Coronavirus tracing tech policy ‘more significant’ than the war on encryption

If certain sections of the population don’t trust governments on 5G, are they ever going to load a tracing app on their phone?…:

[…] Contact tracing is already a routine process in most developed nations for battling things like meningococcal disease, tuberculosis, and sexually transmitted infections (STIs), including HIV.

Normally, this “painstaking and quick detective work” is labour-intensive and involves lots of phone calls and text messages. The new technologies that are being developed intend to improve that.

Australia’s plan to adopt TraceTogether, the COVID-19 contract tracing app from Singapore, is one obvious example.

The remarkable partnership between Apple and Google to roll out APIs to enable contact tracing apps is another.

But how many of these players are thinking about the long-term implications?

TraceTogether’s creators seem to have made a solid effort to protect users’ privacy from each other. The co-called “Central Authority” server generates temporary IDs which are periodically refreshed, for example.

The data log only contains relative distance between users, as determined by the Bluetooth signal strength, not the exact location where the users came in close contact.

But a detailed analysis by researchers from the University of Melbourne and Macquarie University highlights a range of privacy flaws.

One key problem is that users must trust the Central Authority — in Singapore, that’s a Ministry of Health server — to do the right thing.


Original Article