Security experts have concerns about Apple and Google contact tracing

Posted:
in General Discussion edited April 2020
Apple and Google are working on a Bluetooth contact tracing system that could help track and possibly reduce the spread of COVID-19. But security experts that AppleInsider have spoken to express concerns about privacy and execution, which could undermine its effectiveness.

Security experts and cryptographers have lingering concerns about the privacy and security of COVID-19 contact tracing. Credit: Brian McGowan
Security experts and cryptographers have lingering concerns about the privacy and security of COVID-19 contact tracing. Credit: Brian McGowan


Both Apple and Google have made it clear that they are focused on coronavirus-tracking technology with privacy and security in mind. But, there are inherent limitations to Bluetooth which Apple and Google can't mitigate, compounded by concerns about the third parties that would be handling data collected through the systems.

For users relatively unconcerned about data privacy, or for those willing to sacrifice some of theirs to help stop a pandemic, that's not a problem. On the other hand, trust in the privacy and security protocols of mobile contact tracing, particularly voluntary ones, is going to be absolutely critical in convincing people to use it. Even though it's not going to be a cure-all, the system has some major hurdles to overcome and questions to answer before it can help.

Privacy and security issues

A slide deck explaining how the Apple and Google system work.
A slide deck explaining how the Apple and Google system work.


The system is actually an API that unlocks certain Bluetooth-related functionality for apps using it, including the ability to run Bluetooth tracing in the background. When it comes to privacy, Apple and Google have taken steps to anonymize users and avoid the mass collection of location and other data, such as changing the unique Bluetooth identifier every 10 to 15 minutes. But even then, the system isn't necessarily designed to be completely anonymous.

For example, these rolling proximity identifiers are only private until someone tests positive for COVID-19. After that, a device identifier becomes linkable and the system will send a copy of its cryptographic keys to all of the devices which came into close proximity with it.

As an example of how this can be leveraged by a bad actor, former Federal Trade Commission technologist Ashkan Soltani gave an example of a so-called "linkage attack" which could reveal the identity of someone who is COVID-19 positive.

"By design, your smartphone will broadcast a rotating unique identifier (via Bluetooth) every few minutes (the rolling proximity identifier) to anyone within range," Soltani told AppleInsider. That means there aren't any granular controls for users to avoid this, beyond not using the system.

Someone with a Bluetooth sniffer and a video camera could collect pairs of photos and rolling identifiers in a public place, Soltani explains. If one of those people tests positive for COVID-19, the attacker could pair their diagnosis keys with the pictures and rolling identifiers.

Soltani adds that a well-resourced attacker, like a retail location tracking company, could expand this tactic to a wider scale -- potentially allowing them to track a person's wider movement patterns. The researcher previously wrote about the privacy considerations of retail tracking for the FTC.

The ability for advertising technology (adtech) and retail tracking companies to identify people with COVID-19 was echoed by cryptographer and Signal app creator Moxie Marlinspike. Because devices with a contract tracing app installed will get a log of daily identifiers, a user's device could become linkable once they receive a positive diagnosis. Essentially, the system is only private until a positive diagnosis.

"At that point adtech (at minimum) probably knows who you are, where you've been, and that you are (COVID positive)," Marlinspike wrote. He says it takes Bluetooth privacy a "step back."

Another important point is that the Apple and Google API, as it stands, is not necessarily the end implementation. Instead, it's a framework for use by developers. In this case, those developers are going to be public health organizations.

Because of that, the privacy and security of the system really comes down to trust in the developers of mobile contact tracing apps, according to Sergio Caltagirone, vice president of threat intelligence at cybersecurity firm Dragos. Caltagirone told AppleInsider that the cryptographic specification provided by Apple and Google "simply states that the implementation must not store or correlate data but provides no additional controls -- a lot of trust when it comes to public health data and the potential for misuse."

In his security experience, he said a common exercise is to take any specification and search for the words "must" or "may" and then ask "what if it didn't?" Caltagirone calls it "faith-based" privacy, rather than cryptographically guaranteed privacy.

There are already signs that some public health groups aren't fond of the Apple and Google restrictions. The UK's National Health Service, for example, is reportedly in a "standoff" with the two companies because it wants to create a centralized database of identifiers. That's something that Apple and Google are barring organizations from doing.

Additionally, Soltani added that organizations can "design (their) app to collect any added info they think" people will consent to.

