They’re using Bluetooth, which is usually ~10m connection range, but they might be able to decrease the power to bring it down to 3m or so. (I don’t know if they can do that selectively without messing up other Bluetooth uses.)
It’s interesting that they’re using a 15 minute ID key. That suggests that there’s no handshake between phones: The phone simply broadcasts that key, and any other phone that receives it, notes it down on its contact list. The temporary keys will be generated off of a private key inside the phone, containing the phone id and maybe location. The government(s) will be able to roll back the encryption on the temporary key to get the information inside. Okay, so far, but…
- If there’s no crypto-handshake between phones, that temporary key can be fucked with in a number of ways. e.g. set up a collector in one place, and rebroadcast the keys in other locations.
- Which governments will hold the key that lets them unwrap the temporary keys? If multiple national governments have a secret, it won’t stay secret very long.
- What if some national governments are bad actors? (Shock and surprise!)
- If having this app is mandatory “for the duration”, who decides when it’s over?
