
Apple, Google ban location tracking in apps using their contact-tracing system - ingve
https://www.reuters.com/article/us-health-coronavirus-usa-apps-idUSKBN22G28W
======
azinman2
I have to say, working at Apple and knowing all the hard work that goes into
this and making sure your data stays private while also being able to combat
this disease, it's very frustrating to read a lot of the comments here. I can
understand why the public is skeptical, but I feel like as a society we've
swung so far away from institutional trust that now nothing good can actually
emerge. The anti-vax movement is a perfect example where the collective work
of thousands of people over decades to save millions of lives just gets tossed
aside because some celebrity 'feels' like there's a connection that isn't
there, and in the process, the level of public harm becomes severe.

Note: All opinions (in this comment and all of mine on HN) are my own.

~~~
m12k
I think the notion of trusting any company over a certain size is crazy - I
wish people would stop anthropomorphizing companies that way. Basically, I can
trust specific people if I feel that I know their character, and by proxy I
might trust a company that these people have significant control over. Once a
company reaches a certain size, any power that individual employees wield will
have been diluted to microscopic levels, and even founders' altruistic
motivations tend to fade or get drowned out by the basic profit motives of an
increasingly large group of shareholders. At that point, it's not a matter of
trusting, it's at best a matter of recognizing if the strategic goals of the
company aligns with my interests in specific ways. For example Apple has made
a strategic choice to double down on privacy, because invading privacy is not
core to their business the way it is to Google and Facebook, so this allows
them to gain an edge over their rivals. Great, that's something. That doesn't
mean I "trust" Apple the way I would a person - it's more akin to how I'd
recognize when a wild animal doesn't view humans as prey, so I'm willing to
get relatively close to them without protective equipment. I don't trust them
in general, I don't expect them to care about me at all, but I trust them to
follow their instinct, which is to not attack me unprovoked.

~~~
blauditore
I kind of disagree with this. If a company publicly claims to follow certain
principles and vows to have mechanisms in place to protect user privacy,
people on the inside are able to judge if those principles are being followed.
The larger a company is, the lower are chances that everyone would stay silent
in case of a (systematic) breach of those principles. So in a sense, it's much
harder for larger companies to secretly do things simply because larger groups
of people are worse at keeping secrets.

~~~
72deluxe
But history has proven this wrong. e.g, how did the entire German population
wilfully engage in something that they now consider very wrong and ashamed
about (WW2)?? (Quite a generalisation I know, but it's an example of a lot of
people going along with something they may not entirely agree with, not
comparing Apple to the Nazis BTW, nor am I saying that every single person
went along with it).

I am merely saying that if it is possible at a national level, it is possible
at a company level. If it is a culture where you work you can quickly become
swept along with it.

~~~
blauditore
WWII is somewhat different in that it was not secret what was happening.
Speaking up on the inside is a much bigger step than just talking to
outsiders.

~~~
selestify
What? The Holocaust was definitely kept under wraps from the general public
until the concentration camps finally got liberated. Sure, some members of the
public heard rumors, but it wasn't like Nazi Germany was doing it completely
out in the open.

~~~
zimpenfish
> The Holocaust was definitely kept under wraps from the general public

[https://www.theguardian.com/uk/2001/feb/17/johnezard](https://www.theguardian.com/uk/2001/feb/17/johnezard)
suggests otherwise.

------
alkonaut
If you don't trust Google and Apple when they say their API does what they say
it does, then you can't use an iPhone or Android phone.

