"The system then takes that the contact events were 'authentic' and then takes the transmit power and received signal strengths that each proximity event produced (remember, these are broadly representative of physical distance), and runs those through a sophisticated risk model to work out the encounters that are high risk from a virus transmission point of view. "
This is not possible.
Other countries use humans (Contact Tracers) to do this, working with the person infected.
Contact Tracer: On this day looks like blah happened, Infected: Yes I forgot.
Infected: On this day I talked to this person for ages but I don't know them. Contact Tracer: I see, we will contact them.
Fine, fine, move quick and break stuff. Don't think about it.
In Australia-
The App is not anonymous! It reuses the ID, they don't roll. 3rd Parties track away.
iOS does not work at all. You have to have the phone unlocked and on the front. If you want to pretend that works, you'll make a great government consultant like the Australians used.
Ugh. This is dreadful. Chock full of fallacious arguments. This is a very nuanced problem, but as described this approach is deeply flawed...
I'm cannot determine who is supposed to be the target audience for this "messaging". The narrative starts out trying to build credibility by telling stories from history, trying to build support for being able to track the source of a problem. I should note right here, that electronic surveillance did not exist in either the Middle Ages or the early 1900's when Typhoid Mary was alive -- so tracking the source of infection did not really incur other costs or "side effects".
There is then a middle fluff section, pontificating on the two models: decentralized, centralized. Yup, there is an agenda here...
The first kicker is "stopping the spread" -- there is an unjustified statement that the "decentralized" model doesn't work -- no explanation. There is an appeal to the non-relevant stories. Then an appeal to "balance" with the public health authorities having the minimum information necessary to manage the spread of the virus.
Then there is a "dive" into the Crypto... Partial postcode (so "rough" geographic location data)... the model of your phone. Seriously -- WTF -- Covid-19 doesn't care what the model of your phone is, this is irrelevant, unless you want to profile and track individuals -- period. The system also ends up agreeing a few cryptographic keys, including a key used to authenticate your installation... and some system parameters. Sorry, this creates highly identifying information. Covid-19 doesn't care about these. Why are these items important or relevant?
There is a fabulously contradictory paragraph that starts with "now let's say you wake up with a cough". I should note that the previous paragraph ends with "At this point, nothing has been sent back to the NHS". In this paragraph it explains that analysis will result in a list of (ahem, centrally recorded) installation IDs that have been in your proximity. Congratulations -- by reporting yourself as sick, you've filled in part of a social graph by identifying other people you came into contact with.
There is a paragraph about downsides, but it is fallaciously incorrect. If you identify as being sick you are no longer anonymous. You reveal your contact graph.
There are perspectives / options that a very large number of people will eventually get Covid-19 -- large % numbers of the population in every country. This type / style of app will leave behind a non-anonymous, persistent and connectable social graph.
In summary, the pitch and story was based on and contained fallacious arguments. The crypto "measures" irrelevant things. There is an appeal that this is the best that can be done.
Could this all have been developed with advisors that "helped" with the design and how it should be sold? If not, then this suggests that the developers are naive and need additional assistance regarding privacy, anonymity and forward secrecy.
"The system also ends up agreeing a few cryptographic keys, including a key used to authenticate your installation... and some system parameters. Sorry, this creates highly identifying information. Covid-19 doesn't care about these. Why are these items important or relevant?"
Thanks for this.
Almost had me believing that the unique bluetooth bla bla didn't reveal too much - not that I would have installed it.
This is not possible.
Other countries use humans (Contact Tracers) to do this, working with the person infected.
Contact Tracer: On this day looks like blah happened, Infected: Yes I forgot.
Infected: On this day I talked to this person for ages but I don't know them. Contact Tracer: I see, we will contact them.
Fine, fine, move quick and break stuff. Don't think about it.
In Australia-
The App is not anonymous! It reuses the ID, they don't roll. 3rd Parties track away.
iOS does not work at all. You have to have the phone unlocked and on the front. If you want to pretend that works, you'll make a great government consultant like the Australians used.