Advertise here with Carbon Ads

This site is made possible by member support. ❤️

Big thanks to Arcustech for hosting the site and offering amazing tech support.

When you buy through links on kottke.org, I may earn an affiliate commission. Thanks for supporting the site!

kottke.org. home of fine hypertext products since 1998.

🍔  💀  📸  😭  🕳️  🤠  🎬  🥔

kottke.org posts about Carmela Troncoso

How Privacy-Friendly Contact Tracing Can Help Stop the Spread of Covid-19

Nicky Case, working with security & privacy researcher Carmela Troncoso and epidemiologist Marcel Salathé, came up with this fantastic explanation of how we can use apps to automatically do contact tracing for Covid-19 infections while protecting people’s privacy. The second panel succinctly explains why contact tracing (in conjunction with quick, ubiquitous testing) can have such a huge benefit in a case like this:

A problem with COVID-19: You’re contagious ~2 days before you know you’re infected. But it takes ~3 days to become contagious, so if we quarantine folks exposed to you the day you know you were infected… We stop the spread, by staying one step ahead!

Contact Tracing Comic

It’s based on a proposal called Decentralized Privacy-Preserving Proximity Tracing developed by Troncoso, Salathé, and a host of others. Thanks to Case for putting this comic in the public domain so that anyone can publish it.

Update: About two hours after posting this, Apple and Google announced they are jointly working on contact tracing technology that uses Bluetooth and makes “user privacy and security central to the design”.

A number of leading public health authorities, universities, and NGOs around the world have been doing important work to develop opt-in contact tracing technology. To further this cause, Apple and Google will be launching a comprehensive solution that includes application programming interfaces (APIs) and operating system-level technology to assist in enabling contact tracing. Given the urgent need, the plan is to implement this solution in two steps while maintaining strong protections around user privacy.

Update: Based on information published by Google and Apple on their contact tracing protocols, it appears as though their system works pretty much like the one outlined about in the comic and this proposal.

Also, here is an important reminder that the problem of what to do about Covid-19 is not primarily a technological one and that turning it into one is troublesome.

We think it is necessary and overdue to rethink the way technology gets designed and implemented, because contact tracing apps, if implemented, will be scripting the way we will live our lives and not just for a short period. They will be laying out normative conditions for reality, and will contribute to the decisions of who gets to have freedom of choice and freedom to decide … or not. Contact tracing apps will co-define who gets to live and have a life, and the possibilities for perceiving the world itself.

Update: Security expert Bruce Schneier has some brief thoughts on “anonymous” contact tracing as well as some links to other critiques, including Ross Anderson’s:

But contact tracing in the real world is not quite as many of the academic and industry proposals assume.

First, it isn’t anonymous. Covid-19 is a notifiable disease so a doctor who diagnoses you must inform the public health authorities, and if they have the bandwidth they call you and ask who you’ve been in contact with. They then call your contacts in turn. It’s not about consent or anonymity, so much as being persuasive and having a good bedside manner.

I’m relaxed about doing all this under emergency public-health powers, since this will make it harder for intrusive systems to persist after the pandemic than if they have some privacy theater that can be used to argue that the whizzy new medi-panopticon is legal enough to be kept running.

And I had thoughts similar to Anderson’s about the potential for abuse:

Fifth, although the cryptographers — and now Google and Apple — are discussing more anonymous variants of the Singapore app, that’s not the problem. Anyone who’s worked on abuse will instantly realise that a voluntary app operated by anonymous actors is wide open to trolling. The performance art people will tie a phone to a dog and let it run around the park; the Russians will use the app to run service-denial attacks and spread panic; and little Johnny will self-report symptoms to get the whole school sent home.

The tie-a-phone-to-a-dog thing reminds me a lot of the wagon full of smartphones creating traffic jams. (via @circa1977)