Privacy, In A World of Pandemics?
Privacy, In A World of Pandemics?
We are living through difficult times. The one thing that is sure is that we must now build a new world based on technology. Unfortunately, we have shown that we are a long way away from creating something that could scale. As long long a health authorities scramble to find contact points for citizens and in identifying those at risk, we will not be ready to cope with future infections. Governments around the world are now scrambling to find solutions for more trusted ways to alert, and then track the spead of the virus. The end-point, though, is likely to be that trusted tracking device in your pocket: your mobile phone.
Over the past two weeks we have been working with a whole lot of companies in creating solutions which address the need to track and alert, and while keeping privacy and consent. One of the methods that has been published which tries to address this balance is PEPP-PT:
Paragraphs 1-5 describe the flow of a reference implementation of PEPP-PT's mechanisms. Paragraph 6 gives a very brief…www.pepp-pt.org
With this, as far as I can tell, a device requests and ID from the tracking service (Trent) and is given a one-time anonymised ID (and which includes an obfuscation of the country ID). It then use Bluetooth beacons and, possibly, wi-fi to discover and identify neighbours. It’s a similar method used by LinkedIn to send out Bluetooth beacons for contact points. The method defined in PEPP-PT then uses the signal strength method to estimate the distance someone is away. Note, that this is not a GPS tracking method, and will just give a circular radius around a person, and the possible amount of time that they were near another phone.
The user must install the tracking application on their phone — possibly they must be forced to do this by their government — and then following method (I think) is used to track contacts between one phone and another:
The results are then sent back to Trent with a device identifier for Alice’s phone (possibly the Bluetooth MAC address). If the device is a registered device with an anonymous ID, it will send back its neighhour’s ID and an estimation of location, and also store this as in the history log.
Overall there’s no personal information stored, and the device just stores anonymised IDs. The history is then deleted when there is a test that the user of the device does not have SARS-Cov-2, but remains encrypted until there is a test to prove that they do not have the virus.
If the user has been proven to have it, the health authority registers the device with a TAN code, and with consent, they register onto a tracking system, and where they allow others they have been in contact with to be alerted to the possible threat of infection. There is no personal information stored.If the phones are from different countries (identified in the anonymous ID), there is an alert send to the health care provider in the other country.
Conclusions
Now is the time for all the great cybersecurity professionals to stand-up, and not point fingers at the risks of using Zoom, but in creating a new secure and robust world, and which allows us to cope with major risks, but which respects the rights of the citizen. With emergency tracking laws in place, we need to find a safe way out of this, and that allows governments to perform health audits and monitoring, but which respects our rights to privacy and consent.
Go on, innovate like never before, and help address this flawed world we have created.