I understand that people are conscious about these things but what I don't
understand is how people say "oh I'd never run an app using an API from
google/apple, they have a horrible track record" and then carry a phone in
their pocket with an OS from either Google or Apple, where those companies can
basically do whatever they want. If you carry such a phone you already trust
them. If this API does what it says it does (basically exchange random
numbers) then how is that worse than what you already trust your phone to do?

~~~
mellow2020
> If you carry such a phone you already trust them.

I don't. But not because I think my dumbphone isn't also basically a mic I
carry around, but because mobile devices are a joke, one and all. It's like
moving back to communicating with infant sounds after I learned how to walk,
form sentences and use tools -- why would I? Because so many people do, that
they already assume _everybody_ does?

I don't need e.g. Whatsapp to stay in contact with people I care about and who
care about me, if I was only reachable by mail they'd send me letters. Anyone
incapable of that I would surely dislike for dozens of other reasons already,
so the question of "how to stay in contact even though I don't have a
smartphone" literally didn't come up once since Apple "changed the world" in
2007, heh.

This stuff is just a very recent blip in our evolution as a species, and the
phase we're in is about as impressive as the lies people told each other once
they invented writing. It too shall pass.

~~~
redlorryyellow
_if I was only reachable by mail they 'd send me letters._

Based on your comments above, I'd bet a lot of money that they wouldn't...

~~~
mellow2020
Because something you can't even specify rubbed you the wrong way, no person
in the world loves me? That's just wishful thinking on your part.

------
Someone
The title of this article is incorrect. FTA: “Apple […] and […] Google on
Monday said they would ban the use of location tracking in apps _that use a
new contact tracing system the two are building_ ”.

So, contact tracing apps that don’t use that system, such as the one from the
UK
([https://www.bbc.com/news/technology-52441428](https://www.bbc.com/news/technology-52441428))
still would be allowed to do location tracking.

~~~
grey-area
But will anyone use them? I wouldn't trust an app which has been outsourced
and feeds data to palantir:

[https://eandt.theiet.org/content/articles/2020/04/nhs-
opts-f...](https://eandt.theiet.org/content/articles/2020/04/nhs-opts-for-
centralised-contact-tracing-app/)

[https://www.hsj.co.uk/technology-and-innovation/exclusive-
wo...](https://www.hsj.co.uk/technology-and-innovation/exclusive-wobbly-
tracing-app-failed-clinical-safety-and-cyber-security-tests/7027564.article)

The Apple/Google solution sounds much better to me - no central datastore.

~~~
Traster
Oh the UK government has got a great plan for that - they're going to stick
the NHS logo on it. That way people will incorrectly think it's trustworthy,
and when they find out it wasn't it'll damage the reputation of the NHS -
which is a key goal of the current government.

------
karambir
Will be interesting to see if they can ban Indian govt. app[1] which needs
full location access(clarified)[3]. A lot of people like this app(including
me) but also know government does not have good track record in securing
private data.

Previously Apple were made to bend their rules when India threatened to ban
Apple devices if they don't allow TRAI Do Not Disturb app in 2018.[2]

[1]
[https://play.google.com/store/apps/details?id=nic.goi.aarogy...](https://play.google.com/store/apps/details?id=nic.goi.aarogyasetu)

[2] [https://9to5mac.com/2018/11/30/apple-approves-india-dnd-
app/](https://9to5mac.com/2018/11/30/apple-approves-india-dnd-app/)

[3]
[https://paste.gg/p/anonymous/b7c95d3967514e78a652840b5b666d5...](https://paste.gg/p/anonymous/b7c95d3967514e78a652840b5b666d50)

~~~
ivarojha
Not sure about Android, but if you're on iOS you have the choice to disable
"full location access". In case it's needed to run certain feature in the app,
you can choose the "Allow while using" option.

I do that will all the apps that require location access: local food delivery,
cab services, vehicle rental and what not.

~~~
karambir
We can and for most apps I do this too. But some apps, like this one, require
the location or they won't even start. Also at least on android(which also has
fine-grained permissions now), this app specifically requires on-
going(background?) location access.

Recently this has also been made mandatory for employees, public and private.
So organizations have to ensure all employees have this app on their
smartphones. We will see how much this is enforced.

~~~
tinus_hn
You’re better off with Android then because there you can have extensions that
send a fake location to specific apps.

