[liberationtech] Strength of Political Action, In The Era of COVID-19... More Theatrics & Side-Shows.

Brian Behlendorf brian at behlendorf.com
Fri Apr 24 23:27:24 CEST 2020 

On Fri, 24 Apr 2020, Richard Brooks wrote:
> I had similar concerns. I also was immediately
> nervous about big tech doing this.
>
> I then realized that they have all the data
> anyway. This is probably the least bad thing that
> they are going to do with it.

It really is worth reading how GACT works, as well as some of the more 
informed critiques of it.

The spec:
https://www.apple.com/covid19/contacttracing

The simplest possible description, from D3-PT:
https://github.com/DP-3T/documents/tree/master/public_engagement/cartoon

Ross Anderson's take on GACT:
https://www.lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/

and a really good human-level summary of how contact tracing works and how 
it would need to scale up to this challenge:
https://thehill.com/opinion/technology/493648-how-human-centered-tech-can-beat-covid-19-through-contact-tracing

It's important to understand the defaults:

1) Most of the public health authorities and competent government leaders 
seem to be arguing that they consider contact tracing essential to opening 
up more of society before there's a widely deployed vaccine and herd 
immunity.

2) By default, the way it's done now, by manually asking people with 
positive test results where they've been and where they've been and who 
they've interacted with in the last N days, is woefully inadequate when 
dealing with a disease where most of those infected and infectious show no 
symptoms for the first few days or possibly ever, where transmission via 
aerosol and surfaces means large numbers of people can catch it from a 
single person in a short amount of time, and with the number of people 
infected even after we get a few more weeks down the flattened curve in 
most places.

3) By default, public health authorities first preference will be to 
digitize the manual approach by using a central county-wide, state-wide, 
or national database to record who's infected, who they've talked with, 
where they've been, etc. They'd seek to augment that central database with 
whatever else they can get their hands on, from cell phone location data 
to your credit card purchase histories. Usual GDPR or other relevant 
privacy constraints will likely not apply as this is a public health 
emergency, and public opposition to this encroachment on privacy would be 
low (sadly).

4) By default, you need everyone running this software - not just the 2% 
of interested nerds who would self-select, but more like 50-70% at least, 
in order to pull the untraced transmissions closer and closer to zero. 
(BTW Singapore's tracing app only saw 12% adoption, from what I heard, and 
they're seeing a second wave). That means you need Bluetooth Low Energy 
(as Safepaths and every other tracing system is proposing - GPS consumes 
too much battery and is not precise enough, and cell tower location data 
also not fine-grained enough to really isolate those who came within a few 
meters of you), but you also need it to run in the background 
continuously, which (for very good reason we all here would I hope 
support!) Apple & Google have not allowed apps to even ask for the 
permission to turn on and consume BLE in the background.

5) By default, to make public health authorities happy and enable , 
Google and Apple would need to special-case their apps to enable BLE 
background, which would open a huge privacy hole government agencies could 
walk through, and which might be much tougher to close after the pandemic 
is closed.

So G&A appear to be doing the right minimal thing here, which is to say 
"OK, you can get BLE background, but ONLY by doing tracing in this 
decentralized way", which avoids at least the big obvious risks of 
allowing public health authorities or anyone else from creating a 
centralized picture of everyone you've been near while running 
the app, when all they really need to know is who's been in proximity to 
people who tested positive, and only if those patients agree.

However, as Ross and others have pointed out, there are still a lot of 
attack vectors and opportunities for re-centralized surveillance that such 
an application could deploy. If we just don't know what's running in the 
app, we don't know if it's also reporting data to a central server without 
patient notification let alone consent. We son't know what other location 
data it's collecting and possibly reporting or aggregating. And when that 
signed attestation comes in from a public health authority that you should 
see if you've been near a certain set of "codes", the app could report 
upstream that you have without notice or consent, forcing you into 
reporting.

One approach to addressing many, but not all, of those concerns is if the 
public health authority app was not proprietary code (and a thousand 
different apps for a thousand different health authoritie), but one app, 
open source (with reproducible builds to verify what's in the code is 
whats on your phone), where the reporting structure is configurable, and 
where the defaults are set to encourage users to report matches but that 
would require consent. Such an app should be the default, perhaps even 
required app that public health authorities consult with and publish data 
through. This is not a situation where a thousand different apps help, 
even if all those apps are using GACT. You want public trust in that app, 
and that app can come from carefully vetted public open source code.

It likely should also be connected to the emerging self-sovereign ID 
approaches being considered for vaccination records and possibly 
antibodies tests, so that you can show a public health authority "Hi! I've 
been exposed, at this time & date, I don't know by who of course, but I 
can also show a positive antibodies test or date of prior infection and 
recovery or proof of vaccine, so no need to quarantine me." These kinds of 
proofs might also be important to fighting anonymous trolling (Ross's 
description of someone attaching their phone to their dog and having them 
wander through a crowd, then reporting a positive test result), 
potentially other concerns.

To Richard's question, this definitely seems to be among the "least bad" 
things that GA could do in this space. It might even make contract tracing 
possible both for the scale of the challenge and in a privacy-preserving 
way. It's a necessary first step but far from the complete solution.

