Re: COVID-19 contacts tracker (Re: a brief pondering)
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 17 April 2020 05:10 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DB563A0AB2 for <ietf@ietfa.amsl.com>; Thu, 16 Apr 2020 22:10:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PEIgU3Vv2thq for <ietf@ietfa.amsl.com>; Thu, 16 Apr 2020 22:10:52 -0700 (PDT)
Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com [209.85.167.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64E723A0AB0 for <ietf@ietf.org>; Thu, 16 Apr 2020 22:10:52 -0700 (PDT)
Received: by mail-oi1-f174.google.com with SMTP id t199so1120320oif.7 for <ietf@ietf.org>; Thu, 16 Apr 2020 22:10:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=312KGfNk455BzaqbMe1dQP5jgXbsNGzSYLc2/RY3egs=; b=hG2OCUbG/vyfTSnjaROVuR/xnmFYd1+DxlAh0YLc1aG50JFyqKd+pqztFy9b72BINv 6g8elgWbDpdTIDQUzsl+wD2ndl4x0tvic6MkIWAlmGOMXG/xUIREyt+xe6lZ3KNfdho0 JgJmm2b6+NfpS03WsJ/M7wmjp8uWZWxbfCAISHjq+sKD8eI4/3PuvwH153ALAP+x59yK zfhw6SHiPAihn2dBaNcgS3w90wTbTO3r8UnUjIzLOa+1Gy+C+CMHkKz7HBGDJlkdUVnS KSSz+x1oEsvfve9+ykz1bStuwyqACo5/YZDFsojLbZE8G1VZ/jJ5Hi6XDUZO8bJeJUaj /d2g==
X-Gm-Message-State: AGi0PuZ+bpDpUQ6Y6CWhrEmj+eZ0nlwwwOgzo1lDQG0uIlHbHIGF9ZcO 7drGYDG1lYaIq+HLZb3vkfuv6OXG2hnPuY2ALhs=
X-Google-Smtp-Source: APiQypIh8JwMqtwUw62YF++f0vtax4dglQSAUwCq1fkGMLMp4qm7nEf5zGWDosgdQ4OR5k6zPxke+TJEJ8kw15+3Q0Y=
X-Received: by 2002:aca:c145:: with SMTP id r66mr1011017oif.90.1587100251495; Thu, 16 Apr 2020 22:10:51 -0700 (PDT)
MIME-Version: 1.0
References: <e73c1cd0-15f3-8246-0516-da30aae76362@huitema.net> <45CDCEBA-F02F-49D6-92D9-34FED2B9F1A4@gmail.com> <CAOj+MMG3uFSy4rfMoLMd62-OBWUOKJDqadweu7dXou6iqhdgPA@mail.gmail.com>
In-Reply-To: <CAOj+MMG3uFSy4rfMoLMd62-OBWUOKJDqadweu7dXou6iqhdgPA@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 17 Apr 2020 01:10:41 -0400
Message-ID: <CAMm+LwhF2JuWwBCW=-gjLA937EFz721-FEfdJX6QydfHstV-Lw@mail.gmail.com>
Subject: Re: COVID-19 contacts tracker (Re: a brief pondering)
To: Robert Raszuk <robert@raszuk.net>
Cc: Jeff Tantsura <jefftant.ietf@gmail.com>, Christian Huitema <huitema@huitema.net>, IETF discussion list <ietf@ietf.org>, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b6aab705a375924d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/nzzQd8dWXePXcHgpqAvW9euFLX8>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Apr 2020 05:10:54 -0000
I am not surprised to see the privacy point raised here. And the Apple/Google proposal is certainly very robust as far as protecting privacy goes. I made a video presentation looking at the proposal in detail for my YouTube cryptography course which should be out in the next couple of days. It does have a major problem though. The task here is not to protect privacy, we can do that with no app at all. The task is to either reduce the spread of the disease or to enable the authorities to lift the lockdown. Protecting privacy is a side condition. It may be a blocking side condition such that we don't use the app at all if it isn't met. But it is still a side condition. If there was a therapeutic that had passed at least some non anecdotal trials, I would be absolutely loading the app onto my phone and using it. But that is months off even if the Gilead rumor is correct. And frankly, having know-nothings and quacks hawking snake oil cures we know don't work is making it harder for the legit research to take place. So right now I am much less sanguine about this proposal than I would like. I see it as a first attempt not a final product. It is not going to be possible to provide absolute privacy protection and enforce targeted quarantine. But that doesn't mean we need to sacrifice all privacy permanently to produce something that helps lift the lockdown which is also an infringement of civil liberties. The bad news is that this isn't going to be a silver bullet situation and we may have to make a messy compromise. The good news from a technical standpoint is that going beyond this initial proposal is actually a more interesting technical challenge. Specifically we are going to need techniques that are from the 'exotic cryptography' toolkit. Possibly something in the threshold toolkit or something related to zero knowledge or oblivious transfer. I really like what this scheme can achieve just using one way functions. It is terrific. But it is only one point on the privacy-effectiveness continuum and not necessarily the one we need. This needs to be a discussion, not a unilateral proposal from the tech camp. We are not the only stakeholders. On Thu, Apr 16, 2020 at 7:00 PM Robert Raszuk <robert@raszuk.net> wrote: > > I am afraid our privacy/rights are already being abused as technology > developed outside of IETF already allows to do so. Pegasus spyware is just > one example of it. There are many more .... > > > On Thu, Apr 16, 2020 at 10:39 PM Jeff Tantsura <jefftant.ietf@gmail.com> > wrote: > >> I’m with you Christian! >> Our privacy/rights will inevitably be abused if the technology allows to >> do so. >> History always repeats itself. >> >> Regards, >> Jeff >> >
