Contact Tracing COVID-19 Infections via Smartphone Apps

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It’s similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It’s nice seeing the privacy protections; they’re well thought out.

I was going to write a long essay about the security and privacy concerns, but Ross Anderson beat me to it. (Note that some of his comments are UK-specific.)

First, it isn’t anonymous. Covid-19 is a notifiable disease so a doctor who diagnoses you must inform the public health authorities, and if they have the bandwidth they call you and ask who you’ve been in contact with. They then call your contacts in turn. It’s not about consent or anonymity, so much as being persuasive and having a good bedside manner.

I’m relaxed about doing all this under emergency public-health powers, since this will make it harder for intrusive systems to persist after the pandemic than if they have some privacy theater that can be used to argue that the whizzy new medi-panopticon is legal enough to be kept running.

Second, contact tracers have access to all sorts of other data such as public transport ticketing and credit-card records. This is how a contact tracer in Singapore is able to phone you and tell you that the taxi driver who took you yesterday from Orchard Road to Raffles has reported sick, so please put on a mask right now and go straight home. This must be controlled; Taiwan lets public-health staff access such material in emergencies only.

Third, you can’t wait for diagnoses. In the UK, you only get a test if you’re a VIP or if you get admitted to hospital. Even so the results take 1-3 days to come back. While the VIPs share their status on twitter or facebook, the other diagnosed patients are often too sick to operate their phones.

Fourth, the public health authorities need geographical data for purposes other than contact tracing – such as to tell the army where to build more field hospitals, and to plan shipments of scarce personal protective equipment. There are already apps that do symptom tracking but more would be better. So the UK app will ask for the first three characters of your postcode, which is about enough to locate which hospital you’d end up in.

Fifth, although the cryptographers – and now Google and Apple – are discussing more anonymous variants of the Singapore app, that’s not the problem. Anyone who’s worked on abuse will instantly realise that a voluntary app operated by anonymous actors is wide open to trolling. The performance art people will tie a phone to a dog and let it run around the park; the Russians will use the app to run service-denial attacks and spread panic; and little Johnny will self-report symptoms to get the whole school sent home.

I recommend reading his essay in full. Also worth reading are this EFF essay, and this ACLU white paper.

To me, the real problems aren’t around privacy and security. The efficacy of any app-based contact tracing is still unproven. A “contact” from the point of view of an app isn’t the same as an epidemiological contact. And the ratio of infections to contacts is high. We would have to deal with the false positives (being close to someone else, but separated by a partition or other barrier) and the false negatives (not being close to someone else, but contracting the disease through a mutually touched object). And without cheap, fast, and accurate testing, the information from any of these apps isn’t very useful. So I agree with Ross that this is primarily an exercise in that false syllogism: Something must be done. This is something. Therefore, we must do it. It’s techies proposing tech solutions to what is primarily a social problem.

EDITED TO ADD: Susan Landau on contact tracing apps and how they’re being oversold. And Farzad Mostashari, former coordinator for health IT at the Department of Health and Human Services, on contact tracing apps.

As long as 1) every contact does not result in an infection, and 2) a large percentage of people with the disease are asymptomatic and don’t realize they have it, I can’t see how this sort of app is valuable. If we had cheap, fast, and accurate testing for everyone on demand…maybe. But I still don’t think so.

EDITED TO ADD (4/15): More details from Apple and Google.

EDITED TO ADD (4/19): Apple and Google have strengthened the security and privacy of their system.

Tags: Apple, COVID-19, epidemiology, Google, privacy, tracing, tracking

Posted on April 13, 2020 at 6:48 AM • 64 Comments

Comments

King • April 13, 2020 8:30 AM

Making it Security Theater? 🙁

selig • April 13, 2020 8:36 AM

“I’m relaxed about doing all this under emergency public-health powers,”

There are NO ’emergency public-health powers’ in the U.S. Constitution, nor any “emergency” powers at all.

The Bill of Rights is in full effect 24/7 — during war, hurricanes, terrorism, pandemics, and asteroid impacts.

Of course the rule-of-law principle has lost all meaning in these modern “enlightened” times.

Joe • April 13, 2020 8:55 AM

Oh look they’re already wanting to deanonymise. So shocked.

https://www.theguardian.com/world/2020/apr/13/nhs-coronavirus-app-memo-discussed-giving-ministers-power-to-de-anonymise-users

La Abeja • April 13, 2020 9:39 AM

a joint project

May I kindly ask what these playboy corporate frat-house researchers are smoking?

to create a privacy-preserving COVID-19 contact tracing app

Well, there’s a gentleman from the local municipal or borough health department calling your cell phone via the emergency 911 locator GPS beacon to inform you that the man you were seen having a conversation with at the local coffee shop last week has tested positive for STDs, and furthermore the local sheriff’s department is collecting a rape kit just in case you wish to press charges, which would certainly be highly advisable and much in your best interests if you wish to continue to reside in his district.

https://www.aol.com/article/lifestyle/2020/04/12/etsy-searches-for-face-masks-have-increased-an-average-of-9-times-per-second/23974458/

Meanwhile Etsy is selling very fashionable reusable and washable face masks, which do offer excellent protection against COVID-19®, provided they don’t smear your makeup and the elastic ear loops don’t catch on your earrings.

I’m not sure what they have in store for men, as men are generally encouraged to maintain an appropriate social distance of at least six feet out of a proper respect for continued efforts to prevent the spread of Coronavirus®.

Alejandro • April 13, 2020 10:10 AM

I recall reading a similar app in Singapore quickly became mostly useless because, at most, 12% of the population ‘volunteered’ to use it and cooperate with authorities.

I certainly would not use it voluntarily, would you?

The plan is to bake the tracer app into the Apple and Google OS. At that point user control, security and privacy realistically defaults to: none.

That will in turn unleash governments, police, corporations and criminals everywhere to access and abuse it, just because they can.

BTW, without accurate, mass testing and a literal army of tracer personnel the app and any tracing whatsoever is not possible.

Phaete • April 13, 2020 10:31 AM

All other things not considered, not having a smartphone is going to be (seen as) a health security risk.
Fun times.

wiredog • April 13, 2020 10:59 AM

Molly Wood on Marketplace’s “Make Me Smart” podcast last Friday (or Thursday? )discussed this. If it uses bluetooth to determine “contact” then it has to deal with the inherent unreliability of bluetooth. Mainly that it can go through walls, or cars. So you drive past someone et voila you’re now a “contact”.

