Re: COVID-19 contacts tracker (Re: a brief pondering)
Harish Pillay <harish.pillay@gmail.com> Fri, 17 April 2020 09:51 UTC
Return-Path: <harish.pillay@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C2493A03F4 for <ietf@ietfa.amsl.com>; Fri, 17 Apr 2020 02:51:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GMxvwAGx-jsJ for <ietf@ietfa.amsl.com>; Fri, 17 Apr 2020 02:51:48 -0700 (PDT)
Received: from mail-oi1-x233.google.com (mail-oi1-x233.google.com [IPv6:2607:f8b0:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A48993A03F2 for <ietf@ietf.org>; Fri, 17 Apr 2020 02:51:48 -0700 (PDT)
Received: by mail-oi1-x233.google.com with SMTP id x10so1611410oie.1 for <ietf@ietf.org>; Fri, 17 Apr 2020 02:51:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Bd0tv/Nm7Ks6FNazi7EiNXy1s266Q3BU9+7AKalPlG8=; b=m+gQRGulQrd7C8I5ICWf0Sn3/ovYKHNOKNLDtpbZy2hLIppPIjK59AzwUFW6BnqDaZ 3o7TwIiMSliMx+TZaMmvskasZWA/J7nXJEvf14dJIGh6UFqPdtgLpCaXhtdpgIB9/48t w9wmi6+tApMSVDs+kUhm2UGCbbOScO8jMjHywtfAkE4N79qrhxRROfPkdbg3zLMjvIu/ I/pd55wdw6NRYbAvFVIfqOmkZV1isn7xcrTXYVVjyKAXG+2Vs10oqIw4UaS03PwbmPjd cukCpvj1Prff7PRg8TV3Zee4bX7mC2ucByKfRAYQicXyvgHyipinfHnnYg9ax9Uy16CW 1wdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Bd0tv/Nm7Ks6FNazi7EiNXy1s266Q3BU9+7AKalPlG8=; b=ucSLJ81ezUtWZPJluWS8EhBST1IgQ5Cqa6WIULhLXLxOunkasojfKbtXgWGeWSG00G rfafRUpl3s/OoqFRVkj2doZhuekp5vsG4EbRZCQy3LWJkXhoSeVZR0MyiEllBH4+ZNNM ZrsmqVJmCrZvhlgLTrpih7Aw78J31kioUudwEFFJXHp1m0BTbdz+IFulzauiCASggnlC b2w6rir8urjyFheQqAGbMA3xZrQ2fpY4t+6y+4QdTOAfswhdehzQCMCSCINEzen0lsDr N33wDXxbIhcc78I+YP8qy5OBpqALoGkd2ZDGGWlydcvMIXYHyFH2LWH5GyM9ArmCY2Ej HwxQ==
X-Gm-Message-State: AGi0PuaD0q1lpT9Hbtk+QOgHtSa7rXRGCERA++gPh2rehwr8LQKWSci0 7UheqVtDQ8cbiZTXmMys6ctc4gyD/X5rH8+FTs91spaTFmA=
X-Google-Smtp-Source: APiQypKsnaMAYgNhCxwDl1xfSyyhm/+fK5ewhEusYjB3DhY9Oan7WII0/WNRryx9ZWRWYb6RxaI0jWXH58s4Cvvyf80=
X-Received: by 2002:aca:af0c:: with SMTP id y12mr1583512oie.107.1587117107393; Fri, 17 Apr 2020 02:51:47 -0700 (PDT)
MIME-Version: 1.0
References: <e73c1cd0-15f3-8246-0516-da30aae76362@huitema.net> <45CDCEBA-F02F-49D6-92D9-34FED2B9F1A4@gmail.com> <CAOj+MMG3uFSy4rfMoLMd62-OBWUOKJDqadweu7dXou6iqhdgPA@mail.gmail.com> <CAMm+LwhF2JuWwBCW=-gjLA937EFz721-FEfdJX6QydfHstV-Lw@mail.gmail.com>
In-Reply-To: <CAMm+LwhF2JuWwBCW=-gjLA937EFz721-FEfdJX6QydfHstV-Lw@mail.gmail.com>
From: Harish Pillay <harish.pillay@gmail.com>
Date: Fri, 17 Apr 2020 17:51:34 +0800
Message-ID: <CAHkmkwtE1fMoQk0eWLx2qyfpVd7XuGOK83hmfA97tud6XifixA@mail.gmail.com>
Subject: Re: COVID-19 contacts tracker (Re: a brief pondering)
To: IETF discussion list <ietf@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/OOE_MDPEraxBOYxpNwh7aGZS_1A>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Apr 2020 09:51:50 -0000
I would like to offer up a solution using BLE that was open sourced last week. The code is available on a GPLv3 license. The project is called OpenTrace [0] and it implements a protocol called Blue Trace - bluetrace.io [1] has the whitepaper [2] describing it. The protocol is designed to be able to federate authorised health authorities. The protocol does not define what data is captured from the user. That is entirely up to the authorised health authority to decide/implement. The operational reference implementation of the upstream OpenTrace is called TraceTogether [3]. TraceTogether was rolled out here in Singapore on 20 March 2020. TraceTogether was built by GovTech [4] - the Singapore Government Technology Agency. One of the GovTech engineers who helped build it, Joel Kek, speaks about it here [5]. I am helping with the OpenTrace project and one of the ideas the community is considering is to see if it makes sense to have BlueTrace be drafted as a RFC. Disclosure: I assisted GovTech in open sourcing TraceTogerher as a member of the open source community. In a nutshell, TraceTogether works by asking for the mobile phone # of the user at initial run. That is the only detail - granted, a possible personally identifiable information - that is captured. The phone number is what the app sends to the health authority. Once the phone number is sent, a SMS containing an OTP is sent and the user enters that in to complete the registration. The user is then sent an encrypted ID which is the identifier the phone will use. This encrypted ID is signed by the private key of the health authority. When similarly registered phones come within the 10m bluetooth range, they exchange the encrypted ID, their signal strengths and a timestamp. Should one of the users become infected and goes to the hospital, with the permission of that user, the user will unlock the phone and the health authority (in our case the Singapore Ministry of Health) will extract the contact log. With that log, the MOH will decrypt the IDs in the logs and check against their system for a matching mobile phone number. From that moment on, the rest of the contact tracing effort is human-led. The contact tracing will determine things like how long ago was a contact established, how close-by was the contact, how long was the encounter etc. Contact data stored in the phone that is 21 days or older is automatically deleted. The user can also opt out of the app at anytime. Comments/criticisms welcome especially is we should even consider drafting a proposal for a RFC. Also welcome are any and all interested devs to make the project even more robust and privacy enforcing/respecting. Harish [0] https://github.com/opentrace-community [1] https://bluetrace.io/ [2] https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf [3] https://www.tracetogether.gov.sg/ [4] https://tech.gov.sg/ [5] https://www.youtube.com/watch?v=638Hwg0pkX0
- Re: a brief pondering Livingood, Jason
- a brief pondering Eliot Lear
- Re: a brief pondering Narelle Clark
- Re: a brief pondering Carsten Bormann
- Re: a brief pondering Michael Tuexen
- Re: a brief pondering Nick Hilliard
- Re: a brief pondering Carsten Bormann
- Re: a brief pondering Spencer Dawkins at IETF
- Re: a brief pondering Michael Tuexen
- Re: a brief pondering Adam Roach
- Re: a brief pondering Adam Roach
- WebRTC (Re: a brief pondering) Harald Alvestrand
- Re: a brief pondering Michael Richardson
- Re: a brief pondering Phillip Hallam-Baker
- Re: a brief pondering Narelle Clark
- Re: a brief pondering Toerless Eckert
- Re: a brief pondering Nick Hilliard
- Off-topic: making WebRTC work in practice (Re: a … Carsten Bormann
- Re: Off-topic: making WebRTC work in practice (Re… Spencer Dawkins at IETF
- Re: Off-topic: making WebRTC work in practice (Re… Carsten Bormann
- Re: Off-topic: making WebRTC work in practice (Re… Philipp Hancke
- Re: Off-topic: making WebRTC work in practice (Re… Cullen Jennings
- Re: Off-topic: making WebRTC work in practice (Re… Harald Alvestrand
- Re: Off-topic: making WebRTC work in practice (Re… Benjamin Kaduk
