Singapore's doing contact tracing without any location data, and with contact between devices encrypted until needed for a contact disclosure. Seems like a better approach to me:
Yeah GPS casts too wide a net (imagine being in New York- everyone in a 80-story office building would be within margin of error of a single GPS point).
Bluetooth seems like a better solution, and the Singapore one does it in a privacy-preserving way while storing all data on the phone. Only when a user is infected, then are they asked to upload data.
Also direct link to more info about the underlying protocol "BlueTrace" they are working on finalizing before open-sourcing this app for use in other countries:
Using Bluetooth to detect potential contact + plus GPS seem like a good way to cover a lot of ground. Anyways I feel like the bigger issue is the huge honeypot problem. I think it's easier to assume data like this is bound to leak -- so what can we do to make it useless besides for its intended purpose? I mean it doesn't have to protect against like a state backed program to track an individual -- but it should protect against the usual bullshit companies like insurance or scammers.... hmmm
It seems like the way this preserves privacy is that you only upload your location information once you're tested positive, where it is "redacted" (I have very little faith in this) and then sent to everyone else so they can check to see if they were in contact with you. It's better than mass surveillance, sure, but I'm not sure if you can claim that this doesn't give up individual privacy.
What do you think is the ethical option? If you are positive shouldn't the people in contact with you know it? I'm genuinely asking, it's not a rethorical question. I think they should know they have been exposed to the virus at least, not necessarily knowing it was you. You already have lost some rights of movement and assembly. Losing some privacy may help you regain them sooner.
Optional, presumably. Nobody is forcing you to install the app if it was mandatory anyways (and how would the app know you were positive?), so it makes little difference.
I had been a staunch advocate of not sharing any personal information wherever possible, but recently I've been thinking whether I've approached the whole privacy issue from a wrong angle.
Maybe there isn't anything wrong with sharing our data and information for the public good. After all, we almost view it self-evident that transparency is good for communities at large. The real issue is that most of the parties who come after our data are only interested in exploiting us to make more money.
Given this thought, I believe I would be inclined to share my data with orgs that I know are trying to do public good in a verifiable and transparent way.
Verifiable and transparent are very much the key words there.
Currently the only way to share personal information is to basically just hand it someone you think should be trustworthy, who does god knows what with it. And that's if you even get that level of control, and whomever you handed your data previously isn't sharing it on your behalf.
The problem is that you can't take the data back when good organizations turn bad. Maybe you trusted the US government in 1940 when you took the census, but in 1942 they showed up at your door to take you away if you had listed yourself as Japanese.
If you lived in the Netherlands in the 1930s, you may have had a great deal of trust in your government. They collected extensive population data and did a lot of good with it. When the Nazis invaded, they got access to the same systems. It made their genocide much more effective than in neighbouring countries.
Instead of using GPS, consider using the WiFi base stations. Specifically, each location can be characterized by the set of WiFi base stations a phone can detect. GPS is useful while outdoors, but virus transmission is somewhat difficult outdoors. Indoors, a conference room on the third floor and the 40th floor will have the same GPS coordinates, but a phone in each location will detect a different set of WIFI based stations. This paper shows how WiFi base stations can be used https://arxiv.org/pdf/1610.04730.pdf.
I might not understand methods to achieve privacy, but here are some thoughts.
1. The data could be stored more safely with something like Intel SGX, where only the application can access the data. In this scenario, the carrier (or healthcare worker), uploads the carrier’s path into SGX-based database. Then, individual users that are concerned about their risk could use the app to upload their location paths into the SGX-based system and learn if they are at risk as a simple yes/no. (I have never built an SGX application, so I might be mistaken on its abilities.)
2. I don’t think this is possible: “The solution is a ‘pull’ model where users can download encrypted location information about carriers” If the application is on my device, I can decompile it and get the decryption key or use other methods to dump the carriers’ location data to disk.
3. It seems that the user’s data is also stored on the device. This data is then at risk of being stolen by malicious applications. Instead, the location data can be encrypted with a public key that can only be decrypted on the SGX-protected servers.
Israel's ministry of health has released a similar app [1] (open source [2]).
Location is stored locally, and cross checked with confirmed covid-19 patients location history.
You get a notification if you were close to a patient
The only actors in the position to help here are the carriers and platform owners. Perhaps a joint venture between Apple and Google to hold each other accountable? I don't trust the carriers to get this right.
I don’t think this is reliable enough if you like to stay safe while being out, although it seems better than nothing.
Considering that aerosols are a plausible infection vector, it becomes necessary to introduce air flow models that include building ventilations for a reliable outcome of location based monitoring. Honestly, I consider this a major, and quite risky undertaking. Already a retrospective analysis of who-infected-whom based on location will turn out quite incomplete.
As a side note while being quarantined at home: please consider closing building ventilations, talk to your neighbor to coordinate asynchronous window opening procedures, and ensure closed sewage systems.
