Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

APHL partners with Apple, Google and Microsoft on national COVID-19 Exposure Notification server

Last updated

The Association of Public Health Laboratories is working with Apple, Google and Microsoft to build a national server that will securely store COVID-19 Exposure Notification data, a system that promises to bolster state and regional efforts to contain the virus.

Detailed in a blog post Friday, the project aims to develop a more comprehensive and cohesive exposure notification solution for the U.S.

Instead of storing user contact tracing keys — critical, time-sensitive information — on multiple, unlinked servers run by state agencies, APHL offers to securely compile and make that information available on a national server. Storing keys of affected users on a single database eliminates duplication and can enable notifications across state borders, the group said. Further, states and territorial agencies that integrate with APHL's proposed server would be able to more rapidly build out exposure notification apps.

The system implements Apple and Google's Exposure Notification API, which uses random device identifiers — keys — to generate temporary IDs that are sent between devices via close proximity Bluetooth communications. By swapping keys, apps integrating the Apple-Google system can track and notify users when they are exposed to others who test positive for coronavirus.

With security at the fore, the solution does not store data on central servers run by Apple or Google, but instead silos anonymized Bluetooth beacons on user devices until participants elect to share the information with an outside party. If and when a user is diagnosed with COVID-19, they can opt to upload a 14-day list of recent anonymized contacts to a distribution server, which matches beacon IDs and sends out notifications alerting those individuals that they came in close contact with a carrier of the virus. Doctors can also peruse the data, if such access is granted.

Those protections extend to the APHL initiative.

While not specifically outlined in today's announcement, APHL would likely take over the role of providing a contact distribution server, in this case for the entirety of America. Microsoft is partnering on the project to provide the national cloud-based key server based on an open source design created by Google Cloud.

"We're honored to partner with Apple, Google and Microsoft to make this groundbreaking technology accessible to state and territorial public health agencies," said Bill Whitmar, president of APHL and director of the Missouri State Public Health Laboratory. "Apps using this technology will rapidly inform users of a potential exposure to COVID-19 and provide them information they can use to protect themselves and their families."

APHL has extensive experience in connecting public health laboratories, entities and government agencies. The group's Public Health Laboratory Interoperability Project launched in 2006 as one of the first systems to allow for the exchange of standardized data between public health entities. That was followed by APHL Informatics Messaging Services, which has evolved from a one-way conveyance of critical health data to a cloud-based platform that "transports, translates, validates and hosts data for federal, state and local public health agencies," according to the post.

Exposure notification technology shows promise, though adoption needs to reach critical mass in any given population before it becomes an effective tool in staunching the coronavirus tide. So far, only a handful of countries have launched apps that integrate the API. No U.S. states have followed suit, though three — Alabama, North Dakota and South Carolina — have signaled intent to do so amid a resurgence in cases across the country.



16 Comments

JWSC 7 Years · 1203 comments

I suppose everyone who takes part in these COVID-19 tracking solutions feels good about this work. And I’m sure it’s good work. But getting it deployed to the masses, many of whom will not voluntarily submit to tracking, is just too little and too late.

It may be a prepackaged solution for the next pandemic though.

mknelson 9 Years · 1148 comments

JWSC said:
I suppose everyone who takes part in these COVID-19 tracking solutions feels good about this work. And I’m sure it’s good work. But getting it deployed to the masses, many of whom will not voluntarily submit to tracking, is just too little and too late.

It may be a prepackaged solution for the next pandemic though.

Polls have shown a wide range of interest. The US may be right out as you suggest, other (hello from Canada) countries seem to have a better understanding/less politicization  of the benefits of contact tracing (it's not tracking).

Having said that, I have a few co-workers who had a knee jerk reaction when they saw the API in the iOS update last month. They clearly didn't understand the methodology or privacy protections built in to the system.

russw 10 Years · 21 comments

JWSC said:
I suppose everyone who takes part in these COVID-19 tracking solutions feels good about this work. And I’m sure it’s good work. But getting it deployed to the masses, many of whom will not voluntarily submit to tracking, is just too little and too late.

It may be a prepackaged solution for the next pandemic though.

I hope you’re wrong but fear you’re right about the US. So funny when you realize your cell company is tracking you already, not to mention Google and Facebook. 


Agree at least this will be a trial run for the next pandemic and let’s hope there is more reason to trust government at that point. 

DAalseth 6 Years · 3067 comments

If Canada has an App based on the Google/Apple APIs that works the way they are supposed to, then yes. I would install it. that keeps the data secure from after the face spying or data theft. All notifications were to go from device to device.
This idea to have a centralized repository though...no. It violates the core principle of the G/A system. The whole essence of it is to be secure because there is no data on a central server that WILL be hacked, or receive a warrant to trace people. 
So yes to the app.
No the this though.

sdbryan 17 Years · 351 comments

Finally some good news about doing more than just trying to avoid Covid-19. I agree that in the short run there are not good prospects for sufficient adoption but given present leadership we sadly may have plenty of time for adoption to grow while the threat continues to be a fact of life (in the US).

As indicated by previous individuals, anyone with a cellphone is continually sharing identity and position in order for the phone to function. This protocol shares neither identity nor position. It is just about notification of possible exposure and thus is much more privacy protective than the billions of cellphones in use.