1/9: Given that I just got rather annoyed, I feel that some really clear explanation is now needed to explain why the idea of reviving the re-identification ban is such a very bad idea, and why it& #39;s important right now. https://twitter.com/Kobotic/status/1265094747690897408">https://twitter.com/Kobotic/s...
2/9: One of the most concerning aspects of Aus& #39;s proposed re-identification ban was that it criminalised not just *doing* re-identification but also *counselling* re-id, which I took to mean & #39;explaining to other people how easy it was,& #39; though there was no formal definition.
3/9: Here in Aus we have a tremendous and unprecedented open public discussion about the technical details of a piece of government software. The privacy implications of the #CovidSafeApp have been explained in superb detail by a committed and diverse group of tech specialists.
4/9: In 15 years of security and privacy research in Aus, I& #39;ve never seen anything like it. There are more people examining the details and explaining the implications than I saw get interested in e-voting, Digital ID, and everything else combined.
5/9: This has had two great benefits:
(1) bugs have got fixed, and
(2) intelligent democratic discussion of the issues has occurred.
@jim_mussared @noneuclideangrl @xssfox @GeoffreyHuntley @yaakov_h @wabzqem
#Auspol
(1) bugs have got fixed, and
(2) intelligent democratic discussion of the issues has occurred.
@jim_mussared @noneuclideangrl @xssfox @GeoffreyHuntley @yaakov_h @wabzqem
#Auspol
6/9: Of various privacy concerns with #CovidSafeApp, the one that has got the most attention is the inadequate rotation of TempIDs and other data, which allows Bluetooth-based tracking. People have explained how this happens, how it could be exploited, and how and why to fix it.
7/9: *Exploiting this privacy bug is re-identification.*
So reigniting the possibility of outlawing & #39;counseling& #39; of re-identification directly threatens the good people in the open source community who have been working so hard to explain & fix the problems in #CovidSafeApp.
So reigniting the possibility of outlawing & #39;counseling& #39; of re-identification directly threatens the good people in the open source community who have been working so hard to explain & fix the problems in #CovidSafeApp.
8/9: And actually demonstrating the bluetooth-based tracking associated with #COVIDSafeApp would be outlawed if re-id was banned, regardless of whether the & #39;counselling& #39; clause was retained.
9/9: I know that @ja_clarence didn& #39;t advocate the & #39;counseling& #39; ban, and her analysis wasn& #39;t directed at Bluetooth-based tracking, but I think it& #39;s a good example of how the consequences of a suggestion that inhibits public disclosure can be very bad and very far from the intent.