Regarding privacy design, contact tracing apps, and trade-offs: /1
It is POSSIBLE to design a contact tracing app which maintains all contacts in encrypted storage on the phone, and only shares any of it at all with health workers after the user consents. /2
It is also POSSIBLE to design a contact tracing app which maintains no local storage at all, and simply streams unencrypted data about everyone nearby to a government-run server. /3
Obviously those two cases both enable contact tracing by health workers, so they both meet the functional spec of "a contact tracing app." But they also, obviously, have different privacy risks. /4
The Government addresses those risks by regulation: If something is on a government server, it should be illegal to do anything with it other than COVID-19 contact tracing. /5
Their attitude is that if you have a system with obvious privacy risks, but you make exploitation of those risks illegal, then the privacy risk is ameliorated. Which is fine as far as it goes. /6
Except we know from other privacy-sensitive technology forays that the Government is actually full of bad actors -- In particular, the AFP has shown virtually nil desire to follow the law in relation to data retention. Grabby hands, they want all of it even if it's illegal. /7
Out of those two design approaches outlined above, *IN THE PRESENCE OF LAWFUL ACTORS* the Government's regulatory action makes them equivalent. But in the presence of actors who are indifferent to what the law says, the first approach is obviously superior. /8
Repeated, for the avoidance of doubt: Both approaches are equally capable of supporting contact tracing efforts. You can enhance privacy without any cost to efficacy. Both will "work" equivalently. /9
But one of them requires trust to be invested in a government that never earns it; A government that behaves as if it deserves trust simply by demanding it, even though it routinely runs roughshod over it. Thousands of times per year, in the case of data retention. /10
I don't trust them at all. So I'm reluctant to use their app. /11
Given that it's now apparent that the app won't work at all unless it's in the foreground on an unlocked phone, it's very clear that it's somewhat pointless anyway. So the negatives involved in putting my privacy reluctance into action are pretty minimal. /12
That is: Because it's so unlikely to work even if uptake is high, it costs society nothing if I selfishly raise my own privacy objections and decline to participate. /13
The Government doesn't deserve trust. If they wanted trust, we've had more than a week of discussion about how they might earn it, and they've failed to listen.

So, based on what I know at 2:03pm EST on Apr 26 2020, I won't be installing the app. /13
I'm looking with interest at what the Google/Apple partnership comes up with. It appears that that'll enable contact tracing and preserve privacy even in the face of bad actors violating laws. If it becomes viable, I'll consider using that approach instead. /14
But I won't be installing COVIDsafe. /end
You can follow @NewtonMark.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more