[liberationtech] Strength of Political Action, In The Era of COVID-19... More Theatrics & Side-Shows.
Marc Sunet
msunet at shellblade.net
Sat Apr 25 20:35:24 CEST 2020
Thanks Brian, that's an excellent summary and Ross Anderson's article is
spot on.
It's clear to me now that the system cannot be anonymous, so the key
seems to be demanding absolute transparency in how the data is collected
and processed, and making sure there is an end to the surveillance once
the situation is over. You also talk about how the "app" should not be
proprietary, and I agree; but we also need to consider the OS and
ultimately the hardware, not just the app, if we want transparency. I
just don't think Android and iOS were good platforms to begin with, so
expecting everyone to carry this garbage in their pockets would be
extremely sad in my opinion. Even if I could be convinced that
government surveillance to fight a pandemic is a good thing and that I
should contribute with my health data, I still would not want this data
to be handled by advertising and secretive companies; they are just not
a good baseline, their business models rely on secrets and exploiting
people's privacy.
Your points 2 and 4 are interesting, but it still seems to me like big
tech / government surveillance propaganda. Yes, manual tracing is slow
and expensive, but like Ross Anderson says in the article, people might
feel more comfortable getting the news from a human being than from a
device anyway, and like both you and the article say, adoption is key to
the effectiveness of the system. And the problem with asymptomatic cases
seems to be common to both manual tracing and the tacts, not just
exclusive to the manual approach (David's video claims to solve this,
but after watching it, it seems to hinge on the assumption that someone
"feels under the weather", which is neither asymptomatic nor is it an
indication of infection, so I still don't understand how the
asymptomatic transmission is accounted for).
On 4/24/20 2:27 PM, Brian Behlendorf wrote:
> On Fri, 24 Apr 2020, Richard Brooks wrote:
>> I had similar concerns. I also was immediately
>> nervous about big tech doing this.
>>
>> I then realized that they have all the data
>> anyway. This is probably the least bad thing that
>> they are going to do with it.
>
> It really is worth reading how GACT works, as well as some of the more
> informed critiques of it.
>
> The spec:
> https://www.apple.com/covid19/contacttracing
>
> The simplest possible description, from D3-PT:
> https://github.com/DP-3T/documents/tree/master/public_engagement/cartoon
>
> Ross Anderson's take on GACT:
> https://www.lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/
>
>
> and a really good human-level summary of how contact tracing works and
> how it would need to scale up to this challenge:
> https://thehill.com/opinion/technology/493648-how-human-centered-tech-can-beat-covid-19-through-contact-tracing
>
>
> It's important to understand the defaults:
>
> 1) Most of the public health authorities and competent government
> leaders seem to be arguing that they consider contact tracing
> essential to opening up more of society before there's a widely
> deployed vaccine and herd immunity.
>
> 2) By default, the way it's done now, by manually asking people with
> positive test results where they've been and where they've been and
> who they've interacted with in the last N days, is woefully inadequate
> when dealing with a disease where most of those infected and
> infectious show no symptoms for the first few days or possibly ever,
> where transmission via aerosol and surfaces means large numbers of
> people can catch it from a single person in a short amount of time,
> and with the number of people infected even after we get a few more
> weeks down the flattened curve in most places.
>
> 3) By default, public health authorities first preference will be to
> digitize the manual approach by using a central county-wide,
> state-wide, or national database to record who's infected, who they've
> talked with, where they've been, etc. They'd seek to augment that
> central database with whatever else they can get their hands on, from
> cell phone location data to your credit card purchase histories. Usual
> GDPR or other relevant privacy constraints will likely not apply as
> this is a public health emergency, and public opposition to this
> encroachment on privacy would be low (sadly).
>
> 4) By default, you need everyone running this software - not just the
> 2% of interested nerds who would self-select, but more like 50-70% at
> least, in order to pull the untraced transmissions closer and closer
> to zero. (BTW Singapore's tracing app only saw 12% adoption, from what
> I heard, and they're seeing a second wave). That means you need
> Bluetooth Low Energy (as Safepaths and every other tracing system is
> proposing - GPS consumes too much battery and is not precise enough,
> and cell tower location data also not fine-grained enough to really
> isolate those who came within a few meters of you), but you also need
> it to run in the background continuously, which (for very good reason
> we all here would I hope support!) Apple & Google have not allowed
> apps to even ask for the permission to turn on and consume BLE in the
> background.
