
Germany flips to Apple-Google approach on smartphone contact tracing - kjhughes
https://www.reuters.com/article/us-health-coronavirus-europe-tech/germany-flips-on-smartphone-contact-tracing-backs-apple-and-google-idUSKCN22807J
======
svat
Summary: Germany is moving away from a centralized approach (PEPP-PT = Pan-
European Privacy-Preserving Proximity Tracing) to a decentralized one (like
DP-3T = Decentralised Privacy-Preserving Proximity Tracing).

A nice comic version of DP-3T, by Nicky Case, is available here:
[https://ncase.me/contact-tracing/](https://ncase.me/contact-tracing/)

(But is the Apple-Google protocol identical to DP-3T, or does the headline
mention “Apple-Google approach” just for simplicity? I heard there are some
minor differences…)

~~~
0xBeefFed
There are some differences. DP-3T proposes two different systems, one with
linkable tokens and the other without linkable tokens. The first system is
similar to Apple-Google in the sense that your tokens for a day are derived
from a key which is uploaded to a central distribution server when you test
positive. In the second system the tokens are not linkable and they propose
the use of a Cuckoo Filter to reduce the space complexity. A Cuckoo Filter is
a probabilistic data structure that can tell you if an item is not or might be
in a set. As a result there are some false positives.

DP-3T also explains how records are uploaded to a central server and the
interactions with health-care providers. Apple-Google omit this part and focus
on proximity data collection.

Edit: Formatting + I wrote a survey paper on a few of the distributed
protocols and how they defend against linkage attacks (de-anonymization):
[https://github.com/robertTheHub/ContactTracingSurvey/blob/ma...](https://github.com/robertTheHub/ContactTracingSurvey/blob/master/ContactTracing.pdf)

~~~
matthewdgreen
It seems unlikely that anyone will deploy a version of DP-3T that differs
significantly from the approach built into Android and iOS, due to the need
for apps to obtain special permissions to run in the background. So the
alternative variants that go under that brand are probably a dead letter.

~~~
mschuster91
> So the alternative variants that go under that brand are probably a dead
> letter.

Government-mandated alternative applications will probably be excepted, too.

~~~
pgeorgi
That's what INRIA and Fraunhofer thought as well, yet their approach is now
dead.

~~~
mschuster91
The Fraunhofer approach with centralized data collection is dead because they
got a shit-tornado from researchers and the experienced general public.

------
colinjoy
Once more a reminder that we are lucky to have the CCC in Germany.

I attribute this in no small part to their continuous lobbying and sisyphean
efforts on the fringes of technology and civil rights.

Thanks!

[https://www.ccc.de/en/updates/2020/contact-tracing-
requireme...](https://www.ccc.de/en/updates/2020/contact-tracing-requirements)

~~~
peteretep
It seems that a simpler attribution chain, and one mentioned in the article,
is simply that Apple said no.

~~~
exhilaration
Can you explain what Apple said no to? The article doesn't spell it out.

~~~
peteretep
Apple said no to allowing apps to do Bluetooth handshakes when they’re not
open, as I understand it.

------
darkerside
Kudos to Apple for not budging on this. A senior dev once shared a bit of
wisdom with me. That developers don't typically hold all the power, but the
point of leverage we do have is that in the end we are the ones who actually
are going to build it. Disagree with PM on a feature? If you feel strongly
enough, you build it your way until they remove you from the project. YMMV.
Skate at your own risk.

Anyway, that's essentially what Apple seems to have done here. Strong move,
and one they should be rewarded for.

~~~
bshoemaker
That's a really passive aggressive way to build what you think is right...
Have some backbone and learn to defend your perspective directly.

~~~
levosmetalo
Passive aggressive way is sometimes the only possible way when the imbalance
of power is so overwhelming that you don't even get the possibility to express
your perspective, let alone defend it directly.

~~~
darkerside
You always have the power to express your perspective. Although sometimes it
can take some skill to express it well without getting yourself in trouble.

~~~
rstuart4133
Yeah, but your perspective can be just ignored. A story:

I was asked to write an invoicing system. I know a _lot_ about invoicing
systems. The owners who employ me were very explicit: all figures this
invoicing system displays must exclude gst/vat. That made sense to them,
because gst/vat just confuses their profit figures.

However, the whole point point of an invoice is to communicate to the customer
what they will be paying and why. The customers in this case are retail. They
are interested in only one figure: what comes out of their bank account. That
figure includes gst/vat of course.

