Re: [Pearg] [hrpc] Follow-up of Simon McGarr talk on Apps for COVID-19 Tracing: about big tech companies and democracy

Eliot Lear <lear@cisco.com> Fri, 31 July 2020 08:40 UTC

Return-Path: <lear@cisco.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D6873A10EE; Fri, 31 Jul 2020 01:40:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l2wFts0b5OgM; Fri, 31 Jul 2020 01:40:29 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B1CC3A1056; Fri, 31 Jul 2020 01:40:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14012; q=dns/txt; s=iport; t=1596184828; x=1597394428; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=5W/nLBsMS8bPoAis737+g1CAAtc7jYOx2QE0pUgHJ8o=; b=ILG87Kpspp+hLKCRuIgHqNA+BzJhmwmE7+IZctJn1z56qXmgUBbO8wgQ 8Ddk+g7gimy7t5JZibIOKya8BUdt3L6tPHyL1PeI7GRnqjcLx+lgBJoci zivLZfFlvJVdP+z2WCoa+8PsMcGkM+qZJuMDrw1o9ZL7n9FF883fTl/Qz 0=;
X-IPAS-Result: =?us-ascii?q?A0B5AADF2CNf/xbLJq1WChoBAQEBAQEBAQEBAwEBAQESA?= =?us-ascii?q?QEBAQICAQEBAYIKgXWBJFQBIBIshDWJAYdyJZN2LYYBgWkBCgEBAQwBARgBC?= =?us-ascii?q?gwEAQGETAKCMSU4EwIDAQEBAwIDAQEBAQUBAQECAQYEbYVcDIVxAQEBAwEBA?= =?us-ascii?q?SFLCwULCxgjBwICJzAGE4MmAYJcIA+vJ3aBMoE7gwABEwMPL0KEfwaBOItvg?= =?us-ascii?q?TiCAIERJwwQgU9QLj6CRRcBAQIXgQwND4M0M4ItBJADimWJXV2QZoJqgwqFU?= =?us-ascii?q?okfiAUDHpFOjimcU5EZg1YCBAYFAhWBaiMsC4EgMxoIGxU7KgGCPj4SGQ1Wj?= =?us-ascii?q?gCDOoE+g1aFRD8DMDcCBgEHAQEDCZBwAQE?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="5.75,417,1589241600"; d="scan'208,217"; a="25939056"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 31 Jul 2020 08:40:24 +0000
Received: from [10.61.212.32] ([10.61.212.32]) by aer-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 06V8eNgp000850 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 31 Jul 2020 08:40:24 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <8692AD73-42CB-4D0B-8366-041CA2051BF0@cisco.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4D250F60-1AD5-47ED-94EB-2661917BC811"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Fri, 31 Jul 2020 10:40:22 +0200
In-Reply-To: <BEF2A21D-6F19-4022-90AC-AC0330C5AB8A@inria.fr>
Cc: hrpc@irtf.org, pearg@irtf.org
To: Vincent Roca <vincent.roca@inria.fr>
References: <BEF2A21D-6F19-4022-90AC-AC0330C5AB8A@inria.fr>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
X-Outbound-SMTP-Client: 10.61.212.32, [10.61.212.32]
X-Outbound-Node: aer-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/ZVFvVCtIrXUMuPVaP3nZetPxWMs>
Subject: Re: [Pearg] [hrpc] Follow-up of Simon McGarr talk on Apps for COVID-19 Tracing: about big tech companies and democracy
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2020 08:40:32 -0000

I apologize for not being able to attend HRPC.  Here in Switzerland there is very good adoption of the COVID-19 tracing app by the general population (over 1.6 million downloads took place by the end of June, and we are a country of 8.5 million people).  This app is based on DP-3T[1] which is available on Github.  The privacy and regulatory evaluations are also available on Github.  The DP-3T code makes use of Google’s and Apple’s health privacy interface.  What we do not know is what percentage of sick people will be willing to indicate in the app that they have been infected.  As of late it is reported that fewer are using the app, but the method to determine this is somewhat questionable.

