I am not surprised to see the privacy point raised here. And the Apple/Google proposal is certainly very robust as far as protecting privacy goes. I made a video presentation looking at the proposal in detail for my YouTube cryptography course which should be out in the next couple of days.
It does have a major problem though. The task here is not to protect privacy, we can do that with no app at all. The task is to either reduce the spread of the disease or to enable the authorities to lift the lockdown. Protecting privacy is a side condition. It may be a blocking side condition such that we don't use the app at all if it isn't met. But it is still a side condition.
If there was a therapeutic that had passed at least some non anecdotal trials, I would be absolutely loading the app onto my phone and using it. But that is months off even if the Gilead rumor is correct. And frankly, having know-nothings and quacks hawking snake oil cures we know don't work is making it harder for the legit research to take place.
So right now I am much less sanguine about this proposal than I would like. I see it as a first attempt not a final product. It is not going to be possible to provide absolute privacy protection and enforce targeted quarantine. But that doesn't mean we need to sacrifice all privacy permanently to produce something that helps lift the lockdown which is also an infringement of civil liberties.
The bad news is that this isn't going to be a silver bullet situation and we may have to make a messy compromise.
The good news from a technical standpoint is that going beyond this initial proposal is actually a more interesting technical challenge. Specifically we are going to need techniques that are from the 'exotic cryptography' toolkit. Possibly something in the threshold toolkit or something related to zero knowledge or oblivious transfer.
I really like what this scheme can achieve just using one way functions. It is terrific. But it is only one point on the privacy-effectiveness continuum and not necessarily the one we need.
This needs to be a discussion, not a unilateral proposal from the tech camp. We are not the only stakeholders.
On Thu, Apr 16, 2020 at 7:00 PM Robert Raszuk <robert@xxxxxxxxxx> wrote:
I am afraid our privacy/rights are already being abused as technology developed outside of IETF already allows to do so. Pegasus spyware is just one example of it. There are many more ....On Thu, Apr 16, 2020 at 10:39 PM Jeff Tantsura <jefftant.ietf@xxxxxxxxx> wrote:I’m with you Christian!
Our privacy/rights will inevitably be abused if the technology allows to do so.
History always repeats itself.
Regards,
Jeff