So what would entice you to install/enable a covid-19 App?

So what would entice you to install/enable a covid-19 App?

In the UK, where they’ve developed their own centralised App, (see what .ico says) it is expected that people will download the App in the name of ‘civic duty’. Sounds very British 😉

Apparently the Australians have also developed their own App, and I’d be surprised if ‘civic duty’ would motivate Australian citizens 😉

However, the one developed to be installed as a default on the Apple and Google phone, a decentralised version, could trigger the user to enable so that they can detect if they are in the proximity of an individual who could have covid-19, i.e. they’ve been in the proximity themselves with a covid-19, on one who has developed symptoms.

You know I wouldn’t be surprised if UK citizens did actually install on the basis mentioned above, to have a ‘civic duty’ is a key British value 🙂

What will motivate most outside of the UK though would be the idea that they can -as much as is doable- continue a normal life, and minimise the risk of becoming one of the statistics for covid-19.

Mentioned above are 2 models, centralised and de-centralised. In the centralised model the phone sends data to a government authority which will be compiling stats to understand the spread of the virus. It is claimed that no personal data is collected, i.e. it is anonymised. In the latter model the data stays on the phone.

The centralised model is only privacy friendly, if the data sent is truly anonymised, which I am sceptical over. At least at this stage, even if the intentions are true, I have yet to see a process which can really anonymise data, i.e. there is in fact, to my knowledge, no industry standard on the anonymisation process, which is mulitple steps of: de-identification, masking, obscurification, etc., to make it impossible to revert back. In fact it will always be possible to revert back unless the keys used for each step are securely disposed.

When I ask myself if I would install/enable the App? For covid-19, probably not. I live on an island, and there’s no bridge to the mainland. I don’t consider myself to be a risk group. However, if I were a risk-group, I would enable the Apple App, the privacy friendly one. Although who knows my ‘civic duty’ could jump in (as a British ex-pat) if the pandemic fatality rate was much higher and a sense of panic sets in.

Whistleblowers & ‘transitional data’ the way forward?

Natasha Lomas at TechCrunch talks about how “Systematic Surveillance Will Eat Itself“. She talks about how there is some positives product from this surveillance epidemic. In main it is represented by:

1) whistleblowers, e.g. Edward Snowden; and,

2) the rise in ephemeral type technologies that place information online in a more transitional, temporary state than what is normal today.

My take is more the move towards a ‘transparent’ society, but I am now thinking that maybe this is either the compromise, end-point that we come to, or maybe a stopping house on-route to transparency. The reason why I really do not see a strong place at this ‘half-way house’ is because it is still assuming that governments are lying to its citizens and the rest of the world, and hence the need for whistleblowers (who pay a hefty personal price for their efforts) and hence the need for ephemeral type technologies for the citizen to cover their backs… not cool!

You are being watched!

Interesting TEDx talk from 2012 on surveillance (thanks Dave Eddey down under ;-)). What Christopher Soghoian basically says is that you are being watched. Internet companies hang on to our personal information for as long as is practicable. When they receive a request from government requesting information on users, they have no choice but to comply. There is a couple of the Internet companies that have tried to inform users of these orders, one of these was Twitter. Want more info? Then grab a coffee and take 5 😀

[youtube http://www.youtube.com/watch?v=esA9RFO1Pcw&w=560&h=315]

More on Snowden

There has been another Guardian exclusive – online access to Snowden Q&A that is worth a look if you’re just a little intrigued by all the excitement. Make yourself a cup of coffee first though 😉

What seems to be clear is that when Snowden says NSA has direct access to the 9 main Internet services, he means direct access. When questioned about denials made by Google, Facebook, Apple, etc., his response was that they had no choice. It seems they have some sort of ‘gagging’ order and break the law by admitting to these top-secret operations.

Dilemmas concerning privacy

There’s a really fun article written by Daniel Sandström in the Svd Culture section (16 June). SvD is one of the two main Swedish national newspapers. It is in main about the dilemmas we face as 1) a citizen and, 2) consumer. It is about how our selfish choices made in the guise of (2) are in fact contrary to what we demand as (1).

For you non-Swedish speakers – The first paragraph talks about how Amazon dealt with the news that they had illegally allowed an e-book to be on their site. They removed it from all devices. It is quite funny because it was George Orwell’s 1984 😀

He discusses briefly PRISM, this I mention at the end of my previous post. This is an agreement between the main cloud, social networking spaces on logging/tracking. Main companies included are: Google, Facebook, Apple….. yep, all those places you share your personal information, including who is your family, who is your close friends vs. FB friends, maybe who you are drinking, sleeping with… oh my what a gold mine for our governments! And we share this information with pleasure. It really is irrelevant on your privacy settings here because the US government via the Patriot Act can request this personal information about you. He doesn’t mention this last part though.