>
> 5) By default, to make public health authorities happy and enable ,
> Google and Apple would need to special-case their apps to enable BLE
> background, which would open a huge privacy hole government agencies
> could walk through, and which might be much tougher to close after the
> pandemic is closed.
>
> So G&A appear to be doing the right minimal thing here, which is to
> say "OK, you can get BLE background, but ONLY by doing tracing in this
> decentralized way", which avoids at least the big obvious risks of
> allowing public health authorities or anyone else from creating a
> centralized picture of everyone you've been near while running the
> app, when all they really need to know is who's been in proximity to
> people who tested positive, and only if those patients agree.
>
> However, as Ross and others have pointed out, there are still a lot of
> attack vectors and opportunities for re-centralized surveillance that
> such an application could deploy. If we just don't know what's running
> in the app, we don't know if it's also reporting data to a central
> server without patient notification let alone consent. We son't know
> what other location data it's collecting and possibly reporting or
> aggregating. And when that signed attestation comes in from a public
> health authority that you should see if you've been near a certain set
> of "codes", the app could report upstream that you have without notice
> or consent, forcing you into reporting.
>
> One approach to addressing many, but not all, of those concerns is if
> the public health authority app was not proprietary code (and a
> thousand different apps for a thousand different health authoritie),
> but one app, open source (with reproducible builds to verify what's in
> the code is whats on your phone), where the reporting structure is
> configurable, and where the defaults are set to encourage users to
> report matches but that would require consent. Such an app should be
> the default, perhaps even required app that public health authorities
> consult with and publish data through. This is not a situation where a
> thousand different apps help, even if all those apps are using GACT.
> You want public trust in that app, and that app can come from
> carefully vetted public open source code.
>
> It likely should also be connected to the emerging self-sovereign ID
> approaches being considered for vaccination records and possibly
> antibodies tests, so that you can show a public health authority "Hi!
> I've been exposed, at this time & date, I don't know by who of course,
> but I can also show a positive antibodies test or date of prior
> infection and recovery or proof of vaccine, so no need to quarantine
> me." These kinds of proofs might also be important to fighting
> anonymous trolling (Ross's description of someone attaching their
> phone to their dog and having them wander through a crowd, then
> reporting a positive test result), potentially other concerns.
>
> To Richard's question, this definitely seems to be among the "least
> bad" things that GA could do in this space. It might even make
> contract tracing possible both for the scale of the challenge and in a
> privacy-preserving way. It's a necessary first step but far from the
> complete solution.
>
> I suspect that the different tracing projects out there will converge
> on a common answer along these lines, and my hope is that G&A follow
> up GACT with an endorsement of an effort towards a common open source
> tracing app, and the different tracing app efforts can combine forces
> around a common approach.
>
> I have no skin in this game, I've just been studying it closely along
> with some other COVID19 related initiatives, but if something emerges
> we (The Linux Foundation) can do to be helpful, let us know.
>
> Brian
>
>
>
>> "How I learned to stop worrying and ..."
>>
>> On 4/24/20 2:29 PM, msunet wrote:
>>> There was some talk about this at the Flatten the Curve Summit. At
>>> first, I thought this technology would be interesting, but now I have
>>> doubts about it. It doesn't seem very useful to trace people if you
>>> can't test them, first of all. I also wonder how the random numbers are
>>> generated -- will they use your device or advertising ID? How can you
>>> tell when they embed this technology in their proprietary, secret OSes
>>> anyway? I also haven't seen what the authentication layer is -- will
>>> you
>>> need a google account? -- or more generally, how they plan to protect
>>> the system from attackers. It's also not clear to me who owns the data,
>>> where it is stored, how much of it, or for how long. And when does the
>>> tracing end? They also have not solved fundamental problems about this
>>> tech, like signals going through walls.