Practically, that means that although the Apple and Google API is "privacy-preserving," the actual contact tracing apps that health organizations develop may collect data in a way that isn't.

"Bluetooth contact tracing is a vast improvement over location tracking with GPS or cell site information, but it still needs strong privacy and security safeguards," Electronic Frontier Foundation General Counsel Kurt Opsahl said in a statement to AppleInsider. Echoing Soltani, Opsahl said that the Apple and Google framework is just "one part of the equation" and that "we also need privacy safeguards with the public health proximity apps that interact with this API."

Since these safeguards need to be implemented at the app and health organization level, they're not necessarily something that Apple and Google can guarantee.

Effectiveness of Bluetooth contact tracing

An illustration of Bluetooth contact tracing. Credit: MIT
An illustration of Bluetooth contact tracing. Credit: MIT


The inherent risks of Bluetooth and unanswered questions about health data collection could undermine what is ultimately the most important part of mobile contract tracing: adoption.

For this type of contact tracing to be effective, it needs to be widely adopted by a population. Some experts, like contact tracing research group Covid Watch, float a 60% statistic for its efficacy to be worthwhile.

Apple and Google have barred third parties from making the app mandatory, which means that users will need to voluntarily download it. Whether they will may really come down to how the tech giants and health organization set up their app, as well as the privacy and security promises they make.

Some lawmakers and regulators are already raising questions about whether they can get the public's trustin the U.S. and Europe.

With disparate figures and organizations ranging from the American Civil Liberties Union to President Donald Trump casting doubt about the system, there's a real concern whether enough users will trust it to actually download and install it on their devices.

Ben Adida, a cryptography and information security researcher, is much more optimistic about the protocol than others. In a Twitter thread, he says it solves a lot of problems with other tracing surveillance and proposals, and that some kind of "properly tuned incentives" may be enough to see the right adoption rate.

Of course, there are also some real concerns about the efficacy of mobile contract tracing in its current forms. Jason Day, the product lead for Singapore's TraceTogether contact tracing app, said that it isn't going to be a replacement for manual contact tracing.

"If you ask me whether any Bluetooth contact tracing system deployed or under development, anywhere in the world, is ready to replace manual contact tracing, I will say without qualification that the answer is, No," he wrote in a Medium post.

There are unanswered questions about the effectiveness of Singapore's contact tracing methods. It's important to note that TraceTogether deployed without the Apple and Google API, meaning it could only work when the app was running in the foreground.

Even with that problem solved by the new Bluetooth framework, there are other issues without easy solutions. Mobile contact tracing also isn't going to cover those who don't have smartphones, such as children and the elderly, Soltani added in a tweet. Because it's proximity-based, it could also create false contact positives in dense living spaces like apartments.

And in certain countries, like the U.S., the primary hurdle beyond adoption is likely to be availability of testing. The Apple and Google API seems dependent on whether a person can receive a diagnosis from a public health official. While that cuts down on the risk of trolling, it raises a big question about whether enough testing is available for it to even work.

As cryptographer and ZCash Foundation engineer Deidre Connolly points out, the U.S. is simply not currently prepared to ramp up to the kind of testing that the Apple and Google API would require to be effective.

In case it wasn't clear, _all_ these contact notification proposals are tools to be used to assist contact tracing, and effective contact tracing _requires testing capacity_.

They cannot be deployed in the US _today_, because our current testing capacity is low. https://t.co/4HomuAEOoA

-- Deirdre Connolly (@durumcrustulum)


Of course, despite these privacy and effectiveness concerns, the Apple and Google system could still be part of a broader solution to stop COVID-19, along with sufficient testing and measures like social distancing.

Whether that turns out to be the case will hinge on whether Apple, Google and public health groups are able to convince enough people to download and use it. Ultimately, that job may not be Apple's and Google's.

Without a concentrated, transparent, and trustworthy effort from all of those involved -- including the public -- mobile contract tracing will just end up being wishful thinking.
«1

Comments

  • Reply 1 of 31
    gatorguygatorguy Posts: 24,176member
    Apple and Google are working on a Bluetooth contact tracing system that could help track and possibly reduce the spread of COVID-19. But security experts that AppleInsider have spoken to express concerns about privacy and execution, which could undermine its effectivenessompletely anonymous.

    As an example of how this can be leveraged by a bad actor, former Federal Trade Commission technologist Ashkan Soltani gave an example of a so-called "linkage attack" which could reveal the identity of someone who is COVID-19 positive.