- Re: Off-topic: making WebRTC work in practice (Re… Bob Hinden
- Re: Off-topic: making WebRTC work in practice (Re… Harald Alvestrand
- RE: Off-topic: making WebRTC work in practice (Re… Larry Masinter
- Re: Off-topic: making WebRTC work in practice (Re… Keith Moore
- Re: Off-topic: making WebRTC work in practice (Re… Phillip Hallam-Baker
- Re: Off-topic: making WebRTC work in practice (Re… Michael Richardson
- Re: Off-topic: making WebRTC work in practice (Re… Eric Rescorla
- Re: Off-topic: making WebRTC work in practice (Re… Christer Holmberg
- Re: Off-topic: making WebRTC work in practice (Re… Peter Saint-Andre
- Re: Off-topic: making WebRTC work in practice (Re… Nico Williams
- Re: Off-topic: making WebRTC work in practice (Re… Cullen Jennings
- Re: Off-topic: making WebRTC work in practice (Re… Mary B
- Re: Off-topic: making WebRTC work in practice (Re… Harald Alvestrand
- Re: Off-topic: making WebRTC work in practice (Re… Christer Holmberg
- Re: Off-topic: making WebRTC work in practice (Re… Harald Alvestrand
- Re: Off-topic: making WebRTC work in practice (Re… Christer Holmberg
- Re: Off-topic: making WebRTC work in practice (Re… Simon Pietro Romano
- Re: Off-topic: making WebRTC work in practice (Re… Toerless Eckert
- Implementation requirement (Re: Off-topic: making… Harald Alvestrand
- COVID-19 contacts tracker (Re: a brief pondering) Benoit Claise
- Re: COVID-19 contacts tracker (Re: a brief ponder… Carsten Bormann
- Re: COVID-19 contacts tracker (Re: a brief ponder… Keith Moore
- Re: COVID-19 contacts tracker (Re: a brief ponder… John Wroclawski
- Re: COVID-19 contacts tracker (Re: a brief ponder… Bob Hinden
- Re: COVID-19 contacts tracker (Re: a brief ponder… Dirk-Willem van Gulik
- Re: COVID-19 contacts tracker (Re: a brief ponder… Keith Moore
- Re: COVID-19 contacts tracker (Re: a brief ponder… Joel M. Halpern
- Re: COVID-19 contacts tracker (Re: a brief ponder… Eric Vyncke (evyncke)
- Re: COVID-19 contacts tracker (Re: a brief ponder… John Wroclawski
- Re: COVID-19 contacts tracker (Re: a brief ponder… Keith Moore
- Re: COVID-19 contacts tracker (Re: a brief ponder… John Wroclawski
- Re: COVID-19 contacts tracker (Re: a brief ponder… Rob Sayre
- Re: COVID-19 contacts tracker (Re: a brief ponder… Fred Baker
- Re: COVID-19 contacts tracker (Re: a brief ponder… Rich Kulawiec
- Re: COVID-19 contacts tracker (Re: a brief ponder… Keith Moore
- Re: COVID-19 contacts tracker (Re: a brief ponder… Vittorio Bertola
- Re: COVID-19 contacts tracker (Re: a brief ponder… Stephane Bortzmeyer
- Re: COVID-19 contacts tracker (Re: a brief ponder… John Wroclawski
- Re: COVID-19 contacts tracker (Re: a brief ponder… Christian Huitema
- Re: COVID-19 contacts tracker (Re: a brief ponder… Jeff Tantsura
- Re: COVID-19 contacts tracker (Re: a brief ponder… Robert Raszuk
- Re: COVID-19 contacts tracker (Re: a brief ponder… Rob Sayre
- Re: COVID-19 contacts tracker (Re: a brief ponder… Phillip Hallam-Baker
- Re: COVID-19 contacts tracker (Re: a brief ponder… Harish Pillay
- RE: COVID-19 contacts tracker (Re: a brief ponder… Andrew Campling
- Re: COVID-19 contacts tracker (Re: a brief ponder… Christian
- Re: COVID-19 contacts tracker (Re: a brief ponder… Rich Kulawiec
- Re: COVID-19 contacts tracker (Re: a brief ponder… Stephane Bortzmeyer
- Re: COVID-19 contacts tracker (Re: a brief ponder… Christian
- Re: WebRTC (Re: a brief pondering) Cullen Jennings