>>>
>>> Unless these and other questions are answered (maybe they have and I
>>> haven't caught up), this just seems to me like an attempt by
>>> corporations to use the situation as an excuse to creep in more into
>>> people's lives. It never hurts to remember that they are powered by
>>> profit, not good will.
>>>
>>> On April 23, 2020 7:01:37 PM PDT, "Robert Mathews (OSIA)"
>>> <mathews at hawaii.edu> wrote:
>>>
>>>
>>> On 4/23/20 5:26 AM, David Stodolsky wrote:
>>>
>>>> This appears to be virtue signaling. France is asking that the
>>>> Apple/Google tracing security be relaxed.
>>>>>
>>>>> https://apple.slashdot.org/story/20/04/21/2019202/france-says-apple-bluetooth-policy-is-blocking-virus-tracker#comments
>>>>>
>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__apple.slashdot.org_story_20_04_21_2019202_france-2Dsays-2Dapple-2Dbluetooth-2Dpolicy-2Dis-2Dblocking-2Dvirus-2Dtracker-23comments&d=DwMFaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=V-iMGiA8Z-z_leHLkLSzXQ&m=1UUH9eOltaAPSUdTtOKTK8wH6ws-MQUbG4Ac_auCdJ4&s=HA0muQHuHH31W1WZw0ZUdLoorMjmeoPDcTks1KDy4v8&e=>
>>>> It appears that France has developed a slightly less secure
>>>> tracing method than the coming Apple/Google API/OS built-in. The
>>>> current limitation is that Apple doesn’t allow Bluetooth to run on
>>>> the iPhone, if the app is in the background and the data leaves
>>>> the phone. This has crippled TraceTogether, etc., since it makes
>>>> tracing impractical with the iPhone.
>>>>
>>>> dss
>>>>
>>>> David Stodolsky, PhD Institute for Social
>>>> Informatics
>>>> Tornskadestien 2, st. th., DK-2400 Copenhagen NV, Denmark
>>>> dss at socialinformatics.org <mailto:dss at socialinformatics.org>
>>>> Tel./Signal: +45 3095 4070
>>>
>>> Notions of *'contact tracing'* must be considered in broader
>>> 'technical' and 'technological' terms. For instance, consider
>>> this
>>> following headline, which I have been discussing with my team since
>>> its publication.
>>>
>>> *"2 billion phones cannot use Google and Apple contact-tracing tech
>>> System developed by Silicon Valley relies on technology missing
>>> from
>>> older handsets."*
>>> TIM BRADSHAW, FT.COM - 4/20/2020, 12:29 PM
>>> *arsTECHNICA*
>>>
>>> https://arstechnica.com/tech-policy/2020/04/2-billion-phones-cannot-use-google-and-apple-contract-tracing-tech/
>>>
>>> MANY such subscriber-linked mobile handsets in-service are located
>>> within *the Continent of Africa*, and the *Indian Sub-Continent.*
>>> And, they are MOSTLY NOT - iPhone 10s.
>>>
>>> Of this, I shared the following sentiment with my staff and
>>> extended
>>> teams....
>>>
>>> //This story SHOULD teach us that, no matter how LARGE any
>>> "tech" company may be, if those human beings WITHIN are NOT
>>> disposed to understanding "SYSTEMS" more wholistically (a
>>> widely
>>> abused term), products born out of this lack of understanding
>>> cannot be expected to meet basic aspects of
>>> //////functional//ity////. ///It also goes without saying that
>>> SYSTEMS so constructed can also 'not' be expected to
>>> 'INTEROPERATE reliably' with OTHER systems of a LIKE, and/or
>>> UNLIKE construction too./
>>>
>>> In this respect at least, and more importantly, taking note of the
>>> UNIVERSALITY of COVID-19, backward operational compatibility and
>>> INCLUSIVITY should have been critical 'usability' considerations.
>>>
>>>
>>> -- Sent from /e/ Mail.
>>>
>>
>>
>>
>
--
GPG: 9C2A AF1D CC91 0A53 AB0A B6A1 C457 0E01 081F 8F91
https://emailselfdefense.fsf.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ghserv.net/pipermail/lt/attachments/20200425/41580e3a/attachment-0001.html>
More information about the LT
mailing list