    "By design, your smartphone will broadcast a rotating unique identifier (via Bluetooth) every few minutes (the rolling proximity identifier) to anyone within range," Soltani told AppleInsider. That means there's no granular controls for users to avoid this, beyond not using the system.

    Someone with a Bluetooth sniffer and a video camera could collect pairs of photos and rolling identifiers in a public place, Soltani explains. If one of those people tests positive for COVID-19, the attacker could pair their diagnosis keys with the pictures and rolling identifiers."
    Seriously? That's considered a real and rational threat, a guy hiding in the bushes taking pictures of everyone passing by while sniffing their rotating bluetooth identifier, then cataloging those thousands of picture and timestamps and looking thru them hoping to find a match if someone tests positive? O.M.G. 

    If I ever test positive I won't be trying to hide it from anyone who might need to know in order to protect their own health. 
    edited April 2020 CyclisteelijahgmjtomlinGeorgeBMacbuttesilverlarryjwmdriftmeyerbraytonak
  • Reply 2 of 31
    And the bad actor also needs to expose himself to C19 by being out and about. You'd really better want that info to risk your life since no one can get PPE. 
    GeorgeBMac
  • Reply 3 of 31
    chaickachaicka Posts: 257member
    Singapore's TraceTogether app which is developed by Government Technology Agency (GovTech) and based on BlueTrace protocol, now open-sourced and available on tech.gov.sg. It will be great if Apple is able to reach out to GovTech and explore how the now open-sourced BlueTrace can be better optimised or merge into Apple-Google's API so that it is a win-win for all 3 parties, and perhaps the first real-world implementation in a nation ready to benefit from the 'run in background' mode. Now is a good time to do so as Singapore is experiencing an increase in cases which are difficult to trace.

    While Apple-Google API is facing challenges in several nations, Singapore is a ready-to-tap nation and right time. @Apple, please kindly see how you can help. ;)
    edited April 2020 GeorgeBMacwatto_cobra
  • Reply 4 of 31
    maltzmaltz Posts: 453member
    gatorguy said:
    Apple and Google are working on a Bluetooth contact tracing system that could help track and possibly reduce the spread of COVID-19. But security experts that AppleInsider have spoken to express concerns about privacy and execution, which could undermine its effectivenessompletely anonymous.

    As an example of how this can be leveraged by a bad actor, former Federal Trade Commission technologist Ashkan Soltani gave an example of a so-called "linkage attack" which could reveal the identity of someone who is COVID-19 positive.

    "By design, your smartphone will broadcast a rotating unique identifier (via Bluetooth) every few minutes (the rolling proximity identifier) to anyone within range," Soltani told AppleInsider. That means there's no granular controls for users to avoid this, beyond not using the system.

    Someone with a Bluetooth sniffer and a video camera could collect pairs of photos and rolling identifiers in a public place, Soltani explains. If one of those people tests positive for COVID-19, the attacker could pair their diagnosis keys with the pictures and rolling identifiers."
    Seriously? That's considered a real and rational threat, a guy hiding in the bushes taking pictures of everyone passing by while sniffing their rotating bluetooth identifier, then cataloging those thousands of picture and timestamps and looking thru them hoping to find a match if someone tests positive? O.M.G. 

    If I ever test positive I won't be trying to hide it from anyone who might need to know in order to protect their own health. 

    I have yet to see a peep about the FAR more likely attack:  People trolling the system claiming to be infected when they're not, sending alerts to dozens or hundreds (or more) of people they've been near in the last two weeks.
    GeorgeBMacbuttesilverbraytonakwatto_cobra
  • Reply 5 of 31
    mjtomlinmjtomlin Posts: 2,673member
    maltz said:
    gatorguy said:
    Apple and Google are working on a Bluetooth contact tracing system that could help track and possibly reduce the spread of COVID-19. But security experts that AppleInsider have spoken to express concerns about privacy and execution, which could undermine its effectivenessompletely anonymous.

    As an example of how this can be leveraged by a bad actor, former Federal Trade Commission technologist Ashkan Soltani gave an example of a so-called "linkage attack" which could reveal the identity of someone who is COVID-19 positive.

    "By design, your smartphone will broadcast a rotating unique identifier (via Bluetooth) every few minutes (the rolling proximity identifier) to anyone within range," Soltani told AppleInsider. That means there's no granular controls for users to avoid this, beyond not using the system.

