Issue 73

Virus tracking and the privacy trade-off

Delivered on 14 April 2020 by Justin Pyvis. About a 4 min read.

Most governments (there are a few exceptions) failed to react to the coronavirus pandemic in time, effectively forcing them into more drastic measures at a later date, wreaking havoc on their economies. The politicians and epidemiologists were examining the case data but lags, exponential growth and poor testing regimes meant they were looking in the wrong place. The ensuing encroachment of government into our lives has been extremely violating for many, and will only be tolerated for so long.

Now we're at a point where many countries are close, or getting close, to the end of the lockdown phase. The coronavirus has been suppressed, which means a test, trace and isolate strategy will soon be rolled out. But how does a government trace the contacts of infected individuals without further invading their privacy? Somewhat surprisingly, Singapore - not known as a champion of civil liberties - came up with a solution:

The app, named TraceTogether, [makes it] easier to trace who else may have been exposed to the virus. With that info in hand, health authorities are better-informed about who needs to go into quarantine and can focus their resources on those who most need assistance.

The app is opt-in and doesn’t track users through space, instead recording who you have encountered. To do so, it requires Bluetooth and location services to be turned on when another phone running the app comes into range exchanges four nuggets of information - a timestamp, Bluetooth signal strength, the phone’s model, and a temporary identifier or device nickname. While location services are required, the app doesn't track users, instead helping to calculate distances between them.

Singapore has open sourced the app so that other governments can create their own versions, and more importantly people can verify that they are, in fact, not spying on them (see examples here of countries that have not been so open).

Big Tech has become involved too, with rival giants Apple and Google teaming up to "help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design":

First, in May, both companies will release APIs that enable interoperability between Android and iOS devices using apps from public health authorities. These official apps will be available for users to download via their respective app stores.

Second, in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms. This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities. Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders. We will openly publish information about our work for others to analyze.

Bluetooth trace tracking is not without its issues, and neither is the Apple/Google contact tracing framework, but if done properly is relatively costless and far better than the more intrusive alternatives, or no trace technology at all.

The fact is governments are going to be reluctant to ease some of their more draconian measures unless they have something like a Bluetooth tracing app available, and it will be better for everyone if it's one with data security and privacy built in from the start (no Zoom developers, please).

Unfortunately, there is no perfect app that ticks all the boxes and the whole space remains a bit of a grey area. Too intrusive, and enough people won't use it for it to provide a reasonable gauge for infection contact tracing. Too private, and the data may not be sufficient or accurate enough.

In an ideal world, US Attorney General William Barr wouldn't have launched his idiotic crusade against encryption, as developments in that space are the most promising in terms of the privacy/surveillance trade-off that we will face in the coming weeks. Perhaps if other countries such as Australia hadn't tried so hard to ban encryption, there might be some kind of private, encrypted Bluetooth tracing technology already available. But I digress.

I just hope that the politicians and their epidemiologists have had some time to learn a bit of economics on the fly, understand that there are trade-offs, and more accurately estimate what are likely to be politically and socially sustainable options this time around. Look to Singapore, not Israel and China.

Enjoy the rest of this week's issue. Cheers,

— Justin

Other bits of interest

All models are wrong

Sometimes you need judgement and a good theory instead of a model. Understanding that approach was needed at the outset would have served several countries much better in terms of avoiding COVID-19 damage (both health and economic).

Social distancing will last a long time

It's not all bad.

The Masayoshi Son indicator

Japanese billionaire Masayoshi Son is the ultimate tech permabull, and his dodgy Ponzi investing strategy works well until it really, really doesn't (Son lost $US70bn in the dotcom crash).

Huawei is joining the Linux and Open Invention Network

Could the United States' action against Huawei force it (and possibly other Chinese companies) to embrace open source software? It's certainly possible:

The Open Invention Network's (OIN) mission is to enable Linux, its related software, and its programmers to develop and monetize Linux and open-source software without being tied down by patent fights. It does this by practicing patent non-aggression in core Linux and adjacent open-source technologies, Specifically, members cross-license Linux System patents to one another on a royalty-free basis. OIN-owned patents are similarly licensed royalty-free to any organization that agrees not to assert its patents against the Linux System.

I see this as a rare positive unintentional consequence of the trade dispute.

Issue 73: Virus tracking and the privacy trade-off was compiled by Justin Pyvis and delivered on 14 April 2020. Join the conversation on the fediverse at