As part of this I asked to see what they were doing now. The old system they
were using did adhere to their edict: everything was ex gst/vat. As a
consequence every person who customer facing (ie, the the vast majority of the
employees) carried a calculator to convert the figures to what the customer
wanted as they spoke with them. It looked difficult to me, but evidently madly
stabbing calculator buttons while maintaining a smooth flow of conversation
must be a skill most people can acquire.

This was insanity of course: we could save the bulk of the organisation time
and considerable fustraton by just giving these people the figures they
needed. So I very explicitly ignored their direct instructions. Note: I had to
ignore it, as I had already lost the argument. In due course it was rolled out
for testing. I went down a month or two later. The calculators were gone,
people were expressing their gratitude. Not a word was said by my managers,
and I duly been rewarded every year with raises.

I am an professional. I am hired very explicitly because I know far more about
computer systems than the people who hire me. Like a doctor who refuses to
prescribe opioid's, I view as my duty to steer them them in the right
direction even when they don't want to be steered. If that requires putting my
balls on the line and refusing to budge, so be it. They can always fire me if
I've made a grave error.

~~~
darkerside
What I think gets missed here is that there could be a hidden requirement you
don't know about. Were the owners using this invoicing system for internal
accounting as well? Making that clear could have helped even more people do
their jobs well.

Typically I find the cure for misinformation is more information.

------
unishark
> Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT)

Another problem with this standard is its overuse of plosives, which are
themselves dangerous when disease is spread by droplets.

~~~
andybak
My god. You're on to something. We don't have to ban gatherings, merely
gatherings with particular consonants.

I'm off to arrange my birthday arty.

~~~
Asraelite
Careful there, I think you mean virthay farthy

------
rgovostes
Google and Apple have published a FAQ about how this system, which they're now
calling Exposure Notification, will work from a high level. (This is not the
protocol details, which are published elsewhere.)

Important bit: This will not default to on, you will have to opt in. Apple and
Google have a regional kill switch if it is being abused.

[https://covid19-static.cdn-
apple.com/applications/covid19/cu...](https://covid19-static.cdn-
apple.com/applications/covid19/current/static/contact-
tracing/pdf/ExposureNotification-FAQv1.0.pdf)

------
simonw
Australia next? They're still telling people that in order use the Australian
contact tracing app on iOS they'll have to leave it open and the screen
unlocked! [https://www.abc.net.au/news/2020-04-26/coronavirus-
tracing-a...](https://www.abc.net.au/news/2020-04-26/coronavirus-tracing-app-
covidsafe-apple-iphone-covid-19/12187448)

~~~
dang
Australia thread here:
[https://news.ycombinator.com/item?id=22986147](https://news.ycombinator.com/item?id=22986147)

------
dirtyid
A few thoughts:

1\. There's a fixation on contact tracing without recognition that it's
useless without isolation. In-home isolation will infect other occupants.
Voluntary isolation doesn't scale. Asian countries doing effective
test+trace+isolation already know this. Think of it terms of kill chain
F2T2EA: find, fix, track, target, engage, assess. You have to execute the
entire loop for effect. The ability to force people quarantine is probably a
greater obstacle to liberty depending on local context that needs more
discussion.

2\. This is going to be EU's Huawei moment. Reliance on US tech for internal
policy security that is subject to US political whims is going to cause
further exacerbate calls of technological divestment. Who decides when covid19
crisis is over? What if EU want to keep contact tracing in place long term if
it's the only ubiquitous system in place for reinstating schengen. I surmise
some sort or global digital cordon sanitarie is going to be with us for a
while, especially if we want to resume international travel.

~~~
Eridrus
Any bit of reduced transmission helps. All we need is for R0<<1 and then this
pandemic will end. Any contacts this finds that human contact tracers do not
is a win.

~~~
dirtyid
Unless Asian countries are erring on the extreme side of caution it seems wise
to assume test+tracing is not sufficient for R0<1\. Their effective responses
all employ techno-authoritarian interventions: wrist bracelets, GPS tracking,
publicly releasing travel routes, QR health codes, out of home quarantine etc.
This includes democratic countries. There's an ongoing myopia in the west that
is failing to fully interrogate the solutions from Asian countries who are
doing well in it's full scope and ramifications on liberty and applicability
based on appetite for sacrificing liberty. Media is happy to elevate testing
and contact tracing, without acknowledging the authoritarian followup.

E: I'm just suggesting it's worth discussing the system in aggregate rather
than piecemeal.

------
supernova87a
As someone newly reading about this proposal, I'm curious to know which
element of privacy is most of concern to people -- to educate myself on what
tradeoffs some policymaker might understand and make some judgement call
about. (wishful thinking)

(Suppose someone in charge of virus response is totally naive and says the old
phrase, "what does anyone have to be worried about losing privacy, in the face
of this public health crisis?" Or, "why wouldn't we want to know exactly when
and where the transmission happened, to identify some trouble spot and stop
it?")