The way to deal with that, I suppose, is to require being within range for a reasonable period of time.

She also noted that this system is useless without extensive testing of presumed infections.

Byung Kyu Park • April 13, 2020 11:03 AM

And the ratio of infections to contacts is high.

Don’t you mean “the ratio of contacts to infections is high”—as in not every contact leads to infection, particularly with “contact” as defined through smartphone apps?

Curious • April 13, 2020 11:05 AM

I wonder what goes into the idea of “privacy preserving”. Presumably, relying on anonymization, however:

Consider for a moment, me, collecting all kinds of intimate photos of everybody in the world (in some official capacity to make it legal), but then I go promise “ok I have all this intimate stuff recorded, but I will keep it ‘private'”.

This would not not what I consider ‘privacy preserving’.

So, at least this is very problematic, but I guess “it” sort of depends on the context. I think one might say that the problem of context is way more relevant, than if something is simply deemed to be under some ‘privacy preserving’ effort or not.

It would be sort of like considering the chicken and the egg conondrum. The important thing, wouldn’t really be about figuring out what came first, the chicken, or the egg, but.. to understand the process.

AlanS • April 13, 2020 11:06 AM

NHS coronavirus app: memo discussed giving ministers power to ‘de-anonymise’ users.

The health secretary, Matt Hancock, announced on Sunday that the UK planned to introduce an app that would enable people who developed Covid-19 symptoms to “anonymously” alert other users to whom they had been in close proximity. “All data will be handled according to the highest ethical and security standards, and would only be used for NHS care and research,” he said. However, the government document seen by the Guardian, headed “official – sensitive” and “draft – not yet approved”, suggests the NHS privately considered using the technology to identify users.

Why anyone in the UK finds anything the governing class says to be the slightest bit believable beats me but I guess if you live on a diet of the Daily Mail, Telegraph, Sun, and the BBC you might.

JonKnowsNothing • April 13, 2020 12:13 PM

Clearly they have not thought through all the Use Cases…

While these malware-apps are directed at finding needles-in-haystacks by collecting entire haystacks, they can also be used to find the hay-stackers.

Reversing these connections won’t be that difficult, if it’s an app or has an API to it or can be monetized, the connection list goes up the food chain too.

Want to know who was at the White House Dinner? Who played golf with TheTrumpz? How about which rooms they were in at Mar A Lago? Maybe even who was IN the room or OUTSIDE it too. Want to know who Richard Burr and Dianne Feinstein talked with in their private pre-sale conferences in the moments before they sold millions of USD in stock?

The NSA has already been through this exercise with their Three Hop Rule, a half-step down from Six Degrees of Separation. It becomes pointless at 3 steps as you end up a number of contacts exceeding the population of some states.

note: This works for the NSA because it gives them plausible justification for a FISA Warrant because some BODY is the any BODY needed to get a warrant.

While some countries may try to geo-ring-fence areas (ala drones) there will be plenty who won’t bother with such niceties.

It’s a mega-invasion of “rights” no matter which end of the spectrum you are on, but “rights” are definable. Some folks have no rights, some have more, and others have more than most. Most folks in the USA think the US Constitution and Bill of Rights are THE BE ALL and END ALL of Rights, but it’s a drop in the bucket compared to some other countries.

George Carlin had much to say on “rights”. Paraphrased:

You have no rights. Rights are Rights and Rights cannot be altered.
What you have is a list of privileges. Privileges are defined, changeable and can be removed “any time”.

ht tps://www.theguardian.com/world/2020/apr/13/unfair-advantage-concerns-us-lawmakers-are-using-coronavirus-briefings-to-make-stock-decisions

ht tps://www.theregister.co.uk/2020/04/13/senate_stock_sales/
(summary: a traditional Python web scraper parsing Senator’s filing of Periodic Trading Reports (PTR’s) off US Senate Financial Disclosures website)

ht tps://en.wikipedia.org/wiki/Six_degrees_of_separation

Six degrees of separation is the idea that all people are six, or fewer, social connections away from each other. Also known as the 6 Handshakes rule. As a result, a chain of “a friend of a friend” statements can be made to connect any two people in a maximum of six steps.

ht tps://en.wikipedia.org/wiki/George_Carlin
(url fractured to prevent autorun)

David Leppik • April 13, 2020 12:21 PM

@wiredog

It just so happens that I’ve been working on a BlueTooth LE app recently where I am largely interested in when the BlueTooth device goes out of range. I tried putting the device in my kitchen refrigerator, about 15 feet (5 meters) and a few walls away from my desk. No luck; the signal was broken half the time. I tried putting the device in a metal tin. No luck. Metal tin in the refrigerator usually works. Wrapping the device in aluminum foil, putting the foil pouch in the metal tin, and then putting the tin in the refrigerator (or pressure cooker) works.

Typical BlueTooth LE devices have a 50 meter (150 foot) range. It’s surprisingly hard to block those signals. I have every confidence that the BlueTooth LE protocol that Apple and Google have will reliably share information between people within sneezing range.

JonKnowsNothing • April 13, 2020 12:38 PM

As if the whole concept wasn’t stupid enough, with all those fake logic loaded statements in the vein of “When Did You Stop Beating (fill in the blank)..”

Use Case: MOI

I am in the No Treatment For You category.
(too old)
I am in my personally provided prison.
(I have shelter)
I am paying for living in for my personal prison.
(I pay for shelter)
I am paying for food to be brought to me in my personal prison.
(I pay for food to be brought to me)
If I go outside – I die
(No Problemo – just wealth transfer)

Zho…

Now we load up this fantastic COVID19-TRACER app (voluntarily or auto-installed) and then what? Exactly what is going to happen?

The Army is gonna build a hospital right at my front door?
The health services are going to enter my house to carry me out to the NO VENTILATOR FOR YOU room in the newly build Army Hospital on my front lawn?
Somehow the outcome is going to be different? Given that NO TREATMENT FOR YOU is a pretty definitive outcome.

Gosh, I’ve seen some DUMAS reasoning but these are really Top Icings.

ht tps://en.wikipedia.org/wiki/Loaded_question
ht tps://en.wikipedia.org/wiki/Fallacy
(url fractured to prevent autorun)

myliit • April 13, 2020 12:43 PM

OT, but

Where will the USA military, Intelligence Agencies, Judiciary, Law Enforcement Organizations, Silicon Valley, Federal, State, and local politicians, etc., be when our president tries to pull a trigger.

