COVID19-Tracing/-Tracking App in Singapore under GPL-3.0
Paul Boddie
paul at boddie.org.uk
Fri Apr 17 20:40:11 UTC 2020
On Friday 10. April 2020 22.09.06 Sebastian Silva wrote:
> Thanks for sharing!
>
> I just passed it on to a government mailing list in my country (Peru).
>
> I did a quick search and found an article by the Singaporean government
> explaining their logic, which I shared also.
>
> <https://www.tech.gov.sg/media/technews/six-things-about-opentrace>
Some of the insights are interesting in various blog posts. For instance:
"Aside from the technical challenge, using location data for contact tracing
also raises serious privacy and data security concerns. If users are hesitant
to download the app for fear of inadvertently revealing their movements, its
ability to link the dots would be greatly diminished."
https://www.tech.gov.sg/media/technews/tracetogether-behind-the-scenes-look-at-its-development-process
This is in agreement with the European Data Protection Board advice:
"Contact tracing apps do not require location tracking of individuals users.
Their goal is not to follow the movements of individuals or to enforce
prescriptions. [...] Collecting an individual’s movements in the context of
contact tracing apps would violate the principle of data minimisation. In
addition, doing so would create major security and privacy risks."
https://edpb.europa.eu/sites/edpb/files/files/file1/edpbletterecadvisecodiv-appguidance_final.pdf
Interestingly, the ACLU has a white paper on the topic which includes the
following remarks:
"In addition, the location data typically generated by cell phones is not
precise enough to identify epidemiologically relevant contacts, i.e. such as
those within the requisite distance or with the relevant type of exposure. We
reject these privacy-unfriendly TACT proposals outright because they do not
strike the right balance between effectiveness, necessity, and intrusion."
https://www.aclu.org/report/aclu-white-paper-principles-technology-assisted-contact-tracing
(The ACLU document is a solid summary of a number of different concerns and,
of course, favours Free Software, advocates reproducible builds and release
archiving, amongst other things - see the "Auditable and fixable" section.)
In contrast to this, the Norwegian agency and partners seem to have fixated on
the recognised limitations of Apple products:
"– Vi mener at lokasjonsdata er et nødvendig supplement til Bluetooth både for
å validere data før utsending av varsler (for å hindre falske varsler) og
spore nærkontakter som man ikke finner ved Bluetooth. Lokasjon vil også gjøre
det mulig å ha forskjellige algoritmer for nærkontakt på forskjellige steder."
("We believe that location data is a necessary supplement to Bluetooth both
for validating data before sending alerts (to prevent false alarms) and to
trace others that cannot be found with Bluetooth. Location data will also make
it possible to have different algorithms for proximity detection in different
places.")
https://nrkbeta.no/2020/04/16/personvernrad-i-eu-mener-norsk-app-bryter-med-viktig-personvernprinsipp/
I find it rather interesting that location information is supposedly so
helpful in the absence of Bluetooth signals. As the Singapore group openly
admits...
"While GPS works well in wide, open spaces, it fares poorly when it comes to
indoor and highly urbanised settings, said Mr Jason Bay, Senior Director of
Government Digital Services at GovTech. “If you are one floor down in a
building, your GPS location could look the same as someone in the floor above
you because of signal reflections and multipath propagation effects,” he
explained."
Indeed, precise indoor positioning (which is arguably most important in this
situation) is a notorious problem with plenty of different, imperfect
solutions despite being a lucrative area of research. I think I trust the
person talking about reflections and propagation effects while giving an
understandable example of false positives, as opposed to the person being
vague about "different algorithms" and keeping their options open to the
maximum.
It should be said that location information is already used for surveillance,
tracking, "analytics" and so on, with such data being traded for commercial
advantage. This should not automatically make its use acceptable because "no-
one has any privacy anyway" or that there is an opportunity to normalise such
activities in another realm. Moreover, there is a real risk that such
solutions applied in this realm could cause panic situations and impact the
wellbeing of the population.
Meanwhile, a preliminary report was delivered about aspects of an official
review of the Norwegian "app". Some extracts:
"Posisjonsdata som breddegrad, lengdegrad, nøyaktighet, hastighet, høyde og
nøyaktighet på høyde blir periodisk lagret i en ukryptert lokal database på
telefonen."
("Position information such as latitude, longitude, [geographic?] accuracy,
speed, height and height accuracy are periodically stored in an unencrypted
local database on the telephone.")
"Det brukes permanente og enhets-spesifikke identifikatorer mellom enhetene.
Dette vil potensielt åpne for muligheter til å utlede andres identitet eller
smittestatus."
("Permanent and unit-specific identifiers are used by devices. This could
potentially make it possible to extract the identity or infection status of
others.")
"Tilgangsstyring, logging av tilgang, prosedyrer for sletting og aggregering
av data i Azure er enda enten ikke påbegynt eller ferdig implementert. Denne
funksjonaliteten er avgjørende for å kunne vurdere om personvernet er godt nok
ivaretatt i løsningen."
("Access control, access logging, processes for deletion and aggregation of
data in [Microsoft's cloud solution] Azure are either not yet established or
finalised. This functionality is critical in assessing whether privacy is
safeguarded in this solution.")
https://www.regjeringen.no/globalassets/departementene/hod/fellesdok/rapporter/200409_forelppig_rapport_ekspertgruppe_sporingsapp.pdf
Noting that this report was filed about a week ago, maybe some progress was
made since then before launch. I don't think anyone knows why the agency
responsible and their partners did not decide to build on other efforts.
Reassurances from the politicians don't really count for so much when one
reads this...
"Rett etter skjøt statsminister Erna Solberg inn at denne løsningen vil bidra
til å gi nordmenn «mer frihet, raskere»."
("Immediately after [the health minister's insistence of the legal compliance
of the solution], the prime minister, Erna Solberg, shot in with the
observation that the solution will help give Norwegians "more freedom, more
quickly".")
This being a government that attempted to introduce emergency legislation
curtailing the powers of the legislature, described as "madness" by one legal
expert [1]. But, of course, only foreign people can be autocrats and
dictators!
Sorry for the long message!
Paul
[1] https://www.nrk.no/norge/regjeringen-legger-frem-ny-korona-lov-som-gir-krisefullmakter-1.14950955
More information about the Discussion
mailing list