------
AJRF
I've been wondering about the UK contact tracing app because they seem to be
deliberately misleading saying that data is secure on the phone, yet it's a
centralised model, and they are using bullshit terms like "clinically secure
algorithm" to describe the one-time codes;

Is the source code of these apps something that could be FOI requested from
NHSx seeing as it is publicly funded by the tax payer?

Also they've already started moving the goal posts;
[https://www.theregister.co.uk/2020/05/04/uk_covid_app_human_...](https://www.theregister.co.uk/2020/05/04/uk_covid_app_human_rights_parliament/)

This* came from NCSC - that image about the NHS version worries me greatly.

* [https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contac...](https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contact-tracing-app)

~~~
jjgreen
Given that Palantir is involved, I'd not touch it with a long stick

[https://tech.newstatesman.com/coronavirus/palantir-
covid19-d...](https://tech.newstatesman.com/coronavirus/palantir-
covid19-datastore-coronavirus)

~~~
taywrobel
Having worked at Palantir, I’m curious which outdated misconceptions you’re
still harboring?

It’s a giant federated search engine... that’s about it. They don’t even hold
any data themselves, it all stays on site with the customer.

~~~
SSLy
I'll use an analogy: they might not be the warlords, but they are the weapon
traffickers.

~~~
taywrobel
I disagree with that analogy. Palantir isn’t getting them more data. It’s
helping them use it more effectively. The organizations already have all the
data recorded.

If you don’t like the data that organizations record, I’m right there with
you, but demonizing the tools that allow them to access data more effectively
is an absurd stance to take. Their system also does things like add an
immutable audit log, or enforce requirements on how data can be accessed.

Working with law enforcement, before Palantir there was nothing preventing an
officer from looking up their ex husband or wife, or celebrities, or anyone at
random. With it, there’s an audit trail of every search, and most of them need
a case number as justification. Even then, certain searches would
automatically get flagged for review.

We can go back to giving people direct and unaudited SQL access if you’d like,
but I’d prefer some more accountability, even if the downside is organizations
being able to use data _they already have_ more effectively.

~~~
pmiller2
I'd rather we not help our own government "more effectively" spy on American
citizens, thanks.

~~~
taywrobel
> Well, in the context of this post, that is irrelevant at best, or
> whataboutism at worst. I notice you don't offer a defense of Palantir here.
> Why is that?

HN won't let me reply to that, so I'll do it here. I didn't feel the need to
offer a "defense" of Palantir there since I already outlined it above and
don't feel like there's value in repeating myself.

But you asked, here you go - The government is going to use the data
regardless, so long as they have it. The only effective recourse is to make
them collecting or storing the data illegal, but good luck with that, seeing
as even when it is illegal they do it anyways (see: Snowden).

Do you think is Palantir weren't there they'd just say "Ah well, I guess
that's that" and be done with it? Nope; they'd go to Lockheed, Raytheon, IBM,
or another long-time contractor to build a replacement almost immediately. The
technology is genuinely nothing special. It federates searches across
disparate database, and stitches results together.

But for me, having worked at Palantir, I know what mechanisms are provided to
attempt to mitigate abuse. So as long as that data does exist and is going to
be used, I'd prefer to have it be as well controlled and audited as possible.
And sure, you can argue that the government may forego auditing, or be
entirely corrupt, but that doesn't seem to me to be a good reason to not use
tools that at least provide that capability.

~~~
vertex-four
And we would think the same about Lockheed, Raytheon or IBM. Just because
there'll always be someone without morals doesn't mean we just shrug and say
anything goes.

~~~
taywrobel
I’m not saying we should shrug and say anything goes. I’m saying all these
companies share one commonality - the are building things for the US
government.

If you want to see change that is more than just superficial, that’s where you
need to make it.

~~~
vertex-four
Sure. That doesn't mean that what Palantir are doing isn't wrong - selling
tools to an entity which is going to use them for harm is wrong, even if they
might result in slightly less harm than selling them some other tool.

If someone comes into a gun shop and tells you they want to shoot up a
classroom, selling them a pistol instead of a machine gun doesn't make you
immune from judgement.