La Abeja • April 13, 2020 2:21 PM

@JonKnowsNothing

No Treatment For You category.
(too old) … The Army is gonna build a hospital right at my front door?

The Army has a lot of young men. They don’t always take kindly to the older men “of the town” or “of the district.”

Meanwhile a lot of women are going around unaccounted for.

https://www.prisonpolicy.org/graphs/genderinc.html

There will be officers (mostly male as are the recruits) of course, at some level of rank, who say that is the way it’s supposed to be, while other officers continue to fraternize with the gentlemen and pimps of the town, and certain favored young men in the military grow up to be good old boys on the town, while others are disciplined or discharged as “lost boys” from a service cult.

Curious • April 13, 2020 3:17 PM

Generally speaking, I wonder, does “tech” even manage to separate people, in the Z axis? (up/down), as opposed to just X and Y (a plane).

Kknechg • April 13, 2020 5:09 PM

Here in tn the gov. Is using a cell phone tracking technology just to track movement within the state.the govenor used this tool as a excuse to clamp down on more buisnesses and public areas.no ones getting arrested,but the cops have “authority” to suggest/ recomend ” bust it up boys and girls,go home warning.if non compliance occurs…ticket time.my advice,leave your phones at home or if you are fortunate enough to have a older android like mine,bring the phone and yank the battery.stay off google when traveling.

Sancho_P • April 13, 2020 5:27 PM

+1 @Bruce, nonsense without going into details (but kudos @Ross Anderson).
A contact tracking app is basically a bad idea because it works always after the fact.
Wasted energy, a “high tech solution” hype to gather user data for business.

Prevent in time means to test + isolate.
But isolate doesn’t mean to quarantine at home with family in a small apartment.

lurker • April 13, 2020 5:29 PM

The reported 12% uptake of a voluntary app in posterchild S.Korea is perilously close to a margin of error. Will it now become compulsory to carry a device that runs this app? Standard cell tracking from telcos is at least an order of magnitude too coarse to be of use in contact tracing.

But those who always carry their phone will be struck down by the lurgy according to Revelations 16:2.

Werewolf and go WILD! • April 13, 2020 7:43 PM

Have you seen what it’s like out there, Murray? Do you ever actually leave the studio? Everybody just yells and screams at each other. Nobody’s civil anymore. Nobody thinks what it’s like to be the other guy. You think men like Thomas Wayne ever think what it’s like to be someone like me? To be somebody but themselves? They don’t. They think that we’ll just sit there and take it, like good little boys! That we won’t werewolf and go wild!

Ari Trachtenberg • April 13, 2020 10:50 PM

(Disclosure: I co-authored the arxiv paper [https://arxiv.org/abs/2003.13670] that merged into the MIT Pact system.)

Automated contact tracing is meant to be a tool to complement manual contact tracing, which, while effective, is simply not scalable. Manual contact tracing is also not privacy preserving … it is extremely intrusive.

We will likely have automated contact tracing implemented to help get the economy restarted, because we have neither a treatment nor a vaccine for COVID-19 (and may not have it for a while) and we have no other credible alternative (yes, I’d love to have tens of millions of high-quality tests developed in the next week, but it’s not happening).

The question is whether you want:

a system with some
privacy protections from a central authority and other users (as in the MIT-led system, Covid-Watch, or the DP-3T system [https://github.com/DP-3T/documents]), or
a system with privacy protections only against other users (Israel or Singapore), or
a system which may not have any real privacy protections (China?)

Contact tracing will necessarily leak information, because you are informing a person that they have been around someone who is sick. We can engineer it to be better, or we can whine until the authoritarian tendencies make us moot.

JonKnowsNothing • April 14, 2020 12:47 AM

@Ari Trachtenberg

ahem ahem … so many choices here… oh dear… so much BS piled Higher and Deeper…. so many options … or ELSE…

Or ELSE WHAT? Exactly what are your chums going to do IF “folks” don’t go along with your EITHER OR

There are many ways to skin the cat and yours is well… not worth the ink to print it…

We will likely have automated contact tracing implemented to help get the economy restarted

And precisely what does THIS have to do with THAT? Really do tell us stupids trying to live long enough to watch some rich folks kick the bucket before we fall off the gurney into a mass grave. So far the score is moving in the right direction: a few lords and royals and some sports bros and a few more business types. All very satisfying that they died for “The Economy”.

So… to partially put your theory to test that this is needed…

You have your contact list
On this list are (today) 80% of the world has NO COVID19.
On this list are (today) 20% of the world (still living) HAS COVID19.
On your JOBS IMPORTANT: what kind of job are you proposing? Lets be nice and say you have a job at an AMAZON WH for $4.95 USD/hr, no health care, no sick time, no insurance, zero hours contract.
For this job you have to pick from COLUMN A or COLUMN B: someone with COVID19 or someone WITHOUT COVID19
Mr Bezos doesn’t really care which column you pick from, he has zero interesting in restarting an economy where folks in either column have a choice of employers. Mr Bezos is currently hiring thousands ’cause he isn’t planning on letting anyone else hire them.
Additionally Mr Bezos could care less if his workers get sick, die or pass on the illness.
So pretend your NO COVID19 person gets flopped into Amazon WH and gets COVID19 from another person there. OOH surprise? NO ’cause that’s what’s happening right now, today, real time.
So then your little tracker app starts spouting
WARNING WARNING COVID19 DETECTED WARNING WARNING
And now what are you going to do?
Are you going to close down Mr Bezos WH ’cause now a whole lot of folks got exposed?
Are you planning to let them all get sick and/or die?
Are you planning to NOT employ people who have had it?
Are you planning to pretend that all people surviving COVID19 are interchangeable and forever more immune.
Are you planning on a virtual BRAND or TATTOO that VR goggle-glass-OHs will see as
“OLD GIT NOT COVID19 PROOF”

And then this part: AUTOMATED APP is going to wend it’s way down the employment chain to:

Military? They don’t care that much, they are paid to die. Die GLORIOUSLY FOR THE ECONOMY. Get a medal?
Manufacturing? We don’t have much in the USA, I think China already knows.
Airlines? Planning on a vacation to the SCHENGEN area?
Cruise Lines? OH well maybe another petri dish is needed?
Farming and Ranching? Farm workers are more afraid of ICE than COVID19.
Shopping Malls?
WARNING THE MALL IS COVID19 CONTAMINATED STAY AWAY! WARNING
Probably not what you had in mind there

You have no tests, you have no method of testing, you have no cure, you have NOTHING… And all for the economy.