- Re: a brief pondering Livingood, Jason
- a brief pondering Eliot Lear
- Re: a brief pondering Narelle Clark
- Re: a brief pondering Carsten Bormann
- Re: a brief pondering Michael Tuexen
- Re: a brief pondering Nick Hilliard
- Re: a brief pondering Carsten Bormann
- Re: a brief pondering Spencer Dawkins at IETF
- Re: a brief pondering Michael Tuexen
- Re: a brief pondering Adam Roach
- Re: a brief pondering Adam Roach
- WebRTC (Re: a brief pondering) Harald Alvestrand
- Re: a brief pondering Michael Richardson
- Re: a brief pondering Phillip Hallam-Baker
- Re: a brief pondering Narelle Clark
- Re: a brief pondering Toerless Eckert
- Re: a brief pondering Nick Hilliard
- Off-topic: making WebRTC work in practice (Re: a … Carsten Bormann
- Re: Off-topic: making WebRTC work in practice (Re… Spencer Dawkins at IETF
- Re: Off-topic: making WebRTC work in practice (Re… Carsten Bormann
- Re: Off-topic: making WebRTC work in practice (Re… Philipp Hancke
- Re: Off-topic: making WebRTC work in practice (Re… Cullen Jennings
- Re: Off-topic: making WebRTC work in practice (Re… Harald Alvestrand
- Re: Off-topic: making WebRTC work in practice (Re… Benjamin Kaduk
- Re: Off-topic: making WebRTC work in practice (Re… Bob Hinden
- Re: Off-topic: making WebRTC work in practice (Re… Harald Alvestrand
- RE: Off-topic: making WebRTC work in practice (Re… Larry Masinter
- Re: Off-topic: making WebRTC work in practice (Re… Keith Moore
- Re: Off-topic: making WebRTC work in practice (Re… Phillip Hallam-Baker
- Re: Off-topic: making WebRTC work in practice (Re… Michael Richardson
- Re: Off-topic: making WebRTC work in practice (Re… Eric Rescorla
- Re: Off-topic: making WebRTC work in practice (Re… Christer Holmberg
- Re: Off-topic: making WebRTC work in practice (Re… Peter Saint-Andre
- Re: Off-topic: making WebRTC work in practice (Re… Nico Williams
- Re: Off-topic: making WebRTC work in practice (Re… Cullen Jennings
- Re: Off-topic: making WebRTC work in practice (Re… Mary B
- Re: Off-topic: making WebRTC work in practice (Re… Harald Alvestrand
- Re: Off-topic: making WebRTC work in practice (Re… Christer Holmberg
- Re: Off-topic: making WebRTC work in practice (Re… Harald Alvestrand
- Re: Off-topic: making WebRTC work in practice (Re… Christer Holmberg
- Re: Off-topic: making WebRTC work in practice (Re… Simon Pietro Romano
- Re: Off-topic: making WebRTC work in practice (Re… Toerless Eckert
- Implementation requirement (Re: Off-topic: making… Harald Alvestrand
- COVID-19 contacts tracker (Re: a brief pondering) Benoit Claise
- Re: COVID-19 contacts tracker (Re: a brief ponder… Carsten Bormann
- Re: COVID-19 contacts tracker (Re: a brief ponder… Keith Moore
- Re: COVID-19 contacts tracker (Re: a brief ponder… John Wroclawski
- Re: COVID-19 contacts tracker (Re: a brief ponder… Bob Hinden
- Re: COVID-19 contacts tracker (Re: a brief ponder… Dirk-Willem van Gulik
- Re: COVID-19 contacts tracker (Re: a brief ponder… Keith Moore
- Re: COVID-19 contacts tracker (Re: a brief ponder… Joel M. Halpern
- Re: COVID-19 contacts tracker (Re: a brief ponder… Eric Vyncke (evyncke)
- Re: COVID-19 contacts tracker (Re: a brief ponder… John Wroclawski
- Re: COVID-19 contacts tracker (Re: a brief ponder… Keith Moore
- Re: COVID-19 contacts tracker (Re: a brief ponder… John Wroclawski
- Re: COVID-19 contacts tracker (Re: a brief ponder… Rob Sayre
- Re: COVID-19 contacts tracker (Re: a brief ponder… Fred Baker
- Re: COVID-19 contacts tracker (Re: a brief ponder… Rich Kulawiec
- Re: COVID-19 contacts tracker (Re: a brief ponder… Keith Moore
- Re: COVID-19 contacts tracker (Re: a brief ponder… Vittorio Bertola
- Re: COVID-19 contacts tracker (Re: a brief ponder… Stephane Bortzmeyer
- Re: COVID-19 contacts tracker (Re: a brief ponder… John Wroclawski
- Re: COVID-19 contacts tracker (Re: a brief ponder… Christian Huitema
- Re: COVID-19 contacts tracker (Re: a brief ponder… Jeff Tantsura
- Re: COVID-19 contacts tracker (Re: a brief ponder… Robert Raszuk
- Re: COVID-19 contacts tracker (Re: a brief ponder… Rob Sayre
- Re: COVID-19 contacts tracker (Re: a brief ponder… Phillip Hallam-Baker
- Re: COVID-19 contacts tracker (Re: a brief ponder… Harish Pillay
- RE: COVID-19 contacts tracker (Re: a brief ponder… Andrew Campling
- Re: COVID-19 contacts tracker (Re: a brief ponder… Christian
- Re: COVID-19 contacts tracker (Re: a brief ponder… Rich Kulawiec
- Re: COVID-19 contacts tracker (Re: a brief ponder… Stephane Bortzmeyer
- Re: COVID-19 contacts tracker (Re: a brief ponder… Christian
- Re: WebRTC (Re: a brief pondering) Cullen Jennings