Are we more concerned about one's location every 5 min being revealed? What if
coffee shops/bus stations/shopping centers broadcast beacons and essentially
became fixed known users -- doesn't that defeat this? And doesn't your phone
already reveal location to anyone with sufficient access / authority on cell
networks?

Are we more concerned about revealing who you associate with? Again, isn't
that already possible through cell locations?

Are we not losing something by giving up recording the location element of the
transmission event?

What are some examples of how this technology (if implemented wrong) could be
misused, that are not already available?

And here's a related public policy question -- if we think ridiculous the
people who are jumping to reopen businesses (and states) at the cost of
putting people's lives at risk, why is privacy so important versus saving
lives if a more effective (but slightly less private) information gathering
mechanism could be implemented?

~~~
LeanderK
My impression as a german:

Government access to private data: revealing location & contacts. I think
privacy might be the wrong description, I think it's more about surveillance
of the people by the state, which is not acceptable for a huge percentage of
people I know. Privacy is most of the time the better wording, but I think
surveillance is the better fitting term for this occasion.

Just compare it to the DDR (German democratic republic, the communist state).
Is it similar to the surveillance by DDRs Stasi, which tried to track every
move and every word of dissidents?

As an additional point: You can't force people to use the app (as far as i
know). I don't think this is in any way compatible with basic human rights as
formulated by the Grundgesetz (which I support, we are a democracy where the
power comes from the people and not an authoritarian regime). They have to
opt-in themselves. You have to make the app attractive so that people want to
opt-in.

~~~
mytailorisrich
The whole point of contact tracing is to give the government access to
contacts when needed (location is much less important). Experts also say that
to be effective these apps have to be installed on 80% of smartphones [1], so
in practice they have to be made mandatory.

Everything else is a distraction. Either these apps are needed and the above
applies, or they are not and let's forget about them.

[1]
[https://www.bbc.co.uk/news/technology-52294896](https://www.bbc.co.uk/news/technology-52294896)

~~~
LeanderK
> The whole point of contact tracing is to give the government access to
> contacts when needed (location is much less important).

Yeah, but only when needed, only as much as strictly necessary and deleting it
immediately afterwards. I don't think we will allow general surveillance
without a fight with a huge part of the population and fundamental changes to
our society and our way to live.

Also, I don't agree at all. One right doesn't simply cancel another. And a
mandatory app is simply not compatible with our idea of freedom, at least as I
understood our basic law. Maybe in certain situation but a general
surveillance is illegal.

We won't throw away our (liberal) democracy and the rule of law.

You can't set a target and just simply force the population to comply. I think
we can achieve a good penetration without resorting to authoritarian measures.
We have achieved some good numbers so far here in Germany, we can use this to
further fight the coronavirus without turning into an authoritarian regime.
Even our scientists, e.g. Prof. Drosten from the Charite, understand that
politics is not science, there are limits what's possible and always stresses
that the society itself must decide to act.

~~~
mytailorisrich
This has nothing to do with democracy, surveillance, or freedom.

Nothing is absolute and a balance has to be struck. Germany is quite
controlling in many aspects so it is a little strange that this would be an
issue.

If contact tracing is needed then it should be deployed in the most effective
way.

This is temporary and does not restrict people's freedoms at all. The
controversy is manufactured on ideological grounds at a time when pragmatism
should prevail.

Claiming that this would be throwing away democracy or the rule of law is
plainly ridiculous. I think Germany is still traumatised by its history and
this often has unfortunate consequences (we already saw it several times in
recent years).

~~~
mikem170
>If contact tracing is needed then it should be deployed in the most effective
way

I, and many others, do not agree with your opinion that it should be
mandatory. No other country has mandated contact tracing apps for their non-
quarantined population.

There's no proof that a contact tracing application would be effective after
there are already millions of cases. There is no indication that there will be
enough tests to identify asymptomatic carriers, so if you were vulnerable
you'd still need to self-isolate to be safe.

Already 1 out of 5 people have antibodies to this. We're on our way to herd
immunity and a death rate of something like 1 out of 500 people. We were
trying to slow things down so that hospitals were not overwhelmed, and we've
done so. Unless someone comes up with a vaccine that can be mass produced in
the next couple months this will all be a moot point.

~~~
mytailorisrich
I didn't write that it should be mandatory.

I wrote that it should be mandatory IF it is needed.

Otherwise it's like saying that lockdown is needed but that it will only be
opt-in: it does not make sense.

