My feeling is that while privacy is important, it's being taken a bit too seriously given the severity of the crisis.
Google and Facebook et al. carry out far more involved and intimate surveillance of people's lives than would be required for an app as described in the article.
(Disclosure: I'm a member of CCC and chairman of a local chapter.)
"Please install this app to save lives. Don't worry, it collects less data on your movements than Google Maps."
For those "40% only if privacy concerns are addressed" there is a gradient of privacy. How many of them will still have concerns no matter what? And how many will not install anything out of laziness/comfort?
Meanwhile, Google and Facebook are installed in 90%+ of phones and happily scoop up location data every day.
There is an additional technological cost, but that's what we should weigh the privacy costs against. The choice is between an app that doesn't care about privacy versus one that does.
Time is of the essence here. I agree that, all else being equal, privacy should be respected. However, if it takes multiple weeks to iron out all the potential privacy issues, this approach becomes much less effective.
Finally regarding Google/FB: Why would you give up even more of your privacy?
They're probably not going to care about people's views in the first place. Such regimes are already mandating apps of this type to be used.
> When you are close to another phone running TraceTogether, both phones use Bluetooth to exchange a Temporary ID. This Temporary ID is generated by encrypting the User ID with a private key held by the Ministry of Health (MOH).
From: https://www.tracetogether.gov.sg/common/privacystatement
From that perspective whether it is open source is a secondary consideration.
If you become infected you have the option of broadcasting your ID as being infected and others can compare the infected list against the IDs collected on their phones.
None of the data you mentioned is being collected.
This time around shouldn't we aim for a better response and no fall out that will last decades on our responses?
I don't think this is doable. All protocols that we currently have have the ability to reveal this information in one way or another.
There are two fundamental approaches at the moment: soemthing like DP-3T which uses TCNs (temporary contact numbers) where contacts exchange temporary numbers. On infection you download the list of infected people and compare on your device for matches. This fundamentally reveals who was infected. Then you have centralized approaches where you hand out encrypted IDs which a central authority can decrypt. In the latter case you can just create new device IDs which again lets you easily figure out which of your contacts was infected.
In the latter case you have the theoretical possibility to detect such behavior due to the sheer amount of IDs generated by participants.
Generally the attack vector would be someone putting a beacon to a super market and making pictures of people going in and out and capture their IDs. Then they could figure out later which of the people got infected.
The Indian government does not have a great track record when it comes to privacy and information security. (https://www.firstpost.com/india/aadhaar-data-leak-details-of...) Aadhar is the Indian equivalent of the US SSN.
While the cause is noble, there is always the problem with setting precedents, and as governments are known to use Riders (https://en.wikipedia.org/wiki/Rider_(legislation)), I don't trust them they won't use Covid-19 to further their agenda either.
This is what happens when you erode peoples trust. I for one will not be using these apps.
Why do we need to implement a surveillance state on top of that?
Most contact tracing comes up as part re-opening businesses (and schools, though in the US that will probably be in the fall), not as much for the current complete shutdown.
https://www.aei.org/research-products/report/national-corona... has a good explanation of why contact tracing is an important part of re-opening. The gist is that any amount of re-opening is likely to bring R0 much closer to 1 than it is during the current complete shutdown. The question then becomes how (well, how else) to minimize spread when new cases do occur.
Think of contact tracing as one way to replace the impact that’s currently provided by shutting everything down.
Maybe this isn't the dystopia we deserve, but it's the dystopia we need.
Sorry for the sarcasm, but I buy this now as little as I buy it in other situations.
I mentioned location data and if there is one thing we have learned over the past decade or so, it is that location is not gathered just from GPS ( which is the argument I assume you were making ).
edit: As for the claim, no data is sent over the internet.. I just plainly do not believe that statement. I do not understand how anyone would.
Singapore (and others, for that matter) has allegedly solved some of these issues in their soon-to-be open source contact tracing app [0].
They basically let every device keep track on itself and it's encounters - until a diagnosis is made.
Can't remember the details from there off the top of my head, but you'd either do a lookup via a central authority, or notify peer-to-peer, depending on what other mechanisms are in play (ephemeral/co-signed IDs, etc.)
This drip drip of 'steps to take' by authorities and media is quite disingenuous: there have been multiple simulations into pandemics in the past 30 years and all these steps have been spelled out in various papers.
Here is one: www.centerforhealthsecurity.org/our-work/events-archive/2001_dark-winter/Dark%20Winter%20Script.pdf
(Grep for "freedom")
And anyway, our rights are anyway being temporarily but heavily reduced. I don't see why we have to also install this app, especially since having everyone wear a mask and washing one's hands would make the whole point of having contact with an infected person almost irrelevant.