I’d be embarrassed to be associated with that program…

Pynej • April 14, 2020 12:50 AM

Just because not everyone will use it doesn’t mean that is value. Anything g we can do to give a earlier warning of potential infection to people will save live in the long run. Even if only 10% use it, and it’s only 20% accurate due to real world realities, that’s still the potential of warning many and affecting the spread. This really does rely on broadly available, accurate, and fast testing to be useful. Just because the testing isn’t there yet doesn’t mean we shouldn’t do this.

Also worth noting S Korea already had a contract tracking system in place, they didn’t invent it as hoc in the middle of this pandemic.

JonKnowsNothing • April 14, 2020 1:37 AM

@Pynej

re:

Just because not everyone will use it doesn’t mean that is value. Anything g we can do to give a earlier warning of potential infection to people will save live in the long run…

So… you need an automated app to tell you: “Global Covid-19 cases near 2 million” and that there is a global pandemic?

So… you need an automated app to tell you: that you will be exposed if you go out of your house, ride the subway, bus, train, work in a factory?

I could imagine that sometime after a vaccine is found then tested and found to be effective and not defective killing more folks than the virus, that sometime after the global vaccination campaign, that some hot spots could use a COVID19 DETECTOR TEST, but I don’t think an app will do it.

You know you have to have a signal for smartphones to work? Geography is not going to cooperate much.

Just imagine the chaos of walking into a NHS hospital right now with an app that says
“YOU HAVE BEEN EXPOSED TO COVID19!”?

Thank You, said the Prime Minister Boris Johnson.

JonKnowsNothing • April 14, 2020 1:54 AM

Sancho_P

re:

Prevent in time means to test + isolate.
But isolate doesn’t mean to quarantine at home with family in a small apartment.

While I would like to not be confined to my personal prison, I do not think there are any circumstances in which I would unnecessarily risk exposure no matter how small a chance, because the penalty for a wrong guess for me is: DEATH.

In San Francisco, it seems that during their current lockdown, some enterprising folks set up a speakeasy in a warehouse area.

Snips from MSM Report:

a time-lapse video created by investigators showed more than 150 people entering and leaving the club
20 to 30 cars parked or departing from the building
“a civil inspection and abatement” warrant, which allowed police to shut down the club and seize assets.
items seized were DJ equipment, fog machines, gambling machines stocked with cash, pool tables, bins of liquor, cases of beer and bar furniture

So, while I would like to walk in the park, enjoy the no-smog air (while it lasts), see the California vistas no one has seen in 30 years (of accumulated pollution), one sneeze and or spit on the side walk or illegal party…

  The undiscovered country, from whose bourn
  No traveller returns, puzzles the will,
  And makes us rather bear those ills we have,
  Than fly to others that we know not of.

    William Shakespeare, Hamlet, Act 3, Scene 1

Perhaps some truly enterprising persons will create a “clean room” (really clean) where people can go and sit next to glass/Plexiglas walls and stare at each other and watch communal TV. Order food and drinks delivered by automat. Have a clean entry and exit direct to your chariot… Beam me up Scotty…

We might need that if they don’t find a vaccine or they can just wait for Herd Immunity Policy to take care of the unnecessary 40%.

ht tps://www.theguardian.com/world/2020/apr/13/san-francisco-illegal-nightclub-shut-down-coronavirus

ht tps://en.wikipedia.org/wiki/Speakeasy

A speakeasy, also called a blind pig or blind tiger, is an illicit establishment that sells alcoholic beverages.

ht tps://en.wikipedia.org/wiki/To_be,_or_not_to_be

ht tps://en.wikipedia.org/wiki/Automat

ht tps://en.wikipedia.org/wiki/Beam_me_up,_Scotty
(url fractured to prevent autorun)

stine • April 14, 2020 6:18 AM

Its not needed, absolutely not needed and never has been.

https://www.youtube.com/watch?v=PGPR6dEHF7E

Watching that video was like reading about the fleeing, panic-ridden security guard in The Stand.

This is what they already have.

Also, the narrator says the data was anonymized location data….what’s the damn point when 10 seconds with google maps will give you an address. and 5 seconds more will give you a name.

D Chapeskie • April 14, 2020 6:21 AM

I haven’t seen the link to the spec posted here (apologies if I just missed it and this is a repeat):

https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ContactTracing-CryptographySpecification.pdf

I found this a few days ago from someone that implemented the specification in Go:

https://old.reddit.com/r/golang/comments/g02kzn/implementation_of_the_google_and_apple_covid19/

Ergo Sum • April 14, 2020 7:09 AM

@Ari Trachtenberg…

When you complement a “not privacy preserving” system, the app is not privacy preserving either by default. How the app tries to de-identify the user does not really matter. The communication between the app and the app server will give away the identity of the user. Even in the case of one way communication, app –> sever; the server needs to know the network identity of the app. Logging the communication between the server and the app will provide historical data for each and every installed apps.

* a system with some privacy protections from a central authority and other users (as in the MIT-led system, Covid-Watch, or the DP-3T system [https://github.com/DP-3T/documents]), or…

Yes, “some privacy protections” are better than none. Albeit these protections will not exist, once the tracing companies receive an NSL from LEOs, data brokers had offered insane amount of money for real-time data feeds, resellers, etc. In a world, where even Apple is willing to make Google the default search engine for a measly $1B a year, the tracing app has no chance for even some privacy protection.

Curious • April 14, 2020 9:09 AM

According to a recent brief local news bulletin, Germany’s minister Heiko Maas want’s all EU countries to cooperate, to avoid having different “apps” for tracking covid-19 via mobile phone and also for avoiding 27 different ways to store the data.

The movive is apparently to want to secure privacy protections.

Unfortunately for me, when I think of Germany I think of it as NSA HQ in Europe. 😐 I don’t live in the European Union, but certain trade arrangements/memberships sort of harmonize up against EU regulations afaik, so I can at least imagine something like this eventually impacting my country.

Privacy • April 14, 2020 10:01 AM

@Ari Trachtenberg

Some good points, but as others are getting at, it’s not that simple to remove identifying information.