By the way, no, 1 in 5 people do not have antibodies.

~~~
mikem170
I apologize, you are correct that you did not say mandatory. I got carried
away in the conversation.

> By the way, no, 1 in 5 people do not have antibodies.

"Cuomo Says 21% of Those Tested in N.Y.C. Had Virus Antibodies", NY Times,
[https://www.nytimes.com/2020/04/23/nyregion/coronavirus-
new-...](https://www.nytimes.com/2020/04/23/nyregion/coronavirus-new-york-
update.html)

~~~
mytailorisrich
"in NYC"

~~~
mikem170
Is there a reason you don't think their numbers can be extrapolated to other
places? Last week they were at 15% in NYC, and this jived with the numbers
form other places, like the U.K., and I think also Germany.

It seems that as we get more data we're find more cases, and in increasing
amounts, across the board. Which lowers the death rate and means we can reach
herd immunity sooner than we thought.

------
Aeolun
Wow, I’m a bit surprised that the one with the ability to say yes or no in
this instance was Apple. I’m not sure if I enjoy the idea that any given
company can overrule the government of the country it operates in...

~~~
bpodgursky
This is not Apple overruling the government. Germany is perfectly free to ban
Apple products. They did not.

Government / company interactions with multinational corporations are simple:
the government makes rules, and the company is free to either operate in the
locale or quit.

Germany decided that they would rather have an Apple which refused to play by
the proposed rules, than no Apple at all, so they figured out new rules.

~~~
chimprich
> This is not Apple overruling the government. Germany is perfectly free to
> ban Apple products. They did not.

That makes no sense. Maybe, in theory, if you had five years to play with,
Germany could move towards restricting Apple products.

In practice the window of opportunity to affect the course of this epidemic
using technology is weeks or months. That restricts your options to using
existing infrastructure; realistically that means working with Apple or
Google.

Germany could ban Apple and Google products, but that would leave them nothing
to work with.

This is going to raise questions about national security and sovereignty going
forward. I suspect this will be a subject of controversy after the pandemic
dies down.

~~~
chopin
Hopefully this will be a conversation about how a government uses a crisis to
expand its surveillance powers.

------
mrfusion
If one fifth of New Yorkers have this isn’t the cat out of the bag? What do we
accomplish with contact tracing?

~~~
rndgermandude
That leaves 4/5th of NYC still vulnerable. That's a lot of potential
hospitalizations and potential deaths. To reach herd immunity you need at
least something like 2/3rds of people immune to the virus. Now imagine another
2/5ths of NYC's population becomes infected in a short period of time and what
this would mean for the health care system. It more or less was on the brink
of collapsing (some would say actually did collapse for some time) with only
1/5ths.

So thinking the worst is over for sure is wishful thinking; and to just resign
to "out of the bag" isn't an option either; the worst is only over if we keep
at flattening the curve enough to not collapse the system. There are many
different parts to it, and one such part might be contact tracking/tracing
with an app.

Also, all the talk about herd immunity etc is based on the premise that you
actually get a lasting immunity after you had the virus. While it thankfully
looks like this may be the case (exceptions like immunocompromised people,
apply) - with e.g. blood plasma from cured patients showing good results when
given to still severe cases - it isn't certain yet. It could mutate enough
(like the flu) and reinfect, or it could "hide" like herpes and hit you full
blown when your immune system isn't operating at full capacity. Let's hope
not, but let's act at least with that in mind. Contact tracing technology we
develop and roll out now may help should there be a second wave.

And yet another also: there have been reports that even after mild
progressions some patients end up with damaged lungs, damage that is most
likely be permanent. So while these reports haven't yet been verified or
refuted, I am not a big fan of "just get it and get it over with, if you're
young and low risk".

~~~
unnouinceput
If covid will mutate like flu, every year, this will be the end of human race
in maximum half a century - given if the symptoms/damage to our body stays the
same regardless of mutations. My take is that our immune system will actually
"mutate" as well so we might be, in couple of centuries, in same position as
we are now vs. flu (the mortality rate will be insignificant).

~~~
samatman
Apologies for my directness, but no way around it: this is completely
unhinged.

Humanity has dealt with double-digit-fatal diseases, several of them, for
centuries. SARS2 is an ugly bug, but hardly an existential threat to the
species.

~~~
unnouinceput
I said "if", didn't I? Also my prediction is the same as what you said, but in
different words.

------
farnsworth
Something I don't understand about this approach - if location data is not
tracked/included, only contacts, then don't you have to download all the
tokens for every person who tests positive in the world? Then even if it is
optimized with location data, and I can only download tokens for people in my
area, that will be 1000s of people a day multiplied by all of their tokens
over whatever period of time.