Daniel talks about the choices he has made, i.e. he purchased a digital reader, after he forgot the ethical implications of what Amazon had done a couple of years ago. He states he placed his personal comfort over his principles.

He then continues to discuss how we as citizens want the cheapest food and share our buying habits for this privilege, but then complain that the government is tracking our communications! He says how we want cheap clothes for our children, but then protest at the atrocities going on in the sweat houses in India, etc., to produce these products. We still continue to purchase cheap clothes

Daniel’s leaving point is potent and true. He says that for himself he needs to think more seriously if he really will live for his comfort, or live as he has learnt, i.e. by principles. Clearly Snowden’s name popped up in this article, as he lived as a citizen and for freedom of the citizen.

NSA leak scandal and Snowden

What a mess with all these emotions flying around on Ed Snowden and his actions. In the one camp are those proclaiming Snowden as a traitor, and in the other extreme camp, he is a hero, a whistleblower!

The fact that the US are wire-tapping has been known for years, it’s just that the fact has never been made official. In my book Virtual Shadows published quite some time ago in 2009, there is a section just on this

“US wiretapping practices
The US government has led a worldwide effort to limit individual privacy and enhance the capability of its police and intelligence services to eavesdrop on personal conversations. The Communications Assistance for Law Enforcement Act (CALEA) sets out legal requirements for telecommunications providers and equipment manufacturers on the surveillance capabilities that must be built into all telephone systems used in the United States.” (Virtual Shadows, 2009)

Then there is “another program, known as PRISM, has given the NSA access since at least 2007 to emails, video chats and other communications through U.S. Internet companies to spy on foreigners. American emails inevitably were swept up as well.”

There have been some embarrassing exposure before the Snowden escapade, for example “Mathematician William Binney worked for the National Security Agency for four decades, and in the late 1990s he helped design a system to sort through the digital data the agency was sucking up in the exploding universe of bits and bytes. When the agency picked a rival technology, he became disillusioned. He retired a month after the terrorist attacks of Sept 11, 2001, and later went public with his concerns.” As reported by the Los Angeles Times. Blinney called this a “digital dragnet”.

My opinion?
So what’s my take on all this. Well you should know me by now, I am a fervent believer in transparency. I believe that trust can only be built on a foundation of transparency. Clearly although the governments around the world need to ‘protect’ their citizens. But why can’t they just tell them what they are doing? “We are tracking your communications”. We are pulling information from your Facebook profile if a threat to national security is felt. Just as in the EU, data subjects should have a right to know when their personal information is being accessed. They should be informed… period.
This means they continue with their activities, but are transparent in their operations. The fact is most people don’t really seem to care. They most are selling their buying habits today for a free chicken in their shopping trolley 😉

Am I a supporter of Snowden’s actions as whistle-blower. Yes I am!

CISPA

Cyber Intelligence Sharing and Protection Act (CISA) is not aligned with civil and privacy rights of the individual according to privacy advocates such as Electronic Frontier Foundation and Avaaz.org.

Neither Microsoft or Facebook support this bill. Imagine that everything you post on FB to be available for government authorities? Fine if you trust them I suppose, but I don’t.

Why is not crowdsourcing used more in the fight against terrorism? Transparency and the power of the people, of whom most want a safe society could provide an all encompassing safetynet. Crowdsourcing for example is starting to be used to locate missing persons and children, it is very powerful. There are so many people out there that can make a positive difference to this broken world we live in.

There is innovation outside of academia!

David Lacey has posted that he feels that the future of security lies in academia. I don’t agree entirely.

The reason being that I have been excited by the work done by HP Labs for example, particularly in the scope of trusted computing and the TPM module. Then Intel that have since 3-4 years been shipping chips with built-in security. I call it security bottom-up. From the top-down is products such as HP’s Arcsight, that can not only log everything that moves or not, but also correlate in a way so as to present otherwise unmeaningful data in a meaningful way via a compliance dashboard. This type of security is particularly interesting for military and any organization wanting to track (big or little brother) in an intelligent way everything happening within the boundaries of their world. Clearly this is against everything I believe in as a privacy advocate, but that is another post 😉

However I do understand where David is coming from. We are realizing that “ticking boxes” is not an effective way of proving you are secure, it doesn’t even prove you are compliant. All it does is shows you are following one or more processes that demonstrates “you have tried your best” nothing more. This is not the way forward.

The way forward is proving you are secure and this is only achievable by building security into the heart of everything digital, by doing this even the human-aspect of information security maybe obsolete in the future, especially as biometric form of authentication become more accepted, and contextual authentication key to achieving the vision of BYOD or what I prefer to call “any device anywhere” that is driving the type of security being implemented by some verticals such as telecommunications and healthcare today.

All of this is achievable today. Intel have as daughter companies McAfee and Nordic Edge. Both are, with the help of Intel building security at the “chip level” for their products. Go and take a look. Also check some posts I made in December, lots there on the cool security stuff going on in industry.