2. It took quite an effort to find out how SARS-CoV-1 spreaded from one single flat to other flats and to nearby buildings that were located in the direction of wind. Indeed, it is assumed that sewage ventilation played a role here.
https://dx.doi.org/10.1056/NEJMoa032867
Yes, please see the discussion in the second study. They cite the findings of an investigative team of the WHO for the infections in the same building, and add their own findings to explain infections other buildings (which the WHO didn't explain). And yes, both the WHO and the study states open windows as inlets for the aerosols.
In my opinion, this also explains the measures in China: here a whole building is evacuated and quarantined if one single person in the building is tested positive.
Separate from the "current crisis" and retrospective contact-tracing:
Are there any existing apps that keep a high-resolution trail of where you've been, without ever uploading it to the cloud? (Or, only uploading it to a location you choose, encrypted to a key you hold?)
Something like Google "Location History", but without Google or any other intermediary data-silos who could be compromised to reveal my data against my wishes.
if this is just logging location, how does it do contact tracing? don't you need everyone's location, or the 'nearby' data like gov.sg's 'trace together'?
Erm… what is it? Forgive me for not wanting to download the PDF to find out, but I can't for the life of me work out why there isn't an opening paragraph explaining what it is, and I'm too old for guessing games.
This is the second link from HN I've opened today like this.
I think this is the right way - store data but publish it publically when you are confirmed with coronavirus. Then apps installed on others phones would automatically see your data and would do an intersect to see if they were in proximity, and notify you accordingly. This way only the data of those impacted by coronavirus becomes public. And although it’s public technically, as the app has access to it behind the scenes, but legally you won’t be allowed to reverse engineer the response data and publish it online on a map,etc. so that adds some privacy from the general public’s eyes.
For HN folks at Apple or Google, are there efforts internally to incorporate this or something similar into Android and iOS updates? It will have to be a collaboration between the two companies.
Sadly, I do not see Private Kit reaching anywhere close to the critical mass required for it to be fully effective, unless all Americans are required to use it per a new federal mandate, which I cannot see becoming a reality given the incompetency clearly exhibited by one or more of our "leaders" over the past several days (if not much longer)..
Are tools such as homomorphic encryption, differential privacy, etc. applicable here? There should be a way for users to control their location data, and opt-in to sharing it at times like this, and then opt-out later.
Homomorphic encryption is not computationally practical and differential privacy relies on noise which is not ideal when (i) errors compound as is the case of contact tracing where each new node introduces many candidates for exposure and (ii) there is a high cost of false positives or negatives.
Perhaps this is a use case for a secure enclave, where location data is stored, a biometric authenticated authorization can be used for releasing it, and there is provably no backdoor for this feature to be used without the user's approval. I hope to see companies like AAPL address this in a way that solves for these types of situations without introducing draconian oversight capabilities.
Because my guess is that location will give you too may false positives if ppl realy use that system. I wonder if it would not be better to do sth like emitting colocation ble beacons with totp sequence and a random secret. If some is tested positive you release the secret or a even only a list of the emitted beacons in the relevant timeframe. Everyone can then check against the list they recorded. Does that make sense?
Czech volunteer group Covid19cz involving some big Czech companies and in cooperation with the Czech government are going to launch their tracking system which they claim is GDPR compliant, based on experiences learned from other countries like South Korea and packaged to be rolled out to other countries. I am not associated with them, I just think it is worth mentioning here.
Singapore
tracetogether
https://www.tracetogether.gov.sg/
Opensource: Announced to be opensource but when? Related news: https://str.sg/Jfup
Almost the most pouplar, 735K users
Bluetooth based, no location information collected. As stated in their official site “The app doesn't identify “where” the exposure to COVID-19 cases may have occurred. It only seeks to establish “who” else might have been exposed to the virus.”
It's being taken for granted that nearly everybody (Cuomo just said 80%) is going to get it, so it doesn't make sense to get angry at someone for increasing your risk of catching it. The efforts to slow the spread are about giving the healthcare system time to cope. So, yes, people are being antisocial if they don't follow the rules but it's not sane to treat it like you're personally being assaulted. This isn't ebola or HIV.
> The efforts to slow the spread are about giving the healthcare system time to cope. So, yes, people are being antisocial if they don't follow the rules but it's not sane to treat it like you're personally being assaulted. This isn't ebola or HIV.
No. It should be treated as attempted mass murder. Because this is what it boils down to: one idiot causing a bunch of deaths downstream, plus some more by contributing to overloading healthcare.
The impact of global warming is estimated at 150,000 fatalities[1] per year currently, which so far is significantly more than the epidemic. Do you think that automobile drivers should be treated as "attempted mass murderers"? It is even the same people telling us about that and coronavirus - the WHO.
This is a false equivalence and you and everyone else who keeps making it know it. It makes zero sense to say that the current number of deaths is less than deaths from climate change or cars because those deaths aren't (at the moment) rapidly increasing exponentially. Do you think the deaths will just magically stop? What people apparently forget is that mortality rates jump (for everything) when your healthcare system collapses, as it did in Northern Italy, as it is about to in New York, and as it will everywhere else in a week or two because of flippant attitudes like yours.
