Read on Twitter
1/9: Given that I just got rather annoyed, I feel that some really clear explanation is now needed to explain why the idea of reviving the re-identification ban is such a very bad idea, and why it's important right now. https://twitter.com/Kobotic/status/1265094747690897408
2/9: One of the most concerning aspects of Aus's proposed re-identification ban was that it criminalised not just *doing* re-identification but also *counselling* re-id, which I took to mean 'explaining to other people how easy it was,' though there was no formal definition.
3/9: Here in Aus we have a tremendous and unprecedented open public discussion about the technical details of a piece of government software. The privacy implications of the #CovidSafeApp have been explained in superb detail by a committed and diverse group of tech specialists.
4/9: In 15 years of security and privacy research in Aus, I've never seen anything like it. There are more people examining the details and explaining the implications than I saw get interested in e-voting, Digital ID, and everything else combined.
5/9: This has had two great benefits:
(1) bugs have got fixed, and
(2) intelligent democratic discussion of the issues has occurred.
@jim_mussared @noneuclideangrl @xssfox @GeoffreyHuntley @yaakov_h @wabzqem
#Auspol
(1) bugs have got fixed, and
(2) intelligent democratic discussion of the issues has occurred.
@jim_mussared @noneuclideangrl @xssfox @GeoffreyHuntley @yaakov_h @wabzqem
#Auspol
6/9: Of various privacy concerns with #CovidSafeApp, the one that has got the most attention is the inadequate rotation of TempIDs and other data, which allows Bluetooth-based tracking. People have explained how this happens, how it could be exploited, and how and why to fix it.
7/9: *Exploiting this privacy bug is re-identification.*
So reigniting the possibility of outlawing 'counseling' of re-identification directly threatens the good people in the open source community who have been working so hard to explain & fix the problems in #CovidSafeApp.
So reigniting the possibility of outlawing 'counseling' of re-identification directly threatens the good people in the open source community who have been working so hard to explain & fix the problems in #CovidSafeApp.
8/9: And actually demonstrating the bluetooth-based tracking associated with #COVIDSafeApp would be outlawed if re-id was banned, regardless of whether the 'counselling' clause was retained.
9/9: I know that @ja_clarence didn't advocate the 'counseling' ban, and her analysis wasn't directed at Bluetooth-based tracking, but I think it's a good example of how the consequences of a suggestion that inhibits public disclosure can be very bad and very far from the intent.