A simple illustration that some will remember:
https://en.wikipedia.org/wiki/AOL_search_data_leak

Sancho_P • April 14, 2020 1:08 PM

@Ari Trachtenberg

”We will likely have automated contact tracing implemented to help get the economy restarted, because we have neither a treatment nor a vaccine for COVID-19 (…) and we have no other credible alternative (…).”

OMG! What a clear reasoning in this sentence, I’m impressed.
Yea, let’s have sup to start the rainbow, because we have neither silver nor fruits and no other credible alternative!

No, thanks, there is no more question, we don’t want what you can’t formulate.

Sancho_P • April 14, 2020 2:55 PM

@JonKnowsNothing

”While I would like to not be confined to my personal prison, I do not think there are any circumstances in which I would unnecessarily risk exposure no matter how small a chance, because the penalty for a wrong guess for me is: DEATH.”

Likely I didn’t understand your point, sorry, ESL here.
In Spain many people live in small apartments, often 2 or more generations together, not only in suburbs. Even in a house next to mine there live 4 adults and 4 kids, 3 generations, on 92m2, 2 bedrooms, 1 bath. Their garden is 160m2 with 2 huge dogs, no place for kids. They are happy, funny, nice people. Very common.
Spaniards are known to talk much, long and loud, hugging each other at least every hour, more than people in northern Italy do.

Isolate? At home? See our figures!
On the other hand, some 140.000 EU tourists have left the hotels in my neighborhood, all shut down, empty, economy devastated!

JonKnowsNothing • April 14, 2020 4:43 PM

@Sancho_P

Well different problems for sure. You have too many in a house. I have no one.

So, the problem for me is that as I am old and likely to get COVID19 if exposed to it and also am listed in the No Treatment age group (varies from age 44+ depending on number of ventilators the local hospital has), if I want to keep breathing, I cannot go out at all. Very risky.

I explained to a friend who has older family members living with them similar to your situation.

If they go back to the office, and get exposed they will bring it home with them. It might be at the office, on the bus, on the street but COVID19 comes back to their family.

So do they want to kill their older family members? They are the parents of one spouse. Do you want to kill your parents? Just so the Economy can restart?

Perhaps you do not understand that while you may not think you are at risk, it’s all the folks around you that are, the ones you see, the ones you live with and the ones you walk by on the street, the homeless, the housed, the boss and the unemployed standing in line at the grocers.

Where I am in California, our local county posts statistics every night. We aren’t nearly as bad off as the bigger urban areas.

51% of the cases are under 49.
20% of the cases are 65+

The 51% are who they want to go back working for MrBezos and UBER for less than living wages, these are the folks that will eventually kill me. Even with M. Ari Trachtenberg’sCOVID19 ALERT APP, it won’t help.

So, the really down and dirty question is: How much money will you take, to kill your parents and grandparents?

The value of that equation has already been determined by the Neoliberal Economists and whoever is sponsoring M. Ari Trachtenberg app.

Which door will you take?

ht tps://en.wikipedia.org/wiki/Monty_Hall_problem
(url fractured to prevent autorun)

TRX • April 14, 2020 6:55 PM

I’m pretty sure that Apple has that information already. I know Google does; you can access their map of every place your phone has ever been and every phone that it made a call to or received a call from. The information is also available from the telcos, who don’t seem to have any reluctance to cough up as much tower and call data as the “authorities” demand.

So… other than some kind of security theater, what does this app accomplish?

Clive Robinson • April 14, 2020 7:01 PM

@ JonKnowsNothing,

Perhaps you do not understand that while you may not think you are at risk, it’s all the folks around you that are, the ones you see, the ones you live with and the ones you walk by on the street, the homeless, the housed, the boss and the unemployed standing in line at the grocers.

Worse they may not ever know they’ve had it unless they are tested for antibodies…

Various figures are comming out where lots of testing is being done that between 50% and 78% who have trsted positive for COVID-19 are asymptomatic and will remain that way…

So each asymptomatic person could be pushing out 100billion virus particles a day to infect others with…

A sobering thought that three out of four people you meet could be shedding virus particals at you…

It realy puts into perspective that whilst wearing masks won’t protect you, it will help protect those around you from you being infectious with no clue you’ve got the disease…

La Abeja • April 14, 2020 7:07 PM

@JonKnowsNothing

too many in a house

That’s a Chinese triad. It’s a gang expression. People have “too much family” and they’re “planning on a service.”

That’s the triad. There’s at least nominally a love triangle involved. Not so much a ménage à trois but a knock-down drag-out fight. A family feud. A clan war. Husband and wife can’t get along because of it. Prostitution or vice but only in a very general sense. Gang ties have replaced family ties.

Petre Peter • April 15, 2020 7:29 AM

We will never get rid of this.

John Wunderlich • April 15, 2020 11:34 AM

FYI, a couple of related Medium posts:

https://medium.com/@PrivacyCDN/testing-not-tracing-is-the-privacy-preserving-response-to-covid-19-3fc50cc7c666

https://medium.com/@lourdes.turrecha/avoid-privacy-creepiness-use-this-checklist-for-the-covid-19-tool-youre-developing-b132af560ef6

Drone • April 15, 2020 12:22 PM

So now I will NEVER take my “mobile” phone out of the house, plus I’ll keep it turned OFF unless I truly need it to contact someone. Even then, only the bare MINIMUM connectivity and location tracking services will be enabled. So much for their “Contact Tracing Apps”. Upside – my mobile phone’s battery will last a really long time 😉

a • April 15, 2020 2:40 PM

@Drone

Commendable, but don’t assume that pressing the power button really ‘turns off’ the phone.

Wael • April 15, 2020 8:44 PM

Contact Tracing COVID-19 Infections via Smartphone Apps

How ingenious! The way things are going, COVID-19 will mutate and cross the human-machine boundary. Then security folks will … invent computer white blood cells and then scan ‘puters for anti-bodies! Or … some code-cutter will hardcode the signature of [redacted for sensitivity] to identify the Virus.

MarkH • April 16, 2020 5:11 AM

Perhaps of interest to readers of this thread:

https://www.nytimes.com/2020/04/15/opinion/coronavirus-surveillance-privacy-rights.html

If you want a hint concerning the authors’ perspective, consider the headline:

Surveillance Won’t Stop the Coronavirus

and subhead:

Access to adequate health care, including protective equipment and sufficient testing, will do more good than another hackathon.