Either I'm misunderstanding something or it has just been decided that
downloading many MBs a day is not a dealbreaker.

~~~
aravindet
You're forgetting time of infection.

You only need to download tokens for people who tested positive in the recent
past (14 days - assuming you're not infected, any contact before that couldn't
have infected you.)

While that's likely still a lot of data in areas with large daily case counts,
at least it won't keep growing indefinitely.

BTW it's one token per day per person, to improve privacy. When someone tests
positive, their tokens for the last 14 days are published.

~~~
aravindet
To put some numbers to this: If you're living in a city with 10,000 new cases
a day, with each case publishing 14 keys and each key being 16 bytes, it's a
2.2MB download a day (assuming incremental downloads).

When you first install the app you might have to download all keys from the
last 14 days, which would be about 15 MB.

~~~
oarsinsync
2.2 * 30 + 15 = 81MB

For people with 200MB & 500MB data caps (which is a surprisingly large number
of people), this is a significant amount of their data allowance.

These are likely to be people that are still required to go out into the world
and work, so are still using their data instead of wifi, and thus higher risk.

It's easy to forget when you're on 10GB+ data plans for years just how many
people are not.

~~~
egoisticalgoat
That's assuming you're never connected to wifi within those 30 days. The apps
could either let you choose to only download the list while on wifi, or it'll
probably download the list in the middle of the night when it's reasonable to
assume most people are at home near wifi.

------
antpls
Even decentralized, there always will be a central authority in the system
that you will have to trust to not misbehave in the future.

The other issue is that contact tracing (decentralized or not) is exploitable.
In Korea, people sometime figured out who is infected or not, and those people
are now socially bashed on the internet.

There are many scenarios where contact tracing can be abused : for example,
anyone from outside your house can now know if there is someone inside. Handy
for thieves.

French academics did set up a nice website with a list of those scenarios, but
it's only available in French : [https://risques-tracage.fr/](https://risques-
tracage.fr/)

The actual debate is not decentralized/centralized, it's "should we allow
contact tracing or ban it?"

~~~
tastroder
> The actual debate is not decentralized/centralized, it's "should we allow
> contact tracing or ban it?"

Did you mean "digital contact tracing" there? Contact tracing itself is a
necessary tool when dealing with a pandemic and I really do not see anybody
arguing against that. Of course there's a lot of trade-offs and questions like
voluntary/mandatory, usage restrictions, etc. but I feel like decentralized
vs. centralized debate was a good first discussion to have in a democracy.

~~~
antpls
> Contact tracing itself is a necessary tool when dealing with a pandemic and
> I really do not see anybody arguing against that.

Humanity got right we are today (still alive and growing) _without_ digital
contact tracing. So, no, this is not a "necessary" tool.

I wish the link I posted above was available in English too, because they
analyzed a few scenario that shows how digital contact tracing can be
exploited by anyone, not just techies people.

I would rather be a partisan of investing our money in technologies that heal
and strengthen our bodies. At least regenerating and healing the body could
help with many other diseases.

~~~
tilolebo
GP literally explained that "contact tracing" and "digital contact tracing"
are two different things...

He said "contact tracing" is necessary.

------
jgraham
Is there a good discussion anywhere of the anticipated impact in effacity on
various choices around privacy here? A simple toy model for the fraction of
infection chains stopped might be something like

fraction stoppped = (usage fraction in population) __2 * (fraction of
infections recorded as contacts) * (fraction of detected contacts who follow
up correctly)

That's obviously a massive over simplification; for example real population
dynamics don't give full random mixing between all members of the population.
But every factor there is potentially depressed because of opt in and
anomnymity; the first obviously so, the third because people are less likely
to followup correctly if there's no consequence for not doing so, and the
second because it will be impossible to tune the detection parameters without
any data to work from. In that — again oversimplified — model if you get 50% o
the population using the app (compared to 80% smartphone usage in western
Europe), it detects 80% of transmissions and (say) 50% of people follow up
correctly before themselves passing the disease on, you end up with 10% of
infection chains traced. That doesn't seem like it's going to have a big
impact.

So assuming that model's not wildly wrong — which it could be, again, I'm
really looking for a link to an expert discussion of this, I can see a few
possibilities: * Digitial contract tracing doesn't have much impact on our
ability to control the virus * Governments seek to outsource the privacy-
invasion needed to companies by e.g. requiring evidence that people are using
the contact tracing software and have followed up on potential transmission
events before allowing people to buy food etc. * Ineffective opt-in contact
tracing and a second wave of pandemic deaths/lockdown is used to bounce people
into accepting the need for mandatory, non-anonymous contact tracing with
fewer privacy concessions than you'd get right now.

To be clear I'm very concerned with the idea of govenments and in particular
the current UK government having access to non-anonymised contact data; it's
already being run by someone who considers population-level manipulation using
data science and social media to be his core skillset. But I'd also like to
understand what tradeoffs are being made in terms of disease control.

