Comments

Clive Robinson September 13, 2021 11:07 AM

@ ALL,

“Such an expectation fails to take into account that isolation—and sometimes even seeking care when ill—is much harder for some populations than others.”

What many do not realise is that “middle class” under 40 year olds are in an awkward position.

Either they live in their parents homes making an undesirable “multi-generational” home. Or they move into accommodation where they live on their own.

The result in London is that small 1930’s “family homes” that are as little ad 900Sqft are being converted into either “Houses in multiple occupation” with small bedrooms and tiny shared bathrooms and kitchens (think 6ftx6ft) and two extra bedrooms in the roof). Or are being converted into between two and four flats.

The assumption being they are “sleep only” homes and that the people will live outside of them either at work or in social spaces.

So there is not the space for issolation, let alone shelter at home if you are a vulnerable person.

But with as many as 12 individual housing units well within BlueTooth range, phone based apps are not going to function at all well, and false positives will be high.

A “cods-up” in the UK system created a “ping-storm” where people were getting told to issolate over and over again. The result many in effect turnd the apps off or ignored the warnings so the system quickly became usless.

The question then becomes what is the “threshold” where people loose confidence in the system so start to ignore it entirely?

Because if the system can not be designed to stay well below that threashold, then the system will become worse than usless.

Because it will act as a tipping point. Once a person ignores the app they will start to disregard other health warnings such as washing hands, wearing masks, giving people distance, and ventilating etc.

Jimbo September 13, 2021 3:19 PM

Bruce,
Did you mean “equity of contact-tracing smartphone” rather than “equity of contract-tracing smartphone”

SpaceLifeForm September 13, 2021 5:06 PM

@ Jimbo, ALL

There is an App for that.

hxtps://www.twitter.com/XorNinja/status/1437302542547914758

Hanoi citizens currently have to apply for a COVID movement pass in order to go outside.

Each pass is QR code containing the holder’s name and dates they’re allowed to go out. The data are signed with RSA, to prevent fake passes.

@0xfatty
found that it’s using 512-bit keys =)

hxtps://www.vox.com/platform/amp/recode/22623871/walgreens-covid-test-site-data-vulnerability

If you got a Covid-19 test at Walgreens, your personal data — including your name, date of birth, gender identity, phone number, address, and email — was left on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens’ site to collect. In some cases, even the results of these tests could be gleaned from that data.

JonKnowsNothing September 13, 2021 5:53 PM

@All

Getting pinged to isolate does not necessarily register you with the COVID Counting Authorities. Loads of folks are pinged to self isolate.

An unexpected outcome of riding out a COVID infection solo, without having an official COVID test result, is that in some health care systems the person will be denied post-COVID healthcare-support (aka Long COVID) without an official logged and registered test result.

Pings alone don’t count.

David September 13, 2021 8:56 PM

“found that it’s using 512-bit keys =)”
Not hard to forge, but in Vietnam getting caught forging a government certificate could have a harsh penalty

Clive Robinson September 13, 2021 11:19 PM

@ SpaceLifeForm, David,

found that it’s using 512-bit keys =)

There is a distinct possibility the authorities figured, the equivalent of, “if you have sufficient hardware and knowledge” you are probably a very rare outlier. So you would be near enough a “compleate nerd”, so have no “real life” in which to get infected in the first place… (remember SARS-2 is like nearly all pathogens a “social disease”).

The reality is yes you could forge a pass, that’s been true for as long as mankind has been writing things down. However security “costs” in terms of resources and capabilities.

A sensible person draws a line where some fraud is still possible but the cost to the fraudster is way higher than the gain.

The pass is actually an “administative device” designed to “discorage”, in the same way “Most locks are made to keep honest people honest”. That is it raises enough of a barrier to keep the number of people moving around to a sensible minimum.

I suspect the pass system is sufficiently weak that there are other much less resource intensive ways to get around them (like a bribe etc).

After all do we know if the QR codes even have a unique serial number that ties back to a validation database? I suspect not, other than for “book-keeping” rather than “security”.

Why? Because I rather suspect the system has been designed to work entirely “Off-line”. Thus checking can be done by the equivalent of an app running off of a low power Smart Device not even runing a Microsoft OS.

The reality is they want a “quick go / no-go” system that works very much like a digital thermometer does “point and click at arms length or further” and gives a near instant answer.

Jim Mussared September 14, 2021 1:19 AM

The third paragraph seems to suggest that Australia uses a decentralised system (specifically AGEN), but this is not correct. The Australian app, COVIDSafe, is a centralised design (based originally on Singapore’s TraceTogether) and has been plagued with privacy and functionality issues. See https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md for the full list.

Additionally, the (federal) legislative protections introduced in Australia for COVIDSafe (as mentioned in the article) did not cover the (state-based) check-in systems. Predictably this led to the data being used for the wrong purposes (e.g. law enforcement).

Regardless of how much you think app-based contact tracing can help, it’s quite likely that Australia would have been and ideal testing ground for it (very low case rate…until recently), and it’s a huge disappointment that we missed this opportunity to use GAEN (and potentially avoid a huge number of cases).

Adrian September 14, 2021 11:56 AM

I always like to remind people in these discussions that these apps do not track contacts between people but contacts between smartphones.

It’s good to remember that not everyone has a smartphone. That couples and families sometimes share phones. That not everyone with a smartphone takes it with them everywhere they go. That smartphones aren’t always on. That batteries aren’t always charged. That phones get broken and stolen.

It might be good enough to assume that the location of every human is always equal to the location of their uniquely-assigned charged, working, and switched-on smartphone for these apps to be more helpful than unhelpful. They can certainly detect true positives. But one has to keep in mind that an absence of notifications is meaningless.

Clive Robinson September 14, 2021 12:16 PM

@ Adrian,

I always like to remind people in these discussions that these apps do not track contacts between people but contacts between smartphones.

Not even “contacts” bluetooth can work from one office building to another office building on the other side of a four lane street…

Robin September 15, 2021 2:23 AM

@Adrian, your points are valid and it’s easy to come up with a few more in the same vein. But the point overall is that, on average, contact tracing apps contribute to making the environment a bit more hostile for the virus. So even if they are not universally used and not ideal in how they operate, can they have a useful role to play? And a bit like hand-washing, the ubiquity of QR codes in one form or another is a constant reminder that the virus is still around.

What needs to be closely studied are the undesirable side effects. If the system is not fair what are the costs (in every sense) of mitigating that? Are there aspects that work against the goal?

Sut Vachz September 16, 2021 8:49 PM

Another way to use tracing, as pro-active information

“NOVID goes beyond contact tracing. Get notified before you’re exposed, so you can take precautions and protect yourself.”

https: //www.novid.org

Sut Vachz September 18, 2021 8:57 AM

Even if one could untangle the graph of proxies and relate it to potential medically significant contacts, the question remains whether the “root of contact” is actually infectious.

A positive PCR test is not any more than a hint that the subject is infectious, and even common symptoms may be from another issue, and the concurrence of PCR test and symptoms a coincidence.

A real virus-identifying test and estimate of medical condition are needed to make contact tracing of value.

However, if there were a field deployable sensor for these, then contact tracing would be of little interest, since everyone could just ” take their temperature” as it were and know their status.

Such devices, based on nano-electronics, have been demonstrated in labs for around a decade but don’t seem to have made it into use.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.