Mandatory apps installation.. I guess that could be rolled out as most providers can and do have the ability to install stuff on your phone remotely.
That said.. what are the odds average person gets sufficiently annoyed by gvmt mandated apps and installs lineage?
Won't happen to any meaningful degree. IMO if technologists fail to sensitize public discourse against the emerging dangers of surveillance tech now contemporary western democracies are probably about to be "disrupted".
Naturally, I could be wrong ( and has been about cellphones for a while now ). And then, my mom could barely handle switch from Whatsapp to Signal.
edit: coffee didn't kick in yet. added barely before handle
Making owning and carrying a smartphone with required app mandatory won't fly in any healthy democracy.
One compromise in making it semi-mandatory could be to reduce lockdown requirements for people using and carrying the app, because they'd be less dangerous.
The answer to these questions is easy in a authotarian state: you assume they are bad actors and use the full force of the state on them – so people will go out of their way to do as if they comply with your rules even if they don't.
In any democratic nation with a culture of scepticism when it comes to the government it won't be that easy. If you force people to do things over here, you will get a considerable portion of people working actively against you in ways that you cannot prove. It might be easier, more efficient and fruitful to just make it voluntary.
* people who own an Android or IOS smartphone to install a required app? (Might work if Google or Apple pushes the software, but does this outlaw non-stock-Android and IOS operating systems on a smartphone? Will Apple/Google do this for every country with an app?)
* people who don't own a smartphone to buy one? (Subsidized? Black-box devices that only need to be charged at home as an alternative for this group? How do you deal with people who don't want one for valid reasons besides privacy? E.g., people who got rid of them because they are vulnerable to the addictive properties of smartphone apps? And of course people who can't afford them.)
* people who can't use a smartphone to carry one around? (The digitally or otherwise illiterate or mentally incapable, and people with physical limitations won't just disappear overnight. This includes many elderly; exactly the weakest group with this virus.)
I wonder. Some of my friends don't own a smartphone. How will that contact tracing app run on their Nokia from 2010? Or will they get a smartphone from the state? How would you check if someone owns a smartphone, or whether they are pretending to have one of the old ones? If your goal is to get as many installations as possible on devices people take with them is it really the most productive thing to try forcing it?
Don't get me wrong, I do realize that propper contact tracing is the only way to deal with this virus until we got a vaccine, but I don't see how a mandatory app installment could be enforced in any western state without breaking fundamental rights. You'd literally have police knock at doors and force people to unlock their phones in order to check the installed apps, if you really want it to be installed everywhere. You would have to stop people in the street and have them show you their device AND frisk them to make sure they are not showing you a decoy device with the line: "Ooops the battery went out" or "Ooops I broke it a few minutes ago".
No – in western democracies transparency and voluntariness carries much farther. If the CCC approved any contact tracing app, even I'd immidiately install it without hesitation. If however I had to trust a closed source app by a government which tried at every turn to legalize the surveilance state I'd probably not do it. If the state would force me to do it, I would actively work against it and help others to do the same.
But you show exactly the bigger problem: the West is so individualistic, that it will rather have millions of deaths and economic collapse than a bit of privacy infringement over a number of months, again, everybody viewing himself as some sort of secret agent that the government is out to get at all costs.
Asian countries on the other hand understand that some time you need to make some real sacrifices yourself for the greater good.
Especially in the german speaking parts of Europe the scepticism towards government data collection has historical roots that I probably don't have to elaborate on, with people who died from said collection still in living memory. While safety is a fundamental right, it doesn't outweight all the other fundamental rights automatically. These rights need to be balanced even (and especially) in times of crisis.
I think the right way here would be to follow the CCC recommendations, and make it about a voluntary utilitaristic action, rather than enforcing it from the top down. People have to want to do it, just like they did in China. How you will get them there is different in Europe however.
Surely, they can also add a smartphone-free version that is a huge pain in the ass to use. It checks the box "you can survive without smartphone", but makes it practically unreasonable.
It will be the same situation as with CCTV and bag searches nowadays. The vast majority of people will accept this as reality and perhaps even support this. London is full of CCTV and mostly people are okay with this because they believe it is for their own safety. Sure, you are not forced into this, feel free to live in mountains off-grid.
The bottom line is you just wait until the lockdown is normalized in people's minds and then reward them with freedoms if they agree to use the app. And 99% will be okay with this.