Interesting tidbit: the WHO has expressed strong concern about anti-pandemic tools endangering privacy.

MarkH • April 16, 2020 5:15 AM

@Sancho_P:

Thanks for your comment above about cultural factors in Spain, and the pandemic.

About a week ago, I mentioned social scientists proposing the hypothesis that inter-generational households contribute to higher death rates in Italy and Spain.

In March, I predicted that the highly communal (and rules-resistant) culture of the ultra-orthodox would promote spread of the pandemic in Israel, which was soon confirmed by news reports.

I think it’s easy — especially for tech geeks — to think of the pandemic as a sort of mechanistic phenomenon in a petri dish. That is almost perfectly wrong.

Every epidemic known to human history not only had its course strongly governed by cultural and social patterns, but almost certainly was caused by them as well. Human epidemics are phenomena of social behavior.

Many places have demonstrated how R, the effective reproduction rate of Covid-19, is reduced far below unity by broad compliance with behavioral measures.

What’s perhaps less obvious, is that even R₀, the initial reproduction rate, is surely not a constant. It will vary depending on a variety of factors, primarily social behavior and other cultural factors. Though this hasn’t been measured (and perhaps isn’t practical to measure), R₀ will certainly be different among populations according to:

• cultural practices governing physical proximity and touch
• economic wealth
• pre-pandemic levels of public health
• availability of sanitary technology (plumbing etc.)
• the geometry of housing, streets, transport etc.

Other factors likely to affect R₀ include latitude, climate, population genetics affecting susceptibility, etc.

Those who think of parameters like R₀ as though they were physical properties of a chemical element, are missing a bigger picture.

Zumodenaranja • April 16, 2020 8:03 AM

@MarkH,

You have clearly been reading my thoughts 🙂

Variable outcomes within nations too:

poor blacks in the US getting the shitty end of the stick, again 🙁
Muslim communities in Europe at genetic disadvantage due to higher rates of first cousin marriages

Culture trumps race, but Nature always plays the Ace…

Stéphane Bortzmeyer • April 16, 2020 8:22 AM

For the risk of trolling because of anonymous reporting, at least the PACT proposal (I didn’t check the others) is aware of the issue, and partially addresses it: a public health authority generates pseudo-random capabilities and give them to doctors. When the patient is positive, the doctor gives the capability to the user, who inputs it in the app, allowing him to report his condition to the public-health-managed reporting server. The capability is used only once. So, spamming trolls cannot report at will.

M.T. Carrasco Benitez • April 17, 2020 7:57 AM

European Commission

Guidance on Apps supporting the fight against COVID 19 pandemic in relation to data protection

In brief:
– Downloading the app should be voluntary not compulsory
– National health services should own the project and be responsible as the Data Controller
– Data minimisation principles should be applied
– GDPR principles of right to deletion should be adhered to
– Data should be stored on user devices wherever possible
– Consent should be applied to each element of the application not a catch-all opt-in at the beginning
– Rules should be introduced for the deletion of collected raw data and the subsequent insight

M.T. Carrasco Benitez • April 18, 2020 10:52 AM

Twenty-first plenary session of the European Data Protection Board – Letter concerning the European Commission’s draft Guidance on apps supporting the fight against the COVID-19 pandemic

“… minimise interferences with private life while still allowing data processing with the goal of preserving public health. … apps should be made in an accountable way … voluntary adoption of such apps … application of the GDPR …”

JonKnowsNothing • April 18, 2020 11:30 AM

@All

re: Australian Contact Tracing App – coming soon to your Bar-B

Can you spot the carrot or the stick? Or rather, The Shrimp on the Bar-B vs Centrelink Forever? He forgot to add in Bondi Beach with a free towel.

Summary of MSM Report:

the government services minister, Stuart Robert, has said.
“It is a big team Australia moment,” he said. “When this app is released in the next week or two we really need every Australian to download it and to run it, so that if indeed your family, you, come into contact with somebody with the virus, you can rest assured that health officials will rapidly contact you and seek to provide the best care possible to you.”
Robert said when the pandemic was over the app could be deleted and the data would not be retained.
Saturday the prime minister [Scott Morrison] confirmed the app would be voluntary after indicating on Friday he would not entirely rule out making it mandatory.
“There is no geolocation, there is no surveillance, there is no tracking,” he said.
“The app simply connects with another app. If those two phones are within 1.5 metres for 15 minutes it simply swaps phone numbers and names. That information is held encrypted and securely on the individual’s mobile phone.”
Robert said the information would be gathered by bluetooth and would be sent to secure national health storage only if a user confirmed they had been diagnosed with coronavirus. It would then be given to state governments so they could contact individuals who may have come into contact with that user.
The app’s source code would be made public so all Australians could be assured of their privacy and security.
If enough Australians installed the app, it would allow the prime minister to loosen the restrictions and kickstart the economy again,

ht tps://www.theguardian.com/technology/2020/apr/18/australian-coronavirus-contact-tracing-app-voluntary-and-with-no-hidden-agenda-minister-says

ht tps://en.wikipedia.org/wiki/Centrelink
ht tps://en.wikipedia.org/wiki/Centrelink#Debt_recovery_controversy_(aka_’robo-debt’)
(url fractured to prevent autorun)

gordo • April 18, 2020 12:54 PM

A comment from yesterday from Ross Anderson on his blog:

See this account of the Singapore app by one of its developers which reports that contact tracing apps are nowhere near being able to take over from human contact tracing, and this news story about the stand-off between the NHS and Gapple.

https://www.lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/#comment-1948657

See also this blog entry from our host:

Security Orchestration for an Uncertain World

When things are uncertain, you want your systems to be decentralized. When things are certain, centralization is more important. Good incident response teams know that decentralization goes hand in hand with initiative. And finally, a world of uncertainty prioritizes command, while a world of certainty prioritizes control. Again, effective incident response teams know this, and effective managers aren’t scared to release and delegate control.

https://www.schneier.com/essays/archives/2017/03/security_orchestrati.html

gordo • April 18, 2020 3:21 PM

A National Plan to Enable Comprehensive COVID-19 Case Finding and Contact Tracing in the US
Johns Hopkins School of Public Health Center for Health Security
APRIL 10, 2020

Executive Summary

In order to save lives, reduce COVID-19’s burden on our healthcare system, ease strict social distancing measures, and confidently make progress toward returning to work and school, the United States must implement a robust and comprehensive system to identify all COVID-19 cases and trace all close contacts of each identified case. It is estimated that each infected person can, on average, infect 2 to 3 others. This means that if 1 person spreads the virus to 3 others, that first positive case can turn into more than 59,000 cases in 10 rounds of infections.

