IETF Logo Mail Archive

Re: COVID-19 contacts tracker (Re: a brief pondering)

Jeff Tantsura <jefftant.ietf@gmail.com> Thu, 16 April 2020 20:39 UTC

Return-Path: <jefftant.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C14193A1043 for <ietf@ietfa.amsl.com>; Thu, 16 Apr 2020 13:39:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DCZK6S_tMZSs for <ietf@ietfa.amsl.com>; Thu, 16 Apr 2020 13:39:34 -0700 (PDT)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A80EA3A103A for <ietf@ietf.org>; Thu, 16 Apr 2020 13:39:34 -0700 (PDT)
Received: by mail-pj1-x1034.google.com with SMTP id cl8so56913pjb.3 for <ietf@ietf.org>; Thu, 16 Apr 2020 13:39:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=m3PqDi2V2JxLa8xcS/ZRoQYRtNup2d83P6emeNtlh3w=; b=AoSUxF0u2Ylg4MED1KKa+LfHtGjfe/sqHKEJrdO5qqT/ZFmCvi7gh9O4rSRAzu+uSa 7PplBGDLnD95biDqDzEBKYmJ47+lUI6nKOyMwiDWK61xPqyVcJdcMCdconl94YyCRl0i blrZoSJqR7WS1H3aDETtQm+NC7qQgNvo7EUaV3X9SaEpqmAvL83DS5WXHFTRaUsUima6 zfB4DL4iN3Os5ElOAlrmwX0ebYsNLb+QakbExsK+NcbIaMCo6WHD5D4fGEiDHXlQu7lk cMJeJdas008Yf8g/JpvW3bUPoGN3nqMJujgbN8Iu4tBbzy+Ey8W7atWj/ttorgJPZWH7 Lx4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=m3PqDi2V2JxLa8xcS/ZRoQYRtNup2d83P6emeNtlh3w=; b=fl+hHfbiOKJ6qHHV82GP3yZT7lHrCbL0Q6G/nvV0CLBAY/LdmnnxVWpRIaPGfY+TU5 xkUu+bWJJuc60giPuqo/EnthxiBYoQbH0/3+VjqCrg4absbAkXZ0OjjUFDlkA8r+vYHq NzsDm/ZRKQeWft6sa6KPy8ojVqzysArqkYgJdGgYavmOs4dhbFBCHuJKZM2OhlGa0khX 3G6Lyc4iQ+fO7XuP5887HVJl/0BGihrpda9S7Ov1zUEvQFGNGAX26+mfLHawG0SGQFO8 bia7mtbvNBtDcDLcaBD2EooiLozlpxAR9WafOhS5r4YrefrSbqQyQsXL+ps/zQ4J6Pg5 0MeA==
X-Gm-Message-State: AGi0PuZRPFrBmgZi9J34pSRZZ96mDUXb6as1yMcTdGxT/D+8+kcDtJpM tjOeSO8/RL6H6d+D88FNdHs=
X-Google-Smtp-Source: APiQypK71CkPEWxm9wOBhY9nF7Ql/SFzm+Ugjex/ur+s0aKGlfcsWeFnKt6fMcf/lVxccxEgaRP5Lw==
X-Received: by 2002:a17:90a:d98e:: with SMTP id d14mr170098pjv.178.1587069573964; Thu, 16 Apr 2020 13:39:33 -0700 (PDT)
Received: from [192.168.1.10] (c-73-63-232-212.hsd1.ca.comcast.net. [73.63.232.212]) by smtp.gmail.com with ESMTPSA id f6sm3701308pfn.189.2020.04.16.13.39.32 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 16 Apr 2020 13:39:32 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Jeff Tantsura <jefftant.ietf@gmail.com>
Mime-Version: 1.0 (1.0)
Subject: Re: COVID-19 contacts tracker (Re: a brief pondering)
Date: Thu, 16 Apr 2020 13:39:31 -0700
Message-Id: <45CDCEBA-F02F-49D6-92D9-34FED2B9F1A4@gmail.com>
References: <e73c1cd0-15f3-8246-0516-da30aae76362@huitema.net>
Cc: John Wroclawski <jtw@csail.mit.edu>, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>, IETF discussion list <ietf@ietf.org>
In-Reply-To: <e73c1cd0-15f3-8246-0516-da30aae76362@huitema.net>
To: Christian Huitema <huitema@huitema.net>
X-Mailer: iPhone Mail (17E255)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Agitc4fD3X-7GVoV1K5lUu9gmXI>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Apr 2020 20:39:36 -0000

I’m with you Christian!
Our privacy/rights will inevitably be abused if the technology allows to do so.
History always repeats itself.

Regards,
Jeff

> On Apr 16, 2020, at 13:23, Christian Huitema <huitema@huitema.net> wrote:
> 
> 
> On 4/16/2020 10:11 AM, John Wroclawski wrote:
>>>> On Apr 16, 2020, at 10:56 AM, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org> wrote:
>>> 
>>>> Il 16/04/2020 09:18 Rob Sayre <sayrer@gmail.com> ha scritto:
>>>> It's not clear that any of these tracker proposals actually harm privacy. Certainly the government in most places can get this data from phone companies and correlate it themselves.
>>> No, because covid19-oriented contact tracing requires much more precision than what can be provided by any location data that the operators can trace through their cellular networks; location data are unsuitable to determine a one-time contact with accuracy […] (the other reason is that this approach allows you to trace contacts even if the cellular and/or GPS connectivity is unavailable, 
>> Yes, exactly. The other interesting thing about the BTLE protocols being proposed is that they’re being designed to report that you came into close proximity to a person of interest, but not (depending on details) where, exactly when, etc. This, plus requiring you to explicitly release your tracking information, is the sense in which they’re “privacy preserving” - implementing minimum semantics needed for this specific purpose and no more.
> Most of the anonymization schemes presented in the past ended up broken.
> I understand that people at MIT, Apple, Google and other places are
> trying real hard to prevent that, but history is not on their side. I
> can easily imagine correlation with adtech surveillance, beacons in
> physical places, cameras and face tracking, fingerprinting of Bluetooth
> radios, etc. Surveillance capitalism is almost guaranteed to invest there.
>> 
>> Of course, one could always cross-correlate with other information (eg, cell-tower-trianguation-level location tracking) to peel some of this back. But if you’re worried about that, the next observation is that the BTLE protocols work even if your LTE radio is turned off - they remember things for later. So you can, at least conceptually, carry your phone with the wide area radio off when you want to, and still learn retrospectively that you were in proximity to a contact.
> 
> And here comes the slippery slope. The efficiency of this reporting
> varies as the square of the penetration. There will be a huge incentive
> for authorities to increase that efficiency and make installation
> mandatory. That means mandating carrying your phone with Bluetooth
> turned on. See previous point about surveillance capitalism. Then mix
> that with an alliance between states and corporations. Am I the only one
> getting anxious there?
> 
> -- Christian Huitema
> 
>

v2.23.0 | Report a Bug | By Email