A lot of the arguments against this were rehashed the last few weeks over and over. As an passive participant to such discussions I can't express how tiring it is to see new people drop into these conversations without reading up on what already has been discussed beforehand.
Which part guarantee it won’t be repurposed later to track if you have been in contact with a terrorist or not?
I understand this is already possible with current tech. However not sure why we should empress to make it things even easier. Specially if the only thing that protects you if the absence of mandatory uploads of your daily hashed list. It seems super easy to switch that on.
It’s totally useless for tracking “contacts with terrorists”, especially compared to phone records or chat metadata.
Location data is far more valuable for a surveillance state, and it is already recorded in several places, including servers that are easier to get to (legally) than your phone.
There’s an argument for it being more useful than location data. If you are actively watching a target you do not need their location. But what is useful are the ability to track the movements of their social network, who they interact with, etc.
But you can't identify anyone in the social network, because the identifiers you get aren't tied to any individual unless the individual chooses to reveal them.
So unless you're tracking a terrorist and their social network comes down with Coronavirus and you subpoena the hospital they were tested at for records, you aren't able to tie the IDs to individuals.
Exactly. This is better than many existing surveillance because you are now using other people as sensors and the meta data is higher than ever before.
X and Y were connected to the same tower at 12:52... vs X and Y were feet from each other and Z who we didn’t even know about from 12:50.430 to 12:55.001
I agree that people should be reading the paper. Crucially, the whitepaper explains why it doesn't preserve privacy.
For example, section 5.4 (design trade-offs) says that individuals who have declared themselves as infected can be retroactively tracked and identified. Tracking only requires a bluetooth receiver which is aware of its own location - government agencies could easily do this.
Because the keys, from my understanding, change every day. So if someone is infected, you can only track them for the relevant days because those are the keys they would give you.
You could simply set it up to delete your own keys after 14 days, for example.
This is obviously just all obfuscation. The entire plan is that you are uniquely identifiable, you are being pinged by every person you walk near, there is protection from Target, Bestbuy, “Ze Russians” but not Apple, Google, Gov.
You can put as many crypto or “random” or key derivation layers you want in there, you just also need to admit they are surface deep and really “just for show”.
This is constant person tracking, that’s the whole point.
Is it really worth it to track 0.1-1% of the population for a few days?
I don't really see how this level of investment is worth it.
I'm also not sure as to how widespread it has to be, with the 2. proposal from DP-3P, you won't be able to link EPIDs, so you would need to infer the new infected epids from the last known position. That seems only feasible if there are sensors everywhere.
There is some psychology to this. A person's instinct is to fear and, as if a predator were stalking them, fear of being watched. In the digital age, that means fear of how their data is being used/watched. That isn't to say they are doing anything wrong, per se, but the act of being watched instills fear. Thus, even though they don't read the article, they respond instinctively with skepticism.
The reality of how this data is used is probably not as dire as is feared. Even though fear is a useful tool, it should be used to push us to investigate (e.g. read the paper). Fear should inform some objective discussion.
In this case, I think that the fear is relevant due to how companies have notoriously failed in preserving anonymity. I think in order for us to usefully data mine people's lives and actions (which is what we're talking about), we need to come up with better ways of ensuring that the data can't be used for draconian purposes by those in power (whether state, media or other). We need some way to assuage the fear to get the benefits of the data. After all, this isn't a technology problem. It's a people problem.
I'm not sure if you'll read this; but I replied a bit curtly and unusefully earlier today, and want to apologize for that.
It's stressful seeing messages that appear negative in a situation like this because the stakes are potentially so high. Unfortunately I didn't do a great job of making my own message and tone more positive.
Thanks for sharing the whitepaper link here and leading a lot more folks to discover it that way.
But that's how every policy discussion goes. Nothing anyone says at a town hall meeting is novel or unique to the staffs/politicians your talking to. It doesn't mean a person shouldn't speak their mind on topical issues.
If you only want to have a discussion once, then only partake when in the company of actual power, or within rule-making bodies.
A lot of the arguments against this were rehashed the last few weeks over and over. As an passive participant to such discussions I can't express how tiring it is to see new people drop into these conversations without reading up on what already has been discussed beforehand.