    Someone with a Bluetooth sniffer and a video camera could collect pairs of photos and rolling identifiers in a public place, Soltani explains. If one of those people tests positive for COVID-19, the attacker could pair their diagnosis keys with the pictures and rolling identifiers."
    Seriously? That's considered a real and rational threat, a guy hiding in the bushes taking pictures of everyone passing by while sniffing their rotating bluetooth identifier, then cataloging those thousands of picture and timestamps and looking thru them hoping to find a match if someone tests positive? O.M.G. 

    If I ever test positive I won't be trying to hide it from anyone who might need to know in order to protect their own health. 

    I have yet to see a peep about the FAR more likely attack:  People trolling the system claiming to be infected when they're not, sending alerts to dozens or hundreds (or more) of people they've been near in the last two weeks.

    Yeah. Goin gout on a limb here, but I'm sure there is something in place that prevents that from happening. Like say you have to enter information about your test result (serial number) in the app, and it is verified before you're able to upload your data. Or once you get your results back, a doctor has to set it up so you can update the app with the results, etc.

    That's two things off the top of my head... I'm sure Apple and Google have thought of many, many more ways to prevent that from happening.
    edited April 2020 muthuk_vanalingamwatto_cobra
  • Reply 6 of 31
    mjtomlinmjtomlin Posts: 2,673member

    gatorguy said:
    Apple and Google are working on a Bluetooth contact tracing system that could help track and possibly reduce the spread of COVID-19. But security experts that AppleInsider have spoken to express concerns about privacy and execution, which could undermine its effectivenessompletely anonymous.

    As an example of how this can be leveraged by a bad actor, former Federal Trade Commission technologist Ashkan Soltani gave an example of a so-called "linkage attack" which could reveal the identity of someone who is COVID-19 positive.

    "By design, your smartphone will broadcast a rotating unique identifier (via Bluetooth) every few minutes (the rolling proximity identifier) to anyone within range," Soltani told AppleInsider. That means there's no granular controls for users to avoid this, beyond not using the system.

    Someone with a Bluetooth sniffer and a video camera could collect pairs of photos and rolling identifiers in a public place, Soltani explains. If one of those people tests positive for COVID-19, the attacker could pair their diagnosis keys with the pictures and rolling identifiers."
    Seriously? That's considered a real and rational threat, a guy hiding in the bushes taking pictures of everyone passing by while sniffing their rotating bluetooth identifier, then cataloging those thousands of picture and timestamps and looking thru them hoping to find a match if someone tests positive? O.M.G. 

    If I ever test positive I won't be trying to hide it from anyone who might need to know in order to protect their own health. 

    Right?!?!

    Another question... How do they know who's positive or not? That information is not transmitted over Bluetooth. Even IF they somehow had access to a centralized database, that identifier they "sniff" won't be in it, chances are it was created way after the infected person uploaded their original identifiers when they tested positive.
    watto_cobra
  • Reply 7 of 31
    GeorgeBMacGeorgeBMac Posts: 11,421member
    It is absolutely true that, to actually control this virus we need double, triple or even quadruple the testing we are capable of doing today -- without it there is no way to identify an infectious person walking around infecting others.

    But, for security:  We already gave away any security when the Patriot Act was signed.

    Today we face a far more formidable opponent than al Quaeda.   We need wide spread community testing (especially critical personnel dealing with the public) and contact tracing -- followed by getting the infectious off of our streets and out of our stores and businesses.

    If Apple & Google can't do it properly then we should ask China or Korea for help -- because they've been doing it successfully for months.
    larryjwmuthuk_vanalingam
  • Reply 8 of 31
    eideardeideard Posts: 428member
    Phew!  So nice to land somewhere with reasonable, informed adult minds involved in discussion.  Our (NM) governor held a safe, accessible press conference the other day and I wandered over to Twitter to give her a couple of kudos...and stumbled into a vile shitstorm of fools.  Apparently, the dregs leftover from John Birch Society fronts have decided sheltering and other methodologies with a useful history are a subversive leftwing plot.

    I couldn't help myself.  I wasted 5 minutes hollering at the ignoranus brigade before realizing they weren't worth recognizing much less responding to.

    Just another reason why the world of geeks and our own flavors of left and right are still preferable to the crap minds thriving in "mainstream" America.