~~~
tastroder
While of course a valid question I feel like some of your assumptions might
have a different impact in reality. For Germany "50% of people follow up
correctly" for example seems unrealistic due to a few factors:

\- The proposed centralized solution would have to rely on malice to easily
identify people that did not follow up correctly since there was no means to
do that in it. The only upside you would have had was more trivial means for
data collection on population scale to validate random epidemiological models
and validate follow up.

\- 50% of people failing to follow up correctly seems like an unreasonably low
number given that it's not that different from breaking quarantine with the
existing process and there's few enough cases of that to still garner high
profile media attention here.

\- Even if 50% wrong behaviour was a correct assumption, that would be a
slippery slope in most models. If you lose, say, 10% of the overall population
because it's allergic to the historical and privacy implications of the system
design, misbehaviour of 50% of people left using it can be pretty irrelevant.

\- AFAIR adoption in Singapore, which is often used as a reason to use this
model in the first place, so far has not been anywhere close to the 50% of 80%
of phone users. Many people seem to suggest looking at WhatsApps growth rates
for realistic adoption time frames.

Fraser et al have a few general articles and calculated through scenarios on
the matter that might be interesting, maybe you get something out of those:

[https://science.sciencemag.org/content/early/2020/04/09/scie...](https://science.sciencemag.org/content/early/2020/04/09/science.abb6936)

[https://045.medsci.ox.ac.uk/files/files/report-effective-
app...](https://045.medsci.ox.ac.uk/files/files/report-effective-app-
configurations.pdf)

Many discussions w.r.t. the epidemiological impact of these trade-offs at the
moment seem anecdotal because they lack proper validation. I do not think any
of them so far directly address the one you are looking at here.

~~~
jgraham
> "50% of people follow up correctly" for example seems unrealistic due to a
> few factors

My assumption was that if the R0 is 3-5, that's small compared to the total
number of contacts over the infectious period. That means that the false
positive rate is going to be rather high. Given a high false positive rate and
some inconvenience with following up, needing to go get tested or go into
isolation, either of which mean taking time off work at short notice, people
will "take a chance" more often than you'd like and delay getting tested until
there are symptoms. But certainly it's not a confident estimtate.

Also, Germany is likely cultrally different, but opt-in social distancing /
lockdown lasted fully 3 days in the UK before it became clear that it wasn't
going to have the necessary effecity. I can imagine the same thing for
compliance with contact tracing recommendations.

> The proposed centralized solution would have to rely on malice to easily
> identify people that did not follow up correctly since there was no means to
> do that in it

Right, but this is (aiui) different to the systems in countries like South
Korea which use location tracking to ensure that you don't break quarantine.
It's a point in the possibility space that must be considered to understand
tradeoffs.

> AFAIR adoption in Singapore, which is often used as a reason to use this
> model in the first place, so far has not been anywhere close to the 50% of
> 80% of phone users. Many people seem to suggest looking at WhatsApps growth
> rates for realistic adoption time frames.

You'd hope a massive public information campaign could speed up uptake here. I
think I've heard that whatsapp is on 75% of devices in Germany (but I haven't
verified that number) which if you assume 80% of the population owning a
smartphone, leads to 60% of the population opting in. So that doesn't change
the results of the toy model too much (if it was 75% of the population rather
than 75% of smartphone owners, that would roughly double the fraction of
infection chains terminated compared to the 50% assumption).

These numbers still seem pretty low to me, but again I've got precisely zero
expertise here.

> Fraser et al have a few general articles and calculated through scenarios on
> the matter that might be interesting, maybe you get something out of those

Thanks! I'll read those.

> Many discussions w.r.t. the epidemiological impact of these trade-offs at
> the moment seem anecdotal because they lack proper validation.

That's worrying. I think there's a possibility here that we're in the zone
where privacy-preserving contact tracing has too low effacity to be
significant in saving lives, but solutions that are mandatory and come with
enforcement are effective. If that turns out to be true, there's a clear
tradeoff between individual privacy and saving lives / rescuing countries from
economic ruin. If I were the sort of person who wanted to significantly change
the narrative around privacy to make it look unacceptably selfish, this might
be the sort of crisis I'd see as an oppertunity. And given that this is less
information than Google and Apple can access as a mattter of course,
constructing the narrative that it should be shared with the health service is
easy, if people go that way.

I hope there are people thinking about the case where there's popular support
for the tracking being mandatory and non-anonymous, so that there can be
proper legal — rather than technical — safeguards to ensure the data is only
used for its intended purpose and is destroyed promptly when it's no longer
useful for that purpose. The optimistic point of view is that this process
will give us the ability to shape the fuure of privacy regulation so that we
accept that some entities (Google, Facebook, maybe the Government) have more
personal data than we're confortable with, but there are stronger controls on
how long that data can last and what it can be used for.