Eliot
[1] https://github.com/DP-3T


> On 31 Jul 2020, at 10:09, Vincent Roca <vincent.roca@inria.fr> wrote:
> 
> Dear all,
> 
> Following the excellent presentation from Simon on « Apps for COVID-19 Tracing An EU Data Rights View », during HRPC 108
> meeting (thank you!), I’d like to share the following record that so nicely expresses my thoughts, by Shoshana Zuboff.
> 
> “Shoshana Zuboff meets Margrethe Vestager: A conversation about a future digital Europe”
> https://www.youtube.com/watch?v=NOKxAIyPLpo <https://www.youtube.com/watch?v=NOKxAIyPLpo>   —   offset: 30:46 - 35:38
> (best effort transcript, not 100% word-by-word)
> 
> —
> “In democratic society, public health authorities operate under the rule of law and they operate under democratic governance. Public health authorities need to be able to see a large-scale pattern of how the disease is moving so they can affectively contain it. The erosion of trust has completely crippled the genuine necessary effort of public health authority to do their work. The information empire led by Google and Apple took their unaccountable power without collaboration with governments, developed their own approach and they gazlighted this approach. […] They create a polemic that says that our app is the privacy app and what the state is trying to do is to spy on you and undercut the legitimate need of public health authorities that operate under democracy, leaving countries like Germany, France, UK just in a set of intolerable constraints. So here we are: we have allowed this information empire to own and operate the Internet, to own and operate the global means of telecommunication,  to own and operate the infrastructure and to own all of the content. This is intolerable and incompatible with democracy! We have allowed them to drive a wedge between citizens and their rightful democratic governance. This is also intolerable. We have allowed them to cloud the fact that privacy and solidarity are two sides of the same coin. Privacy is not private. Privacy is public. Privacy and solidarity go together.  Without a society that has social solidarity, there is no rule of law.  Without the rule of law, there is no right to privacy and there are no other rights. Indeed there are no individuals. These things are nested together of necessity. We see the tech companies driving a wedge, and we see our states who have the best of intentions, in many of these situations, left powerless. This is intolerable! The COVID backdrop is showing us the road that we should take. That the state has to clean its own house, the state has to enact the same charters of rights and laws and institutions to keep itself the state true to democracy and forfeit the surveillance state… and at the same time create those rights and laws that oversee the market place and outlaw, interrupt and eliminate surveillance capitalism which is a new form of economical authoritarianism that has right now hegemonic influence over society.”
> —
> 
> I think it nicely summarises the situation we’ve seen in Europe (don’t know for the rest of the world) and it raises questions 
> that are not far from human rights considerations. And here we are talking about democratic countries like UK, Germany
> and France (BTW the only one which resisted the Apple/Google pressure), with strong democratic and data protection laws,
> not totalitarian ones.
> 
> I also CC PEARG since it's closely related to Stephen Farrell's talk on Monday about those apps, and because privacy 
> considerations are also central.
> 
> **Disclaimer:** I’m not neutral on this topic since our Inria PRIVATICS research group designed the ROBERT protocol
> that is at the core of the French contact tracing app, and the DESIRE protocol that’s based on a totally different concept
> (identify encounters rather than endpoints). For us DESIRE is a 3rd way approach since it enables to go beyond the
> centralized vs. decentralized duality (i.e., it enables all of this, seamlessly), with major privacy improvements.
> 	https://github.com/ROBERT-proximity-tracing/documents <https://github.com/ROBERT-proximity-tracing/documents>
> 	https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE <https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE>
> 
> 
> Cheers,
> 
>      Vincent
> 
> ----
> Vincent Roca, PhD/HDR, PRIVATICS team leader, Inria research institute, France
> https://privatics.inrialpes.fr/people/roca/ <https://privatics.inrialpes.fr/people/roca/>
> 
> _______________________________________________
> hrpc mailing list
> hrpc@irtf.org
> https://www.irtf.org/mailman/listinfo/hrpc