COVID-19 is already spreading through communities across the United States. Therefore, a case-based intervention approach (employed routinely for diseases like TB, measles, sexually transmitted infections, and Ebola) will be impossible to achieve for COVID-19 without a new national initiative that combines a massive expansion of rapid diagnostic tests in every community with an unprecedented growth in a public health workforce and adoption of new technologies dedicated to case identification and contact tracing in each state.

To manage COVID-19 epidemics going forward, communities in the United States need: (1) ready access to rapid diagnostic tests for all symptomatic cases or those with a reasonable suspicion of COVID-19 exposure; (2) widespread serological testing to understand underlying rates of infection and identify those who have developed immunity and could potentially return to work or school without fear of becoming infected; and (3) the ability to trace all contacts of reported cases. In order to trace all contacts, safely isolate the sick, and quarantine those exposed, we estimate that our public health workforce needs to add approximately 100,000 (paid or volunteer) contact tracers to assist with this large-scale effort. This workforce could be strategically deployed to areas of greatest need and managed through state and local public health agencies that are on the front lines of COVID-19 response. To do this, we also estimate that Congress will need to appropriate approximately $3.6 billion in emergency funding to state and territorial health departments.

This plan outlines a vision for how to accomplish this goal, including ways that case identification and contact tracing capabilities can be greatly expanded; actions that the federal, state, and local governments and other organizations must take to stand up these capabilities as quickly as possible; and resources that will be needed to accomplish comprehensive case finding and contact tracing.

https://www.centerforhealthsecurity.org/our-work/pubs_archive/pubs-pdfs/2020/a-national-plan-to-enable-comprehensive-COVID-19-case-finding-and-contact-tracing-in-the-US.pdf

Guillermo Hatfield • April 19, 2020 12:59 PM

I am very appalled at what is happening in the world and how COVID-19 is affecting our lives. Now I sit in quarantine, in complete isolation at home and prepare my speech, which I will present to the student audience after the quarantine is over. The service papersowl, (get more info here https://papersowl.com/write-my-speech) which specializes in helping students deal with learning difficulties, helps me with this. My report is about how the virus has affected our lives and what conclusions we have to make.

Sancho_P • April 19, 2020 4:50 PM

Re: Contact tracing (thanks @gordo for the link)

Any app is a smokescreen, the app discussion hides the real problem:

What do we do with the positively tested individuals?
(What do we do with the suspects between test and result?)
Send them home “to quarantine”? Bus or Metro? [1]
Those without symptoms, too?

The app hype is pure activism until we identify (and solve) the basic issue(s).
– Let alone now an app would shut down any “liberated” economy within days.

[1]
An anecdotal (news) story from our capital (small island, not Madrid):
In the very early days (Feb) a tourist from Italy felt seriously sick, took a taxi to the hospital. Test and contact information was taken, the guy went home to his hotel by an other taxi. The other day, when they tried to call him in (test was positive), it turned out he was already back in the hospital, brought in by ambulance during the night before.

Fact:
Today 24% of our healthcare professionals (about 500 people) are GRETA-19 positive.
Why?
Because these people always rush to help, PPE or not, it’s their heart, not brain.

myliit • April 19, 2020 9:00 PM

https://www.nytimes.com/2020/04/15/opinion/coronavirus-surveillance-privacy-rights.html

“ Surveillance Won’t Stop the Coronavirus

Access to adequate health care, including protective equipment and sufficient testing, will do more good than another hackathon.

In the Moria refugee camp in Greece, one tap is shared among 1,300 people. Social distancing is difficult to do. Refugee communities from Kenya to Bangladesh, Lebanon and Syria are vulnerable to the spread of the coronavirus.

The answer to stopping the virus is not increased surveillance through new technology or preventing access into the camps for medical personnel. Instead, we need to redistribute resources and ensure access to health care for all people, regardless of their immigration status. …”

M.T. Carrasco Benitez • April 20, 2020 1:58 AM

European Parliament

European Parliament resolution of 17 April 2020 on EU coordinated action to combat the COVID-19 pandemic and its consequences

M.T. Carrasco Benitez • April 20, 2020 2:02 AM

Cartoon illustrating DP-3T

M.T. Carrasco Benitez • April 20, 2020 2:58 AM

DP-3T cartoon credits: Nicky Case

Original source of the cartoon – CC0/Public Domain

Clive Robinson • April 21, 2020 6:59 AM

@ Sancho_P,

Because these people always rush to help, PPE or not, it’s their heart, not brain.

And that’s why politician’s abuse them in so many ways, like low pay and working conditions oh and as in this current time littlevor no PPE of any worth in protecting them.

@ myliit,

“Access to adequate health care, including protective equipment and sufficient testing, will do more good than another hackathon.”

For the citizens and refugees yes, but certain “types” in the nonelected side of Government…

You would have thought that people would have learned lessons from the activities of the first director of the FBI… But apparently not, which is why they are still doing it and worse.

JonKnowsNothing • April 21, 2020 12:45 PM

A report from The Intercept has some interesting bits about how prisons (USA) are using speech-to-text (human transcription probably rather than machine transcription) to find “COVID19 keywords” in phone calls made by incarcerated persons.

The article details a company/product: “LEO Technologies known as Verus”.

a system that can mitigate the effects of the COVID-19 pandemic across our nation’s jail and prison facilities” by alerting prison authorities to sickness-related conversations between inmates and the outside world”

“It automatically downloads, analyzes, and transcribes all recorded inmate calls, proactively flagging them for review…near real-time intelligence

conversations are captured for mentioning a “cough” or “sneezing.”

Verus system operates in at least 26 facilities in 11 states, including uses not specific to the coronavirus

prisons use Verus by telling their phone service provider to share call data with LEO Technologies; LEO then routes this data through Amazon’s cloud computing division, Amazon Web Services, to obtain call transcripts, which are then shared back to LEO for keyword analysis by its staff.

the company is part of the “AWS partner network,” an Amazon initiative that “helps companies build, market, and sell their AWS offerings by providing valuable business, technical, and marketing support,” per an Amazon web page.

