On Fri, 24 Apr 2020, Richard Brooks wrote:
I had similar concerns. I also was immediately
nervous about big tech doing this.
I then realized that they have all the data
anyway. This is probably the least bad thing that
they are going to do with it.
It really is worth reading how GACT works, as well as some of the more
informed critiques of it.
The spec:
https://www.apple.com/covid19/contacttracing
The simplest possible description, from D3-PT:
https://github.com/DP-3T/documents/tree/master/public_engagement/cartoon
Ross Anderson's take on GACT:
https://www.lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/
and a really good human-level summary of how contact tracing works and how
it would need to scale up to this challenge:
https://thehill.com/opinion/technology/493648-how-human-centered-tech-can-beat-covid-19-through-contact-tracing
It's important to understand the defaults:
1) Most of the public health authorities and competent government leaders
seem to be arguing that they consider contact tracing essential to opening
up more of society before there's a widely deployed vaccine and herd
immunity.
2) By default, the way it's done now, by manually asking people with
positive test results where they've been and where they've been and who
they've interacted with in the last N days, is woefully inadequate when
dealing with a disease where most of those infected and infectious show no
symptoms for the first few days or possibly ever, where transmission via
aerosol and surfaces means large numbers of people can catch it from a
single person in a short amount of time, and with the number of people
infected even after we get a few more weeks down the flattened curve in
most places.
3) By default, public health authorities first preference will be to
digitize the manual approach by using a central county-wide, state-wide,
or national database to record who's infected, who they've talked with,
where they've been, etc. They'd seek to augment that central database with
whatever else they can get their hands on, from cell phone location data
to your credit card purchase histories. Usual GDPR or other relevant
privacy constraints will likely not apply as this is a public health
emergency, and public opposition to this encroachment on privacy would be
low (sadly).
4) By default, you need everyone running this software - not just the 2%
of interested nerds who would self-select, but more like 50-70% at least,
in order to pull the untraced transmissions closer and closer to zero.
(BTW Singapore's tracing app only saw 12% adoption, from what I heard, and
they're seeing a second wave). That means you need Bluetooth Low Energy
(as Safepaths and every other tracing system is proposing - GPS consumes
too much battery and is not precise enough, and cell tower location data
also not fine-grained enough to really isolate those who came within a few
meters of you), but you also need it to run in the background
continuously, which (for very good reason we all here would I hope
support!) Apple & Google have not allowed apps to even ask for the
permission to turn on and consume BLE in the background.
5) By default, to make public health authorities happy and enable ,
Google and Apple would need to special-case their apps to enable BLE
background, which would open a huge privacy hole government agencies could
walk through, and which might be much tougher to close after the pandemic
is closed.
So G&A appear to be doing the right minimal thing here, which is to say
"OK, you can get BLE background, but ONLY by doing tracing in this
decentralized way", which avoids at least the big obvious risks of
allowing public health authorities or anyone else from creating a
centralized picture of everyone you've been near while running
the app, when all they really need to know is who's been in proximity to
people who tested positive, and only if those patients agree.
However, as Ross and others have pointed out, there are still a lot of
attack vectors and opportunities for re-centralized surveillance that such
an application could deploy. If we just don't know what's running in the
app, we don't know if it's also reporting data to a central server without
patient notification let alone consent. We son't know what other location
data it's collecting and possibly reporting or aggregating. And when that
signed attestation comes in from a public health authority that you should
see if you've been near a certain set of "codes", the app could report
upstream that you have without notice or consent, forcing you into
reporting.
One approach to addressing many, but not all, of those concerns is if the
public health authority app was not proprietary code (and a thousand
different apps for a thousand different health authoritie), but one app,
open source (with reproducible builds to verify what's in the code is
whats on your phone), where the reporting structure is configurable, and
where the defaults are set to encourage users to report matches but that
would require consent. Such an app should be the default, perhaps even
required app that public health authorities consult with and publish data
through. This is not a situation where a thousand different apps help,
even if all those apps are using GACT. You want public trust in that app,
and that app can come from carefully vetted public open source code.
It likely should also be connected to the emerging self-sovereign ID
approaches being considered for vaccination records and possibly
antibodies tests, so that you can show a public health authority "Hi! I've
been exposed, at this time & date, I don't know by who of course, but I
can also show a positive antibodies test or date of prior infection and
recovery or proof of vaccine, so no need to quarantine me." These kinds of
proofs might also be important to fighting anonymous trolling (Ross's
description of someone attaching their phone to their dog and having them
wander through a crowd, then reporting a positive test result),
potentially other concerns.