It's equivalent in a very limited, specific sense in that anyone who literally regards people as mass murderers for contributing a tiny amount to the problem is psychotic, in my opinion. Of course, everyone in this thread is just trying to be edgy, I'm 99% certain.
Whether the number is more or less is irrelevant. The point is that people contribute a small increment in probability to a collective problem that is significant, and treating it as a personal issue is wrong.
Being concerned about the collective risk should make you less concerned about your personal risk, otherwise you aren't really collectively oriented.
It's not a small increment in probability. If you're a carrier and start going around meeting people, you're directly causing a huge increment in probability of them being infected - and then recursively smaller increments in people downstream.
Individual privacy is where I draw a line in the sand.
I'm ready to do many things, but that does not include allowing geotracking, geofencing or any other restriction on the freedom of movement and freedom of assembly.
The government can shut businesses, shut public parks and beaches, but what we do in our homes, clubs and other private properties is off limits.
Because it's not necessarily delusional, or paranoid.
Give them the benefit of the doubt: Assume they are competent, healthy adults, who really believe in what they say.
With that assumed, it's someone choosing to sacrifice other people's lives for their political values.
Personally I think that situation crosses the "your right to swing your fist ends at my nose" line.
We should certainly build systems that protect privacy if we can, to the extent we can. I'm very pro privacy, not against privacy at all.
But to the extent values conflict in a material situation, such as privacy versus not harming other people in a deadly way as the current crisis, we have to choose priorities, and then be smart and subtle about retaining as much of our overall values as we still can given the priorities.
> No, not just other peoples - that includes my own life too.
Yes, I agree, your own life is important too.
If you're not familiar with "your right to swing your fist ends at my nose", it refers to when your exercise of your personal freedom deprives another person of their personal freedom.
> The freedoms enshrined upon us by the constitution are not negotiable
And yet here you are, advocating depriving people of their freedom to live.
In the present case, your right to freely wander around, asymptomatically spreading COVID-19 contributes to depriving others of their freedom, by killing and disabling them.
The cold harsh reality of the biological world right now is that some freedoms exercised by a person are causally depriving other persons of those same freedoms.
You might not like that, but it appears to be the state of biological nature right now.
To assert that the freedoms enshrined by the constitution are "not negotiable" involves irony, denial and paradox: Because in exercising those freedoms, you yourself are taking them away from other people.
That's my argument and moral basis, anyway. The point is to persuade you to comply voluntarily due to compassion, whereby you ideally make the choice to do so out of consideration for the welfare of others in a situation where your actions affect others.
I've been stuck at home for a while now, so as to not kill another person staying with me. It's not like I enjoy being stuck at home.
I'll be mighty unhappy, and unimpressed by constitutional arguments, if they get killed or disabled because other people make an informed decision that their inalienable right to spread COVID-19 outweighs my person's inalienable right to life, liberty and dignity.
You do not have to persuade me to comply voluntarily. I already did.
I left NY for business 2 weeks ago. About 10 days ago, I started having faint symptoms. I was ready to go home. So I decided to start wearing a mask, and instead to drive straight to the secondary residence in the countryside as it is isolated. Due to the presence of elder relatives, I stayed in a nearby hotel room for 7 days - not even going out while I could have.
I had no laws forcing me to do that. But freedom does not mean people have no respect for other people's lives.
It may produce the same result, but there is a difference between forcing someone and letting them do the right thing by providing them truthful information. And freedom works both ways: that's also why I believe even sick people should not be forced to stay home just to protect me.
This is how in the US we often achieve better results than in other countries: more freedom!
The rise of authoritarianism for one small health crisis worries me just as much as it did on 9/11 for one minor attack. We reacted totally out of proportion, and let our feeling go in the way of reason. We permanently lost some freedoms, and ransacked the middle east (and we are still involved there almost 20 years later)
People die, it's a sad fact of life, and not a valuable reason to outweigh anyone inalienable right to life, liberty and dignity.
Yes, you chose "harming other people in a deadly way".
At which point other people's constitutionally enshrined freedom to defense of self and other kicks in, and they can detain you.
The constitution does not necessarily support your side in that situation, although it should support your right to be treated with dignity while detained, and to let you express your argument.
I sometimes don't get why some Americans worship the Constitution like that. It was written by humans Albeit educated, thoughtful people who greatly cared about it, but still more or less humans.
> No, not just other peoples - that includes my own life too.
Glad you don’t get to make that decision on behalf of other people, and those actions are at least illegal in California.
I also think it’s nonsense to imply you are putting yourself at any real risk, if you were immunocompromised or elderly you wouldn’t have such a callous attitude.
A well written constitution allows for provisions to be suspended and outweighed in a state of emergency. Ideally it has a mechanism for doing so where possible, and for limiting the effect and scrutinising it, treating such a state as a serious exception to the normal state of things.
Constitutions are a tool and an inspiration for better society. They are not able to anticipate or codify every situation, though. Ideally they themselves codify recognition of that, and govern how exceptions are to be handled with care.
https://www.mobihealthnews.com/news/asia-pacific/singapore-g...