I suspect that the different tracing projects out there will converge on a 
common answer along these lines, and my hope is that G&A follow up GACT 
with an endorsement of an effort towards a common open source tracing app, 
and the different tracing app efforts can combine forces around a common 
approach.

I have no skin in this game, I've just been studying it closely along with 
some other COVID19 related initiatives, but if something emerges we (The 
Linux Foundation) can do to be helpful, let us know.

Brian



> "How I learned to stop worrying and ..."
>
> On 4/24/20 2:29 PM, msunet wrote:
>> There was some talk about this at the Flatten the Curve Summit. At
>> first, I thought this technology would be interesting, but now I have
>> doubts about it. It doesn't seem very useful to trace people if you
>> can't test them, first of all. I also wonder how the random numbers are
>> generated -- will they use your device or advertising ID? How can you
>> tell when they embed this technology in their proprietary, secret OSes
>> anyway? I also haven't seen what the authentication layer is -- will you
>> need a google account? -- or more generally, how they plan to protect
>> the system from attackers. It's also not clear to me who owns the data,
>> where it is stored, how much of it, or for how long. And when does the
>> tracing end? They also have not solved fundamental problems about this
>> tech, like signals going through walls.
>>
>> Unless these and other questions are answered (maybe they have and I
>> haven't caught up), this just seems to me like an attempt by
>> corporations to use the situation as an excuse to creep in more into
>> people's lives. It never hurts to remember that they are powered by
>> profit, not good will.
>>
>> On April 23, 2020 7:01:37 PM PDT, "Robert Mathews (OSIA)"
>> <mathews at hawaii.edu> wrote:
>>
>>
>>     On 4/23/20 5:26 AM, David Stodolsky wrote:
>>
>>>     This appears to be virtue signaling. France is asking that the
>>>     Apple/Google tracing security be relaxed.
>>>>     https://apple.slashdot.org/story/20/04/21/2019202/france-says-apple-bluetooth-policy-is-blocking-virus-tracker#comments
>>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__apple.slashdot.org_story_20_04_21_2019202_france-2Dsays-2Dapple-2Dbluetooth-2Dpolicy-2Dis-2Dblocking-2Dvirus-2Dtracker-23comments&d=DwMFaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=V-iMGiA8Z-z_leHLkLSzXQ&m=1UUH9eOltaAPSUdTtOKTK8wH6ws-MQUbG4Ac_auCdJ4&s=HA0muQHuHH31W1WZw0ZUdLoorMjmeoPDcTks1KDy4v8&e=>
>>>     It appears that France has developed a slightly less secure
>>>     tracing method than the coming Apple/Google API/OS built-in. The
>>>     current limitation is that Apple doesn’t allow Bluetooth to run on
>>>     the iPhone, if the app is in the background and the data leaves
>>>     the phone. This has crippled TraceTogether, etc., since it makes
>>>     tracing impractical with the iPhone.
>>>
>>>     dss
>>>
>>>     David Stodolsky, PhD                   Institute for Social
>>>     Informatics
>>>     Tornskadestien 2, st. th., DK-2400 Copenhagen NV, Denmark
>>>     dss at socialinformatics.org <mailto:dss at socialinformatics.org>     
>>>         Tel./Signal: +45 3095 4070
>>
>>     Notions of *'contact tracing'* must be considered in broader
>>     'technical' and 'technological' terms.   For instance, consider this
>>     following headline, which I have been discussing with my team since
>>     its publication.
>>
>>     *"2 billion phones cannot use Google and Apple contact-tracing tech
>>     System developed by Silicon Valley relies on technology missing from
>>     older handsets."*
>>     TIM BRADSHAW, FT.COM - 4/20/2020, 12:29 PM
>>     *arsTECHNICA*
>>     https://arstechnica.com/tech-policy/2020/04/2-billion-phones-cannot-use-google-and-apple-contract-tracing-tech/
>>      
>>     MANY such subscriber-linked mobile handsets in-service are located
>>     within *the Continent of Africa*, and the *Indian Sub-Continent.* 
>>     And, they are MOSTLY NOT - iPhone 10s.
>>
>>     Of this, I shared the following sentiment with my staff and extended
>>     teams....
>>
>>         //This story SHOULD teach us that, no matter how LARGE any
>>         "tech" company may be, if those human beings WITHIN are NOT
>>         disposed to understanding "SYSTEMS" more wholistically (a widely
>>         abused term), products born out of this lack of understanding
>>         cannot be expected to meet basic aspects of
>>         //////functional//ity////.  ///It also goes without saying that
>>         SYSTEMS so constructed can also 'not' be expected to
>>         'INTEROPERATE reliably' with OTHER systems of a LIKE, and/or
>>         UNLIKE construction too./
>>
>>     In this respect at least, and more importantly, taking note of the
>>     UNIVERSALITY of COVID-19, backward operational compatibility and
>>     INCLUSIVITY should have been critical 'usability' considerations.
>>
>>
>> -- Sent from /e/ Mail.
>>
>
>
>

More information about the LT mailing list