IETF Logo Mail Archive

Re: COVID-19 contacts tracker (Re: a brief pondering)

Christian <cdel@firsthand.net> Fri, 17 April 2020 10:17 UTC

Return-Path: <cdel@firsthand.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D240C3A0787 for <ietf@ietfa.amsl.com>; Fri, 17 Apr 2020 03:17:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.318
X-Spam-Level:
X-Spam-Status: No, score=-1.318 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=firsthand.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vHmb8xsTQ22c for <ietf@ietfa.amsl.com>; Fri, 17 Apr 2020 03:17:02 -0700 (PDT)
Received: from tranquility.default.cdelarrinaga.uk0.bigv.io (tranquility.default.cdelarrinaga.uk0.bigv.io [IPv6:2001:41c8:51:8b8::184]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D67983A0786 for <ietf@ietf.org>; Fri, 17 Apr 2020 03:17:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=firsthand.net; s=tranquility; h=Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject; bh=HsNE7DdhWFJIH2w3EM7Bu/9J3le/NAs0ank2ZgkrfKk=; b=tHAUdE4NRVXAjSr9Jkf2IDqoPMih87K9P85XvUvoOxG0rP7agAkUFlZKzgs2alhqYi3UcGqSNxQMw/soJNj7/dFdryFYrrCW5xJHmVtCiMyI4yeYu3wHDFaFUEl68vIZ/H5H5MJdMDAzjpdKhHDiobuHpDp2z7WT0XJEl/Z9pGg=;
Received: from 60.88.155.90.in-addr.arpa ([90.155.88.60] helo=[192.168.1.11]) by tranquility.default.cdelarrinaga.uk0.bigv.io with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <cdel@firsthand.net>) id 1jPO3O-00074T-47; Fri, 17 Apr 2020 11:16:58 +0100
Subject: Re: COVID-19 contacts tracker (Re: a brief pondering)
To: Rob Sayre <sayrer@gmail.com>, John Wroclawski <jtw@csail.mit.edu>
Cc: IETF discussion list <ietf@ietf.org>, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
References: <fd6b7ee2-cdbe-14a1-0087-ce61282b22f6@lear.ch> <29D0DCA7-1D72-428F-A6DD-05511D90C039@cable.comcast.com> <2fa6a8c8-7639-a378-2ff1-3f8697556b66@cisco.com> <24cd67ab-df5a-cc2f-745f-ace19d5325ea@network-heretics.com> <59D332BC-F85E-4744-A3D0-2514551154E8@csail.mit.edu> <4E92D147-3ED1-4109-ACC7-DFA16F1D41C2@gmail.com> <7EEFEEB4-CA51-4FFF-9BAA-857EAEA49FDD@csail.mit.edu> <CAChr6Sxet86chG81qLCGzKCzdJmZZ0L6Duh_hnk+tB5WYfaR0Q@mail.gmail.com> <2137617384.18423.1587048987734@appsuite-gw2.open-xchange.com> <D8F1A0A3-7FAC-4FA3-B119-C0609B731AA2@csail.mit.edu> <CAChr6SykUyCj8MUDddySQSjox+ygHZ3_8M0vof92v-kTq4A8nw@mail.gmail.com>
From: Christian <cdel@firsthand.net>
Message-ID: <e4a27626-27e6-077b-ac64-0bad2ea21dc6@firsthand.net>
Date: Fri, 17 Apr 2020 11:16:57 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <CAChr6SykUyCj8MUDddySQSjox+ygHZ3_8M0vof92v-kTq4A8nw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------42836BB37E540B54C27A2AB3"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/wpAdgo-iQ5KiRlZA1WqWLcKgL9I>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Apr 2020 10:17:04 -0000

Yes exactly. This data is otherwise available  as part of the 
connectivity  services (onto 3GPP networks) So I don't understand why 
using Bluetooth has become a thing - particularly with the proposed NHS 
app. It sort of breaks the architecture - not that that ever bothers a 
web app shop / developer.

The idea I gather is that bluetooth locally holds device ids (Mac 
addresses?) of devices that come within range and so if an owner of a 
device comes into range of another device  it will have a record of 
that.  So what the NHS app developers are  asking for is access to this 
bluetooth historic proximity data.

That seems to miss some important points about the information 
epidemiological experts have informed us about corvid 19 so far. It  
persists on surfaces. It can be picked up off a surface and redeposited 
on another surface. It is not clear if covid-19 is mainly being 
transmitted due to face to face transmission, or via infected droplets 
being left on surfaces. Those infections do not reliably fall within the 
range of bluetooth.

So the timescale when an infected person might have provided the virus 
to other people may well not coincide tightly with the location track of 
people using bluetooth.  The bulk of infections may well fall outside 
the range of bluetooth. I think this needs to be investigated.

As Rob and others have mentioned. Given we have pretty good location 
data anyway and given that  bluetooth could lead to more false positives 
whilst completely missing many perhaps most transmissions. I think these 
app developers and health services really need to explain very clearly 
what it is they are trying to achieve.

I agree with my namesake Christian H. The privacy and business / 
societal implications of getting this wrong are really serious.


Christian de Larrinaga



On 17/04/2020 01:33, Rob Sayre wrote:
> On Thu, Apr 16, 2020 at 10:12 AM John Wroclawski <jtw@csail.mit.edu 
> <mailto:jtw@csail.mit.edu>> wrote:
>
>
>     > On Apr 16, 2020, at 10:56 AM, Vittorio Bertola
>     <vittorio.bertola=40open-xchange.com@dmarc.ietf.org
>     <mailto:40open-xchange.com@dmarc.ietf.org>> wrote:
>     >
>     >> Il 16/04/2020 09:18 Rob Sayre <sayrer@gmail.com
>     <mailto:sayrer@gmail.com>> ha scritto:o
>     >> It's not clear that any of these tracker proposals actually
>     harm privacy. Certainly the government in most places can get this
>     data from phone companies and correlate it themselves.
>     > No, because covid19-oriented contact tracing requires much more
>     precision than what can be provided by any location data that the
>     operators can trace through their cellular networks; location data
>     are unsuitable to determine a one-time contact with accuracy […]
>     (the other reason is that this approach allows you to trace
>     contacts even if the cellular and/or GPS connectivity is unavailable,
>
>     Yes, exactly. The other interesting thing about the BTLE protocols
>     being proposed is that they’re being designed to report that you
>     came into close proximity to a person of interest, but not
>     (depending on details) where, exactly when, etc. This, plus
>     requiring you to explicitly release your tracking information, is
>     the sense in which they’re “privacy preserving” - implementing
>     minimum semantics needed for this specific purpose and no more.
>
>     Of course, one could always cross-correlate with other information
>     (eg, cell-tower-trianguation-level location tracking) to peel some
>     of this back. But if you’re worried about that, the next
>     observation is that the BTLE protocols work even if your LTE radio
>     is turned off - they remember things for later. So you can, at
>     least conceptually, carry your phone with the wide area radio off
>     when you want to, and still learn retrospectively that you were in
>     proximity to a contact.
>
>
> Here are some angles being tried:
> https://www.wsj.com/articles/government-tracking-how-people-move-around-in-coronavirus-pandemic-11585393202
> https://twitter.com/TectonixGEO/status/1242628347034767361
>
> BTLE would be more accurate, but it does seem like other data sources 
> are good enough to get within 10m. Even with BTLE, there are cases 
> like the phone running out of batteries or just not carrying one...
>
> thanks,
> Rob

v2.23.0 | Report a Bug | By Email