    All right.  I apologize for being long-winded.  Just prologue to saying the software coalition between Apple and Google will be self-limiting to individuals and gatherings already accustomed to thinking and reason common to the tech world.  The rest of our nation will probably stick to relying on local TV.
    GeorgeBMacwatto_cobra
  • Reply 9 of 31
    gatorguygatorguy Posts: 24,176member
    chaicka said:
    Singapore's TraceTogether app which is developed by Government Technology Agency (GovTech) and based on BlueTrace protocol, now open-sourced and available on tech.gov.sg. It will be great if Apple is able to reach out to GovTech and explore how the now open-sourced BlueTrace can be better optimised or merge into Apple-Google's API so that it is a win-win for all 3 parties, and perhaps the first real-world implementation in a nation ready to benefit from the 'run in background' mode. Now is a good time to do so as Singapore is experiencing an increase in cases which are difficult to trace.

    While Apple-Google API is facing challenges in several nations, Singapore is a ready-to-tap nation and right time. @Apple, please kindly see how you can help. ;)
    Singapore's app is not as privacy-centric, individuals are identifiable.
    muthuk_vanalingam
  • Reply 10 of 31
    anonymouseanonymouse Posts: 6,857member
    gatorguy said:
    Apple and Google are working on a Bluetooth contact tracing system that could help track and possibly reduce the spread of COVID-19. But security experts that AppleInsider have spoken to express concerns about privacy and execution, which could undermine its effectivenessompletely anonymous.

    As an example of how this can be leveraged by a bad actor, former Federal Trade Commission technologist Ashkan Soltani gave an example of a so-called "linkage attack" which could reveal the identity of someone who is COVID-19 positive.

    "By design, your smartphone will broadcast a rotating unique identifier (via Bluetooth) every few minutes (the rolling proximity identifier) to anyone within range," Soltani told AppleInsider. That means there's no granular controls for users to avoid this, beyond not using the system.

    Someone with a Bluetooth sniffer and a video camera could collect pairs of photos and rolling identifiers in a public place, Soltani explains. If one of those people tests positive for COVID-19, the attacker could pair their diagnosis keys with the pictures and rolling identifiers."
    Seriously? That's considered a real and rational threat, a guy hiding in the bushes taking pictures of everyone passing by while sniffing their rotating bluetooth identifier, then cataloging those thousands of picture and timestamps and looking thru them hoping to find a match if someone tests positive? O.M.G. 

    If I ever test positive I won't be trying to hide it from anyone who might need to know in order to protect their own health. 
    These are indeed strange times we are living through. I thought Hell would freeze over before I ever agreed with gatorguy. Apparently I was wrong.
    muthuk_vanalingamwatto_cobra
  • Reply 11 of 31
    This epidemic will change everything, even the notions of “privacy” and “security”. What’s lay ahead is several years of new and complex rules of interaction with other people, including our relatives and neighbors. These new tools will certainly help to cope with the new reality...
    watto_cobra
  • Reply 12 of 31
    StrangeDaysStrangeDays Posts: 12,834member
    maltz said:
    gatorguy said:
    Apple and Google are working on a Bluetooth contact tracing system that could help track and possibly reduce the spread of COVID-19. But security experts that AppleInsider have spoken to express concerns about privacy and execution, which could undermine its effectivenessompletely anonymous.

    As an example of how this can be leveraged by a bad actor, former Federal Trade Commission technologist Ashkan Soltani gave an example of a so-called "linkage attack" which could reveal the identity of someone who is COVID-19 positive.

    "By design, your smartphone will broadcast a rotating unique identifier (via Bluetooth) every few minutes (the rolling proximity identifier) to anyone within range," Soltani told AppleInsider. That means there's no granular controls for users to avoid this, beyond not using the system.

    Someone with a Bluetooth sniffer and a video camera could collect pairs of photos and rolling identifiers in a public place, Soltani explains. If one of those people tests positive for COVID-19, the attacker could pair their diagnosis keys with the pictures and rolling identifiers."
    Seriously? That's considered a real and rational threat, a guy hiding in the bushes taking pictures of everyone passing by while sniffing their rotating bluetooth identifier, then cataloging those thousands of picture and timestamps and looking thru them hoping to find a match if someone tests positive? O.M.G. 

    If I ever test positive I won't be trying to hide it from anyone who might need to know in order to protect their own health. 

    I have yet to see a peep about the FAR more likely attack:  People trolling the system claiming to be infected when they're not, sending alerts to dozens or hundreds (or more) of people they've been near in the last two weeks.
    It’s already been covered that testing confirmation is required. 
    GeorgeBMacmuthuk_vanalingam
  • Reply 13 of 31
    gatorguygatorguy Posts: 24,176member
    gatorguy said:
    Apple and Google are working on a Bluetooth contact tracing system that could help track and possibly reduce the spread of COVID-19. But security experts that AppleInsider have spoken to express concerns about privacy and execution, which could undermine its effectivenessompletely anonymous.