~~~
taywrobel
What makes Palantir different than any other software vendor that sells to the
government?

Want to know how a lot of that data is generated? Microsoft excel. Arguably
without excel there would be less data to act abusively with. If only
Microsoft just refused to sell excel to the government.

People are happy to accept that excel is general enough that it isn’t made for
that one purpose, but refuse to apply the same reasoning to Palantir; that may
seem like whataboutism, but they genuinely are comparable tools if you take
away the marketing and fear mongering.

As for your analogy, it’s more like you own shop that makes metalworking
tools, and someone buys some. You don’t know what they are going to do with
it, and (here’s where it gets opinionated) you shouldn’t need to care. You
sold a tool to someone. Can the tool be used to make a gun? Sure. But it can
also be used for anything else involving metal work. At some point we need to
accept that the responsibility for how a tool of used needs to be placed on
the person using it.

~~~
vertex-four
Palantir develops tools to be better at tasks that are pitched to them in some
degree of detail through the RFP process and similar processes. Palantir as a
company _would not exist_ if it were not for the less savoury of those tasks.

We do not hear, "Government X purchases a couple thousand Excel licenses to
keep a database on people it'd like to kill", and I imagine that Microsoft
does not sell Excel to Government X in response to an RFP for tooling to keep
track of people it'd like to kill.

(Of course, it'd probably stick its metaphorical fingers in its ears if it did
hear about Excel being used for that purpose.)

------
lazyeye
Does anyone else find this a little ironic given Google is a company that has
been logging peoples location to a very fine detail for years

~~~
dan-robertson
I have four arguments as to why google are behaving this way with regards to
this data. I’ve no idea which, if any, they operate by:

1\. It’s actually crap and they don’t want their advertisers to know that
their ads are sold based on crap quality data/don’t want the backlash of doing
a poor job helping

2\. Most people at google care a lot about privacy (either in the secret kept
between you and google sense or the more common sense definition people seem
to use on hn) and they don’t really think about this data as something the
firm has/should release

3\. They are afraid that if governments realised they had this data then
google would be regulated or every minor security agency/random government
department would be demanding access to it by law.

4\. They strongly feel that surveillance by (well intentioned?) private
companies is ok but by governments it os not.

~~~
jtolmar
> 2\. Most people at google care a lot about privacy (either in the secret
> kept between you and google sense or the more common sense definition people
> seem to use on hn)

When I worked at Google, I saw a lot of earnest efforts to keep data private,
in a way that really was sufficient (k-anonymized with large k, for example),
but in ways that have no outward proof that it was happening. Send all
possible data to the server, then make sure it's properly clustered and
scrubbed before it gets stored or analyzed. And it's not easy to explain to
someone who can see the whole system that from an end-user's view this is
identical to just scooping up everything.

~~~
karaterobot
I can verify that, from an outsider's perspective, this is indistinguishable
from just scooping up everything and saying "trust us, we care about your
privacy".

------
three_seagrass
I mean, imagine the repercussions of allowing third party apps to do this.
It's tragedy of the commons for health info.

i.e. A crappy mobile app that spams notifications when you're around someone
who was in contact with Covid infected. One which doesn't have any oversight
and motivation other than mobile ad views.

~~~
jimmaswell
The repurcussion is.. you know someone near you was in contact with covid (a
good thing to know) and it has ads (devs need to eat too)?

~~~
three_seagrass
It means scammy apps will spam contact notifications without proof just to get
eyeballs, and that's on top of the ones using covid fears to phish for info.
Bad actors will exploit this.

------
xkyscore
Google have flat out banned any apps that have anything to do with combating
COVID-19 if they aren't either funded by their government or are a registered
health company. I tried releasing a symptom tracker app before Zoe released
theirs and it was rejected for this reason.

~~~
cwhiz
They will ban and flag your account if your app just mentions the word Covid.
It is absolutely absurd. Only Google is allowed to make a Covid app.

