[Pearg] Follow-up of Simon McGarr talk on Apps for COVID-19 Tracing: about big tech companies and democracy

Vincent Roca <vincent.roca@inria.fr> Fri, 31 July 2020 08:09 UTC

Return-Path: <vincent.roca@inria.fr>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB7D13A107A; Fri, 31 Jul 2020 01:09:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.918
X-Spam-Level:
X-Spam-Status: No, score=-1.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id COoTEs-y-Cj5; Fri, 31 Jul 2020 01:09:08 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 809033A1076; Fri, 31 Jul 2020 01:09:07 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.75,417,1589234400"; d="scan'208,217";a="355685515"
Received: from dom38-1-82-236-155-50.fbx.proxad.net (HELO [192.168.0.34]) ([82.236.155.50]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Jul 2020 10:09:05 +0200
From: Vincent Roca <vincent.roca@inria.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2B16A7E0-A1AE-4C6B-AC95-1EA9C2D5633F"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Message-Id: <BEF2A21D-6F19-4022-90AC-AC0330C5AB8A@inria.fr>
Date: Fri, 31 Jul 2020 10:09:03 +0200
Cc: Vincent Roca <vincent.roca@inria.fr>
To: hrpc@irtf.org, pearg@irtf.org
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/XiLzBOV4tU8K_tPWbz48io03E-E>
Subject: [Pearg] Follow-up of Simon McGarr talk on Apps for COVID-19 Tracing: about big tech companies and democracy
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2020 08:09:11 -0000

Dear all,

Following the excellent presentation from Simon on « Apps for COVID-19 Tracing An EU Data Rights View », during HRPC 108
meeting (thank you!), I’d like to share the following record that so nicely expresses my thoughts, by Shoshana Zuboff.

“Shoshana Zuboff meets Margrethe Vestager: A conversation about a future digital Europe”
https://www.youtube.com/watch?v=NOKxAIyPLpo <https://www.youtube.com/watch?v=NOKxAIyPLpo>   —   offset: 30:46 - 35:38
(best effort transcript, not 100% word-by-word)

—
“In democratic society, public health authorities operate under the rule of law and they operate under democratic governance. Public health authorities need to be able to see a large-scale pattern of how the disease is moving so they can affectively contain it. The erosion of trust has completely crippled the genuine necessary effort of public health authority to do their work. The information empire led by Google and Apple took their unaccountable power without collaboration with governments, developed their own approach and they gazlighted this approach. […] They create a polemic that says that our app is the privacy app and what the state is trying to do is to spy on you and undercut the legitimate need of public health authorities that operate under democracy, leaving countries like Germany, France, UK just in a set of intolerable constraints. So here we are: we have allowed this information empire to own and operate the Internet, to own and operate the global means of telecommunication,  to own and operate the infrastructure and to own all of the content. This is intolerable and incompatible with democracy! We have allowed them to drive a wedge between citizens and their rightful democratic governance. This is also intolerable. We have allowed them to cloud the fact that privacy and solidarity are two sides of the same coin. Privacy is not private. Privacy is public. Privacy and solidarity go together.  Without a society that has social solidarity, there is no rule of law.  Without the rule of law, there is no right to privacy and there are no other rights. Indeed there are no individuals. These things are nested together of necessity. We see the tech companies driving a wedge, and we see our states who have the best of intentions, in many of these situations, left powerless. This is intolerable! The COVID backdrop is showing us the road that we should take. That the state has to clean its own house, the state has to enact the same charters of rights and laws and institutions to keep itself the state true to democracy and forfeit the surveillance state… and at the same time create those rights and laws that oversee the market place and outlaw, interrupt and eliminate surveillance capitalism which is a new form of economical authoritarianism that has right now hegemonic influence over society.”
—

I think it nicely summarises the situation we’ve seen in Europe (don’t know for the rest of the world) and it raises questions 
that are not far from human rights considerations. And here we are talking about democratic countries like UK, Germany
and France (BTW the only one which resisted the Apple/Google pressure), with strong democratic and data protection laws,
not totalitarian ones.

I also CC PEARG since it's closely related to Stephen Farrell's talk on Monday about those apps, and because privacy 
considerations are also central.

**Disclaimer:** I’m not neutral on this topic since our Inria PRIVATICS research group designed the ROBERT protocol
that is at the core of the French contact tracing app, and the DESIRE protocol that’s based on a totally different concept
(identify encounters rather than endpoints). For us DESIRE is a 3rd way approach since it enables to go beyond the
centralized vs. decentralized duality (i.e., it enables all of this, seamlessly), with major privacy improvements.
	https://github.com/ROBERT-proximity-tracing/documents <https://github.com/ROBERT-proximity-tracing/documents>
	https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE <https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE>


Cheers,

     Vincent

----
Vincent Roca, PhD/HDR, PRIVATICS team leader, Inria research institute, France
https://privatics.inrialpes.fr/people/roca/ <https://privatics.inrialpes.fr/people/roca/>