    As an example of how this can be leveraged by a bad actor, former Federal Trade Commission technologist Ashkan Soltani gave an example of a so-called "linkage attack" which could reveal the identity of someone who is COVID-19 positive.

    "By design, your smartphone will broadcast a rotating unique identifier (via Bluetooth) every few minutes (the rolling proximity identifier) to anyone within range," Soltani told AppleInsider. That means there's no granular controls for users to avoid this, beyond not using the system.

    Someone with a Bluetooth sniffer and a video camera could collect pairs of photos and rolling identifiers in a public place, Soltani explains. If one of those people tests positive for COVID-19, the attacker could pair their diagnosis keys with the pictures and rolling identifiers."
    Seriously? That's considered a real and rational threat, a guy hiding in the bushes taking pictures of everyone passing by while sniffing their rotating bluetooth identifier, then cataloging those thousands of picture and timestamps and looking thru them hoping to find a match if someone tests positive? O.M.G. 

    If I ever test positive I won't be trying to hide it from anyone who might need to know in order to protect their own health. 
    These are indeed strange times we are living through. I thought Hell would freeze over before I ever agreed with gatorguy. Apparently I was wrong.
    ;)
  • Reply 14 of 31
    "But, for security: We already gave away any security when the Patriot Act was signed." - not this crap again....
  • Reply 15 of 31
    seanismorrisseanismorris Posts: 1,624member
    Do as I say not as I do.  

    Download the App.

    Personally, I’ve had both Bluetooth and WiFi disabled for the last decade on my cell phone... unless I’m using it.

    I.e.
    Go to gym.  Turn on Bluetooth. 
    Leave. Turn off Bluetooth.

    I’m concerned about zero-day exploits, so lock things down.  Cell phones have everything on them, which make them a high priority target.
    edited April 2020
  • Reply 16 of 31
    larryjwlarryjw Posts: 1,031member
    This api and the apps following will add impetuous to testing. 

    Such an app will also aid in bringing businesses back online. 
  • Reply 17 of 31
    GeorgeBMacGeorgeBMac Posts: 11,421member
    gatorguy said:
    chaicka said:
    Singapore's TraceTogether app which is developed by Government Technology Agency (GovTech) and based on BlueTrace protocol, now open-sourced and available on tech.gov.sg. It will be great if Apple is able to reach out to GovTech and explore how the now open-sourced BlueTrace can be better optimised or merge into Apple-Google's API so that it is a win-win for all 3 parties, and perhaps the first real-world implementation in a nation ready to benefit from the 'run in background' mode. Now is a good time to do so as Singapore is experiencing an increase in cases which are difficult to trace.

    While Apple-Google API is facing challenges in several nations, Singapore is a ready-to-tap nation and right time. @Apple, please kindly see how you can help. ;)
    Singapore's app is not as privacy-centric, individuals are identifiable.

    That's the idea.
    Identify the infectious.   Get them off the streets.   identify any they infected and get them off the streets too
    watto_cobra
  • Reply 18 of 31
    GeorgeBMacGeorgeBMac Posts: 11,421member
    larryjw said:
    This api and the apps following will add impetuous to testing. 

    Such an app will also aid in bringing businesses back online. 

    Yes, testing and follow up contact tracing will be able to get the infectious off of our streets and out of our stores and businesses so they don't trigger the exponential growth  where 1 person infects 2 others and those infect 4 others, etc. that we've been experiencing.

    Unfortunately, our testing has maxed out at about 1/2, 1/3 or 1/4 of what we need.  And, apparently we have no intention of expanding our capacity -- instead just ending social distancing.   
    al Qaeda could not have dreamed of a better terrorist attack.  This will make 911 look like a warm up.
  • Reply 19 of 31
    Alice and Bob should just stay at least six feet apart.
  • Reply 20 of 31
    GeorgeBMacGeorgeBMac Posts: 11,421member
    Alice and Bob should just stay at least six feet apart.

    For now -- since we have no other means to protect them and protect others from them if they are infectious.
    But, at some point, we will have to develop a means of maintaining safety without shutting everything down and keeping people separated.
    watto_cobra
Sign In or Register to comment.