When a contact tracking application contacts another device that is running the same application, a handshake and key exchange occurs. These keys generally change continuously and are generated based on and exclusively for the device. When device A is in front of device B, they share keys based on a predetermined distance and time requirement; for example, within 2 meters for 15 minutes. The device retains the keys or passes them to a central server. When users confirm that they can be positive for the infection, all the keys they have generated are added to a cloud system. All other devices will collect this information at a certain frequency to see if there is a match to the keys that have been collected or if alternatively this match will be processed in the cloud. If there is a match, then those users are warned that they have been in contact with another device that is now reporting being positive; They have no idea which device though.
If the user is identifiable and all data is centrally stored and processed, then clearly there is a privacy problem; however, if the user is not identifiable and the central cloud system is only processing matches, this could be more efficient than asking the local device to perform this processing, especially if the end device has limited resources… which could be the case in some areas of the world. This approach also gives the centralized system the ability to identify potential false positives, where some malicious users say they are infected, but in reality they are not, and are only trying to cause chaos for users, businesses, and society in general architect tasks.
One benefit of partial centralization is that the portion of centralized data being processed could be used to inform scientists how the population as a whole is moving and to quickly identify critical points to allow for the allocation of medical resources. If, for example, a postal code is requested at the time of installation, data scientists can predict the spread of the disease. This is unlikely to identify the user, as hundreds or thousands of people use the same postal code.
Each country has adopted either its own framework or one of the nine that have been developed; each of which provides a different balance between efficiency and privacy. Using different frameworks can cause problems: for example, most European countries have adopted the Exposure Notification API from Google and Apple, while France has not centrally processed the data. When the borders between countries are opened, there is unlikely to be a synchronization between an application from Germany and an application from France.
Even the solutions that claim to be the most sensitive to privacy are open to abuse - consider the extreme scenario where video surveillance is used in conjunction with capturing Bluetooth signals emitted by devices and capturing the keys that are exchanged. Combining it with facial recognition technology and the location of the device at any given time could mean that the user is identifiable. While this may seem extreme, it shows that no system offers a guarantee of privacy.
Can work?
Many problems for such a short time. There is no perfect solution considering the deadlines that exist in the face of the need to bring a solution to the market. The uncertainty of what data may be useful in the future, what data users may be willing to share, the emerging technological frameworks, the challenges of the approximate distance and the immense pressure that exists for applications to be delivered do nothing more than demonstrate the challenges facing developers and governments alike to bring a solution that works efficiently and is acceptable from a privacy perspective. As this has never been done before, it is to be expected that mistakes will be made and that some projects will change direction; It is through trial and error that the best solutions will be found.
There are key factors that should be considered by both an application developer and a government requesting the development of an application. The protocols that have been developed with privacy in mind are as good as the developers' willingness to adhere to just collecting and transmitting the minimum amount of data. Therefore, do not hide behind a framework and a state that claim to be concerned about the privacy of users if they are actually collecting other identifying data and storing it centrally. If there are elements of centralization, clearly state the reasons for the collection and how it will be used, and post the limits on how long the data will be kept and who has access. The concept that unidentifiable data,
For the benefit of public confidence: all governments, in my opinion, regardless of their approach to this issue, should legislate on the basis of the acceptable use of data and establish criteria on when an application will reach the end of its useful life and will be removed from devices. No more infections, no more apps or data.
Would you run a contact tracking app? Yes, under the conditions of anonymous use and that the data is not used for anything other than stopping the spread of this specific disease and continuing to wreak havoc. In the event that widespread location information such as zip codes can help science beat this disease and put medical resources in the right place at the right time, my desire for absolute privacy is outweighed by my will. to do my part.
If the user is identifiable and all data is centrally stored and processed, then clearly there is a privacy problem; however, if the user is not identifiable and the central cloud system is only processing matches, this could be more efficient than asking the local device to perform this processing, especially if the end device has limited resources… which could be the case in some areas of the world. This approach also gives the centralized system the ability to identify potential false positives, where some malicious users say they are infected, but in reality they are not, and are only trying to cause chaos for users, businesses, and society in general architect tasks.
One benefit of partial centralization is that the portion of centralized data being processed could be used to inform scientists how the population as a whole is moving and to quickly identify critical points to allow for the allocation of medical resources. If, for example, a postal code is requested at the time of installation, data scientists can predict the spread of the disease. This is unlikely to identify the user, as hundreds or thousands of people use the same postal code.
Each country has adopted either its own framework or one of the nine that have been developed; each of which provides a different balance between efficiency and privacy. Using different frameworks can cause problems: for example, most European countries have adopted the Exposure Notification API from Google and Apple, while France has not centrally processed the data. When the borders between countries are opened, there is unlikely to be a synchronization between an application from Germany and an application from France.
Even the solutions that claim to be the most sensitive to privacy are open to abuse - consider the extreme scenario where video surveillance is used in conjunction with capturing Bluetooth signals emitted by devices and capturing the keys that are exchanged. Combining it with facial recognition technology and the location of the device at any given time could mean that the user is identifiable. While this may seem extreme, it shows that no system offers a guarantee of privacy.
Can work?
Many problems for such a short time. There is no perfect solution considering the deadlines that exist in the face of the need to bring a solution to the market. The uncertainty of what data may be useful in the future, what data users may be willing to share, the emerging technological frameworks, the challenges of the approximate distance and the immense pressure that exists for applications to be delivered do nothing more than demonstrate the challenges facing developers and governments alike to bring a solution that works efficiently and is acceptable from a privacy perspective. As this has never been done before, it is to be expected that mistakes will be made and that some projects will change direction; It is through trial and error that the best solutions will be found.
There are key factors that should be considered by both an application developer and a government requesting the development of an application. The protocols that have been developed with privacy in mind are as good as the developers' willingness to adhere to just collecting and transmitting the minimum amount of data. Therefore, do not hide behind a framework and a state that claim to be concerned about the privacy of users if they are actually collecting other identifying data and storing it centrally. If there are elements of centralization, clearly state the reasons for the collection and how it will be used, and post the limits on how long the data will be kept and who has access. The concept that unidentifiable data,
For the benefit of public confidence: all governments, in my opinion, regardless of their approach to this issue, should legislate on the basis of the acceptable use of data and establish criteria on when an application will reach the end of its useful life and will be removed from devices. No more infections, no more apps or data.
Would you run a contact tracking app? Yes, under the conditions of anonymous use and that the data is not used for anything other than stopping the spread of this specific disease and continuing to wreak havoc. In the event that widespread location information such as zip codes can help science beat this disease and put medical resources in the right place at the right time, my desire for absolute privacy is outweighed by my will. to do my part.
No comments:
Post a Comment