~~~
kitd
_opt-in social distancing / lockdown lasted fully 3 days in the UK before it
became clear that it wasn't going to have the necessary effecity._

Citation?

~~~
jgraham
[https://en.wikipedia.org/wiki/2020_coronavirus_pandemic_in_t...](https://en.wikipedia.org/wiki/2020_coronavirus_pandemic_in_the_United_Kingdom#Early_to_mid-
March_2020)

On March 16th there was a request to avoid "non-essential travel and contact
with others", on March 20th pubs and resturants were forcibly closed, and by
23rd the restrictions on movement were being put into law.

The three-day period I was thinking of was the 20th-23rd; the number of people
out and about on the weekend of 21st/22nd was widely reported as the reason
for the stricter rules the following Monday e.g.
[https://www.theguardian.com/world/2020/mar/23/boris-
johnson-...](https://www.theguardian.com/world/2020/mar/23/boris-johnson-
orders-uk-lockdown-to-be-enforced-by-police)

If, however, you mean "what's the proof that people were ignoring the pre-
lockdown restrictions in sufficient numbers to make the stricter provisions
necessary", all I can do is point out that the people with the best access to
that data _did_ chose to require the stricter provisions in response to what
they saw. For more you're going to have to wait for the inevitable public
enquiry (and I am deeply deeply uninterested in having a discussion about
whether lockdowns are the only or most effective policy here).

------
tgsovlerkhgsel
Do any of the custom-built apps work reasonably well? I know that the last
time I touched Bluetooth on phones (long ago) the stacks were so buggy that
getting different devices to communicate reliably was next to impossible. It
would work for some devices, but cause issues with others etc.

I would expect that any custom solution would be implemented by one of the few
contractors experienced in dealing with the local bureaucracy, and would thus
suffer from a lack of experience in dealing with Bluetooth and all the
undocumented quirks.

I wonder if that played into the decision.

------
mytailorisrich
> _Centralised apps would not work properly on Apple’s iPhone because, for
> Bluetooth exchanges to happen, the device would need to be unlocked with the
> app running in the foreground - a drain on the battery and an inconvenience
> to the user._

This is bullshit plain and simple.

This is a political decision.

------
yalogin
Why are governments trying to come up with their own? Why can’t they legislate
around the protocol instead? Standardizing on the protocol saves a lot of time
In the current situation.

~~~
peteretep
> Why are governments trying to come up with their own?

Governments contain no shortage of people interested in personal glory

------
koolba
How does one enable this on an iPhone or Android phone? Directly related, how
does one ensure this never gets turned on? Disable Bluetooth?

~~~
SpicyLemonZest
Nothing short of a Faraday cage is going to work if your threat model is that
Apple turns it on against your will. (I guess in principle you could find and
physically destroy the Bluetooth receiver.)

~~~
darkerside
Maybe some kind of device that corrupts Bluetooth signal frequencies

~~~
loeg
Signal jamming is illegal and will get you a conversation with the FCC, and
more importantly, you're just being a dick to everyone else on the 2.4GHz
band.

~~~
darkerside
I don't disagree and wouldn't do this myself

------
hmd_imputer
it is kind of ironic that a country priding itself in data privacy was pushing
for a very centralized data collection, while the "evil Apple" was pushing for
a more decentralized and privacy-preserving approach.

------
LatteLazy
I'm sort of divided on this. It's a better safer approach. But all of our
movements and who we spend time with are already being tracked and have been
for decades so why the pretence? Why are we reinventing this wheel, just have
the NSA open their files.

------
exit
are codes broadcast without any uniquely identifying "bluetooth address", or
something to that effect?

~~~
unnouinceput
my understanding is that the "codes" are randomly generated stuff, none based
on any of the phone parameters. In which case you don't need any address.
However, I am curious about collision. Same stuff happened 25+ years ago with
famous Pentium bug. Intel was something like "this bug will happen only one
time in 10 thousand years", except they considered those 10 thousand years
happening under lab conditions, while in the production it hit so hard due to
all software that used intensively, like AutoCad, that it actually happened
per hour - result was disastrous for calculations for entire teams that were
creating Architecture or Naval shipping research that in the end Intel issued
a full recall on the entire chip line.

