Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday April 13 2020, @05:58PM   Printer-friendly
from the proximity:-opposite-sides-of-the-same-wall dept.

Ross Anderson, a researcher at the Security Group at the University of Cambridge Computer Laboratory, has written about contact tracing in the real world enumerating in detail some of the many shortcomings with and false assumptions about contact tracing as means of fighting a pandemic.

There are also real systems being built by governments. Singapore has already deployed and open-sourced one that uses contact tracing based on bluetooth beacons. Most of the academic and tech industry proposals follow this strategy, as the “obvious” way to tell who’s been within a few metres of you and for how long. The UK’s National Health Service is working on one too, and I’m one of a group of people being consulted on the privacy and security.

But contact tracing in the real world is not quite as many of the academic and industry proposals assume.

First, it isn’t anonymous. Covid-19 is a notifiable disease so a doctor who diagnoses you must inform the public health authorities, and if they have the bandwidth they call you and ask who you’ve been in contact with. They then call your contacts in turn. It’s not about consent or anonymity, so much as being persuasive and having a good bedside manner.

He is not alone in pointing out that claims of being able to anonymize personal data have largely been proven to be bunk. The rules we set in place now will be with us for a long time and have far-reaching effects. The need to be given an appropriate level of consideration.

Security researcher Bruce Schneier posted his concerns on the same contract tracing story.

Previously:
(2020-04-11) Apple and Google are Launching a Joint COVID-19 Tracing Tool for IOS and Android
(2020-04-08) Senators Raise Privacy Questions About Google's COVID-19 Tracker
(2014-10-16) How Nigeria Stopped Ebola


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Immerman on Monday April 13 2020, @08:39PM

    by Immerman (3985) on Monday April 13 2020, @08:39PM (#982213)

    5) would be a problem - if you only search for a subset of hashes you have encountered, then you'll only be alerted to confirmed infections within that subset. You have to search for *every* hash you've encountered to be able to tell if any of them are confirmed infected. And you don't want to wait until the random sampling eventually covers the full list, since you're likely to be contagious relatively soon after being exposed.

    I'm also not clear on what hashes are supposed to add to the procedure rather than just using the original beacon IDs.

    If you're looking at preserving the privacy of the masses, it would seem the natural thing to do would just download a comprehensive list of every infected beacon released in the last day and compare against your own contact history. The initial download of everyone confirmed infected in the last few weeks might take a little while, but once you're only looking at new contacts - assuming a new beacon every 5 minutes, and 64 bits per beacon, 1000 new cases would only be a 2.3MB download, uncompressed (and you could probably get some really awesome compression since the beacon order doesn't matter - even just sorting the data first makes it far more amenable to compression).

    Of course if things get bad and you're looking at 100,000 new cases in a day, it gets a little sluggish. But if everyone is doing it, caching can reduce infrastructure requirements dramatically. You could also dramatically reduce the data load with only minor loss in privacy by encoding regional data in the beacons - e.g. dedicate 12 bits to indicate which of the 3000+ U.S. counties(or equivalents) you're currently in, so that people only need to download the infected beacon list for the counties they've actually been in recently.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2