To Richard's question, this definitely seems to be among the "least bad"
things that GA could do in this space. It might even make contract tracing
possible both for the scale of the challenge and in a privacy-preserving
way. It's a necessary first step but far from the complete solution.
I suspect that the different tracing projects out there will converge on a
common answer along these lines, and my hope is that G&A follow up GACT
with an endorsement of an effort towards a common open source tracing app,
and the different tracing app efforts can combine forces around a common
approach.
I have no skin in this game, I've just been studying it closely along with
some other COVID19 related initiatives, but if something emerges we (The
Linux Foundation) can do to be helpful, let us know.
Brian
"How I learned to stop worrying and ..."
On 4/24/20 2:29 PM, msunet wrote:
There was some talk about this at the Flatten the Curve Summit. At
first, I thought this technology would be interesting, but now I have
doubts about it. It doesn't seem very useful to trace people if you
can't test them, first of all. I also wonder how the random numbers are
generated -- will they use your device or advertising ID? How can you
tell when they embed this technology in their proprietary, secret OSes
anyway? I also haven't seen what the authentication layer is -- will you
need a google account? -- or more generally, how they plan to protect
the system from attackers. It's also not clear to me who owns the data,
where it is stored, how much of it, or for how long. And when does the
tracing end? They also have not solved fundamental problems about this
tech, like signals going through walls.
Unless these and other questions are answered (maybe they have and I
haven't caught up), this just seems to me like an attempt by
corporations to use the situation as an excuse to creep in more into
people's lives. It never hurts to remember that they are powered by
profit, not good will.
On April 23, 2020 7:01:37 PM PDT, "Robert Mathews (OSIA)"
<[email protected]> wrote:
On 4/23/20 5:26 AM, David Stodolsky wrote:
This appears to be virtue signaling. France is asking that the
Apple/Google tracing security be relaxed.
https://apple.slashdot.org/story/20/04/21/2019202/france-says-apple-bluetooth-policy-is-blocking-virus-tracker#comments
<https://urldefense.proofpoint.com/v2/url?u=https-3A__apple.slashdot.org_story_20_04_21_2019202_france-2Dsays-2Dapple-2Dbluetooth-2Dpolicy-2Dis-2Dblocking-2Dvirus-2Dtracker-23comments&d=DwMFaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=V-iMGiA8Z-z_leHLkLSzXQ&m=1UUH9eOltaAPSUdTtOKTK8wH6ws-MQUbG4Ac_auCdJ4&s=HA0muQHuHH31W1WZw0ZUdLoorMjmeoPDcTks1KDy4v8&e=>
It appears that France has developed a slightly less secure
tracing method than the coming Apple/Google API/OS built-in. The
current limitation is that Apple doesn’t allow Bluetooth to run on
the iPhone, if the app is in the background and the data leaves
the phone. This has crippled TraceTogether, etc., since it makes
tracing impractical with the iPhone.
dss
David Stodolsky, PhD Institute for Social
Informatics
Tornskadestien 2, st. th., DK-2400 Copenhagen NV, Denmark
[email protected] <mailto:[email protected]>
Tel./Signal: +45 3095 4070
Notions of *'contact tracing'* must be considered in broader
'technical' and 'technological' terms. For instance, consider this
following headline, which I have been discussing with my team since
its publication.
*"2 billion phones cannot use Google and Apple contact-tracing tech
System developed by Silicon Valley relies on technology missing from
older handsets."*
TIM BRADSHAW, FT.COM - 4/20/2020, 12:29 PM
*arsTECHNICA*
https://arstechnica.com/tech-policy/2020/04/2-billion-phones-cannot-use-google-and-apple-contract-tracing-tech/
MANY such subscriber-linked mobile handsets in-service are located
within *the Continent of Africa*, and the *Indian Sub-Continent.*
And, they are MOSTLY NOT - iPhone 10s.
Of this, I shared the following sentiment with my staff and extended
teams....
//This story SHOULD teach us that, no matter how LARGE any
"tech" company may be, if those human beings WITHIN are NOT
disposed to understanding "SYSTEMS" more wholistically (a widely
abused term), products born out of this lack of understanding
cannot be expected to meet basic aspects of
//////functional//ity////. ///It also goes without saying that
SYSTEMS so constructed can also 'not' be expected to
'INTEROPERATE reliably' with OTHER systems of a LIKE, and/or
UNLIKE construction too./
In this respect at least, and more importantly, taking note of the
UNIVERSALITY of COVID-19, backward operational compatibility and
INCLUSIVITY should have been critical 'usability' considerations.
-- Sent from /e/ Mail.
--
Liberationtech is public & archives are searchable from any major commercial
search engine. Violations of list guidelines will get you moderated:
https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, change to digest
mode, or change password by emailing [email protected].