Verus has to date transcribed 84,068,940 minutes of calls: 159 years of transcribed speech.

I don’t think we really need an app at all.

ht tps://theintercept.com/2020/04/21/prisons-inmates-coronavirus-monitoring-surveillance-verus/
(url fractured to prevent autorun)

myliit • April 23, 2020 3:10 PM

@Clive Robinson

“You would have thought that people would have learned lessons from the activities of the first director of the FBI… But apparently not, which is why they are still doing it and worse.”

Somehow I imagine our president is all for surveillance or surveillance apps that can be weaponized against his real or perceived enemies, too. This is speculation, but with a firehose of noise emanating from the white house, perhaps our president is good at keeping many of us distracted.

It his hard to want to give up what little, if any, privacy is left in the USA to our president or his administration, or to our president’s own or his inherited “deep state”. Here is a short excerpt, from, imo a long and fascinating interview.

https://www.npr.org/2020/04/15/834874400/in-deep-challenges-president-trump-s-notion-of-a-deep-state-conspiracy

“… GROSS: Some people are concerned that President Trump is dismantling parts of American democracy and leading us in a more authoritarian direction. Do you share those concerns?

ROHDE: One former Trump aide who worked very closely with him told me that he fears that Trump is sort of increasingly frustrated and isolated, that when Trump wanted to pull U.S. forces out of Syria, he would, you know – told his aides he wanted to do this. And there would be all these kind of arguments against it from different experts in the military or from the State Department. And Trump would be like, no. I want to pull all U.S. forces out of Syria. He is the president of the United States and, if they’re legal, has a right to carry out these policies. But this person noticed that Trump was beginning to tweet more and more of his orders, what he wanted done and – because Trump feared that if he just told people in private, it would never happen. And that’s a really, really bad way to carry out government policy. You have no consultations, no thoughts of what’s going to, you know, happen a month, a year after this policy is carried out.

I’m not in the president’s head. I don’t know if he sort of dreams of being an authoritarian or if he just feels that he’s under siege from Congress and the media and they’re all biased against him, but whatever’s driving this dynamic, I do think it’s kind of undermining the checks and balances. And I think that’s very dangerous for American democracy. Concentrating too much power in any single branch of government in the United States – we’ve seen this in the past – you know, is a recipe for authoritarianism or corruption.

GROSS: So your book is about the deep state – President Trump’s claims about it, does it really exist. Do you feel like the president is creating a deep state of his own?

ROHDE: I do, and that’s really what I fear. And I don’t know if, you know, this is a calculated thing by Trump or if he’s just reacting to the political maelstrom around him, but he’s – sort of under the guise of stopping a coup that doesn’t exist – Trump is steadily upending the checks and balances that have really protected American democracy for centuries now. He’s politicizing the Justice Department and other parts of the government to protect his friends and attack his enemies. And he’s basically creating a parallel shadow government filled with loyalists.

Rudy Giuliani is sort of a private citizen carrying out this shadow foreign policy. Sean Hannity is a private citizen acting as a communications arm of the White House. And none of them, you know, have to answer government accountability government disclosure laws. They can all carry out their work in secret. So ironically, Trump is creating, you know, a shadow government without transparency, without democratic norms, without any kind of public process. And he’s creating a deep state of his own.

GROSS: Let me reintroduce you. If you’re just joining us, my guest is David Rohde, executive editor for news at The New Yorker online and author of the new book “In Deep: The FBI, The CIA, And The Truth About America’s ‘Deep State.'” …”

myliit • April 23, 2020 3:26 PM

https://www.eff.org/deeplinks/2020/04/telling-police-where-people-covid-19-live-erodes-public-health

Telling Police Where People With COVID-19 Live Erodes Public Health

In some areas of the United States, local governments are sharing the names and addresses of people who have tested positive for COVID-19 with police and other first responders. This is intended to keep police, EMTs, and firefighters safe should they find themselves headed to a call at the residence of someone who has tested positive for the virus.

However, this information fails to protect first responders from unidentified, asymptomatic, and pre-symptomatic cases. It may also discourage people from getting tested, contribute to stigmatization of infected people, reduce the quality of policing in vulnerable communities, and incentivize police to avoid calls for help because of fear of contracting the virus.

In response to the current health crisis, some governments are seeking to collect and deploy personal data in new ways that are untested or ineffective, including by means of face recognition, geolocation tracking, and fever detection cameras. Such new tactics and technologies must be closely evaluated to determine whether their use is justified, minimized, transparent, and unbiased. Sharing the home addresses of people who have contracted COVID-19 with first responders does not pass muster. …”

Tom • April 24, 2020 5:03 AM

Some good resources on the topic. kudos to DP-3T:

https://www.youtube.com/watch?time_continue=341&v=z30nhzQqk2g&feature=emb_logo
https://github.com/DP-3T/documents

Thorton • May 17, 2020 10:35 AM

Contact tracing apps, can easily be weaponized.

For a group that you would like to suppress, like protesters, all you have to do is introduce a smart phone to the area of the protesters, and everyone in that group will be identified as being exposed. This will cause that group to go into isolation (either voluntarily or involuntarily as WA is rolling out)

It’s too easy to abuse this. Even if it is completely anonymous or voluntary. Also, it seems extremely unlikely that it’ll be anonymous (for our safety it’ll be more effective it is not anonymous).

Adamz Sendler • April 20, 2022 3:24 PM

I am sure it is always safer to turn to a professional service, especially for those who do not have enough time.

ITSolutionsGuides • November 28, 2023 8:41 AM

Welcome to IT Solutions Guides, your comprehensive destination for mastering the intricate world of Information Technology. Dive into our rich repository of step-by-step tutorials, meticulously crafted to demystify networking, cybersecurity, programming, and beyond. Whether you’re a novice or seasoned pro, our expert guides cater to all skill levels. Stay ahead of the curve with practical insights, troubleshooting tips, and hands-on demonstrations. Join our community of IT enthusiasts, and empower yourself to navigate the ever-evolving tech landscape. Explore, learn, and conquer with IT Solutions Guides – where knowledge meets innovation, and expertise paves the way forward.

Schneier on Security

Contact Tracing COVID-19 Infections via Smartphone Apps

Comments

Leave a comment Cancel reply