics and conductive yarns to allow you to interact with your clothing and, by extension, the phone in your pocket. The company then released a jacket with Levi’s in 2017, but that was expensive, at $350, and never really quite caught on. Now, however, Jacquard is back. A few weeks ago, Saint Laurent launched a backpack with Jacquard support, but at $1,000, that was very much a luxury product. Today, however, Google and Levi’s are announcing their latest collaboration: Jacquard-enabled versions of Levi’s Trucker Jacket.

These jackets, which will come in different styles, including the Classic Trucker and the Sherpa Trucker, and in men’s and women’s versions, will retail for $198 for the Classic Trucker and $248 for the Sherpa Trucker. In addition to the U.S., it’ll be available in Australia, France, Germany, Italy, Japan and the U.K.

The idea here is simple and hasn’t changed since the original launch: a dongle in your jacket’s cuff connects to conductive yarns in your jacket. You can then swipe over your cuff, tap it or hold your hand over it to issue commands to your phone. You use the Jacquard phone app for iOS or Android to set up what each gesture does, with commands ranging from saving your location to bringing up the Google Assistant in your headphones, from skipping to the next song to controlling your camera for selfies or simply counting things during the day, like the coffees you drink on the go. If you have Bose noise-canceling headphones, the app also lets you set a gesture to turn your noise cancellation on or off. In total, there are currently 19 abilities available, and the dongle also includes a vibration motor for notifications.

2019 09 30 0946 1

What’s maybe most important, though, is that this (re-)launch sets up Jacquard as a more modular technology that Google and its partners hope will take it from a bit of a gimmick to something you’ll see in more places over the next few months and years.

“Since we launched the first product with Levi’s at the end of 2017, we were focused on trying to understand and working really hard on how we can take the technology from a single product […] to create a real technology platform that can be used by multiple brands and by multiple collaborators,” Ivan Poupyrev, the head of Jacquard by Google told me. He noted that the idea behind projects like Jacquard is to take things we use every day, like backpacks, jackets and shoes, and make them better with technology. He argued that, for the most part, technology hasn’t really been added to these things that we use every day. He wants to work with companies like Levi’s to “give people the opportunity to create new digital touchpoints to their digital life through things they already have and own and use every day.”

What’s also important about Jacquard 2.0 is that you can take the dongle from garment to garment. For the original jacket, the dongle only worked with this one specific type of jacket; now, you’ll be able to take it with you and use it in other wearables as well. The dongle, too, is significantly smaller and more powerful. It also now has more memory to support multiple products. Yet, in my own testing, its battery still lasts for a few days of occasional use, with plenty of standby time.

jacquard dongle

Poupyrev also noted that the team focused on reducing cost, “in order to bring the technology into a price range where it’s more attractive to consumers.” The team also made lots of changes to the software that runs on the device and, more importantly, in the cloud to allow it to configure itself for every product it’s being used in and to make it easier for the team to add new functionality over time (when was the last time your jacket got a software upgrade?).

He actually hopes that over time, people will forget that Google was involved in this. He wants the technology to fade into the background. Levi’s, on the other hand, obviously hopes that this technology will enable it to reach a new market. The 2017 version only included the Levi’s Commuter Trucker Jacket. Now, the company is going broader with different styles.

“We had gone out with a really sharp focus on trying to adapt the technology to meet the needs of our commuter customer, which a collection of Levi’s focused on urban cyclists,” Paul Dillinger, the VP of Global Product Innovation at Levi’s, told me when I asked him about the company’s original efforts around Jacquard. But there was a lot of interest beyond that community, he said, yet the built-in features were very much meant to serve the needs of this specific audience and not necessarily relevant to the lifestyles of other users. The jackets, of course, were also pretty expensive. “There was an appetite for the technology to do more and be more accessible,” he said — and the results of that work are these new jackets.

IMG 20190930 102524

Dillinger also noted that this changes the relationship his company has with the consumer, because Levi’s can now upgrade the technology in your jacket after you bought it. “This is a really new experience,” he said. “And it’s a completely different approach to fashion. The normal fashion promise from other companies really is that we promise that in six months, we’re going to try to sell you something else. Levi’s prides itself on creating enduring, lasting value in style and we are able to actually improve the value of the garment that was already in the consumer’s closet.”

I spent about a week with the Sherpa jacket before today’s launch. It does exactly what it promises to do. Pairing my phone and jacket took less than a minute and the connection between the two has been perfectly stable. The gesture recognition worked very well — maybe better than I expected. What it can do, it does well, and I appreciate that the team kept the functionality pretty narrow.

Whether Jacquard is for you may depend on your lifestyle, though. I think the ideal user is somebody who is out and about a lot, wearing headphones, given that music controls are one of the main features here. But you don’t have to be wearing headphones to get value out of Jacquard. I almost never wear headphones in public, but I used it to quickly tag where I parked my car, for example, and when I used it with headphones, I found using my jacket’s cuffs easier to forward to the next song than doing the same on my headphones. Your mileage may vary, of course, and while I like the idea of using this kind of tech so you need to take out your phone less often, I wonder if that ship hasn’t sailed at this point — and whether the controls on your headphones can’t do most of the things Jacquard can. Google surely wants Jacquard to be more than a gimmick, but at this stage, it kind of still is.

IMG 20190930 104137IMG 20190930 104137

Powered by WPeMatico