~~~
Reelin
These are 128-bit cryptographically secure numbers that rely on thoroughly
battle tested primitives. There is absolutely no way a compliant
implementation would generate a noticeable number of collisions unless the
underlying keys themselves were the same.

(And I would certainly expect that Apple and Google are capable of generating
the underlying keys in a cryptographically secure manner.)

~~~
unnouinceput
"These are 128-bit cryptographically secure numbers that rely on thoroughly
battle tested primitives".

Oh, wow! So that's like 128 / 8 => 16 bytes? As in 16 ASCII characters? And
what crypto has to do with them anyway in this context? Do explain please, I'd
love to hear that. And also tell me about those primitives as well, I really
need to hear their names.

If dang didn't warned me already not to feed the trolls in the past I'd say
that you're full of "you know what", but since he did I'll just stop here

------
hilbert42
That governments are taking advantage of the COVID-19 crisis to effectively
'mandate' tracking is about as sinister as it gets. Governments are playing on
people's fears to overcome privacy concerns that they would otherwise have in
normal circumstances; moreover, they're making it appear both normal and
reasonable to be tracked.

I rarely take my phone with me when I'm out and about and this has been the
norm with me for years. I wonder how long it will be before I'm stopped in the
street by police who'll ask me to present my phone for compliance inspection
and when I report that I don't have it with me then I'll be fined.

To avoid tracking, some people I know take a different approach which is to
turn _Airplane Mode_ on until they actually want to make a call. I wonder how
long it will be before _Airplane Mode_ in phones is disabled by mandate.

I can foresee a time in the not-too-distant future when someone who doesn't
want to own or use a phone will actually be mandated to do so by law. When
that time arrives then we'll know that...

... _" We've won victory over ourselves. We will have learned to love Big
Brother."_

~~~
pmoriarty
_" To avoid tracking, some people I know take a different approach which is to
turn Airplane Mode on until they actually want to make a call. I wonder how
long it will be before Airplane Mode in phones is disabled by mandate."_

Carry your phone in a container made out of conductive material and while the
phone is in it you won't be tracked by it.

Of course, all bets are off when you take it out.

Even simpler solution: turn off your phone and maybe take out your phone's
battery (if you're lucky enough to have a phone with a removable battery) when
not using it.

~~~
gruez
>Carry your phone in a container made out of conductive material and while the
phone is in it you won't be tracked by it.

If your threat model is a tyrannical government, what's preventing them from
making it an offense to not carry a phone or otherwise interfere with the
contact tracing system?

~~~
SpicyLemonZest
Public perception of overreach operates on most governments no matter how
authoritarian. Singapore is pretty far towards authoritarianism, and even they
haven't made their contact tracing app mandatory. (China admittedly has.)

~~~
shadowgovt
China has what most nations lack: a citizenry that already agrees
philosophically (on average) that government authority should be deferred to
because it is part of the natural order of things.

------
sneak
> _Germany as recently as Friday backed a centralised standard called Pan-
> European Privacy-Preserving Proximity Tracing (PEPP-PT), which would have
> needed Apple in particular to change the settings on its iPhones._

The phones in question are not Apple’s phones. Those phones, and their
settings, belong to the end user. They paid for them.

~~~
Reelin
Except that the users themselves aren't permitted by Apple in all their
benevolence to grant an app the necessary permissions on a device which they
supposedly own!

Of course users willingly made the choice to purchase such a device in the
first place, though I'm not at all convinced that most understood the
tradeoffs they were making. To say that my feelings about the current
situation are conflicted would be an understatement.

------
Traster
>When Apple refused to budge there was no alternative but to change course,
said a senior government source.

Shutting down every Apple office in the EU seems like a pretty good idea, oh
and confiscating all Apple products, designs and patents..... Look, let's be
positive and assume that the reason Germany backed down is because actually
Apple's approach is better and they were convined by the explanations of why a
centralised approach is wrong. Becuase the other explanation - that European
countries are scared of Apple doesn't stand up to scrutiny.

~~~
InTheArena
Germany’s historical experience with centralized databases (using IBM tech)
means that there are very good reasons to be skeptical of a centralized
approach that could conceivably allow a government to spy on or classify the
population of a whole country or even A continent.

Silicon Valley is a useful boogeyman, in part because they have done some
things on the negative side of the evil ledger. Historically governments dwarf
private companies in the amount of damage and misuse they Can unleash — with a
few notable exceptions where they almost reach the scale of what tyrannical or
incompetent governments can wrought.

~~~
loeg
For folks missing the historical reference, IBM provided machines and support
to the Nazis to "census" Jews.