~~~
jedberg
It may be a bit harsh, but it makes sense. Too many people are trying to take
advantage of the situation to pull scams.

It's a lot easier for Google to operate on a whitelist model than a blacklist
model.

~~~
PaulKeeble
Then Google would be building a whitelist. They aren't doing that, they are
using a position of power to isolate the market for themselves. That is a
monopoly.

~~~
jedberg
They are building a whitelist. They even made the criteria public. You have to
be a government or health entity to publish a Covid related app.

~~~
PaulKeeble
That isn't a whitelist, there is no way on it with a legitimate app when the
entry criteria is being a state.

~~~
int_19h
That is a whitelist. They don't have to be easy to get on, or, indeed, to even
allow any new entries.

------
ramshorns
Sure. It's maybe a bit unsettling to see a global corporate monopoly telling
countries what they're allowed to do, but in this case it's the right thing.

~~~
Spivak
I think it’s unsettling that were so used to companies and people with actual
power doing fuck all to stand up to government abuses that it’s weird when it
actually happens.

~~~
rootusrootus
Apple makes the news periodically for telling the gov't to piss off.

------
cja
Contact tracing with location tracking must surely be more effective than
contract tracing without location tracking.

I'd quite like my government to decide how contact tracing should work in my
country, instead of two companies making that decision. I cannot vote against
Apple or Google if I don't like what they do.

Also, I'd like to leave my home without worrying about catching a dangerous
and possible fatal disease, and if I have to sacrifice some privacy to do this
then that's ok.

Privacy is important, and it's lovely that IT people care so much about it,
but all the people on zero-hour contracts and with underlying health
conditions would probably rather that we prioritise the most effective
approach to eliminating the virus.

------
flipgimble
Its interesting that they call this a "Contact Tracing app" even after
changing the naming to ExposureNotification.framework

I think these restrictions are meant to win confidence with a somewhat
skeptical public. This will also confine the apps to be single purpose for
contact tracing only.

~~~
azinman2
What is interesting about that?

------
jb775
The title says "ban use of location tracking", but the article says "will not
allow use of GPS data". There are many ways to extrapolate a user's precise
location from non-GPS data.

~~~
tinus_hn
That kind of data, for instance visible access points or cell towers, is not
available for apps on iOS.

If you disagree, could you please list ways you think this can be done?

------
aaron695
Can anyone show me an app in the wild that uses Bluetooth like or close to
what the Covid apps wants to?

Why isn't HN talking about the technical side at all?

We know Bluetooth on phones can't do what the governments says it can.

We've all gone through the stage of, what if we used Bluetooth to track people
indoors and do cool stuff! Then we realise you can't. The best we see is
advertising maybe doing low quality beacons.

It like we think C19 makes the impossible possible.

~~~
ObsoleteNerd
The Australian one seems to follow the spec pretty will. Uses rolling random
IDs and BT RSSI to check for proximity to infected people. “Infected” is
declared by the patients getting the hospital to input a private key when
they’re diagnosed, which then uploads their last x days of random IDs to
declare them as infected.

Source code is public and has been shared/audited on twitter etc but no formal
audits that I’ve seen yet.

~~~
shakna
> Source code is public and has been shared/audited on twitter etc but no
> formal audits that I’ve seen yet.

I don't believe that's true. There is certainly decompiled code floating
around, but release of the code has been delayed whilst the Signals
Directorate investigate the app. [0]

Worth noting that decompiling the app to see if it actually does what it says
it does is a crime under the legislation backing it.

> Agreed. The PIA and source code will be released subject to consultation
> with the Australian Signals Directorate’s Australian Cyber Security Centre.

[0]
[https://www.health.gov.au/sites/default/files/documents/2020...](https://www.health.gov.au/sites/default/files/documents/2020/04/covidsafe-
application-privacy-impact-assessment-agency-response.pdf)

------
skybrian
We probably shouldn't call them "contact tracing" apps since what they plan to
do is so different than manual contact tracing. "Exposure notification" is a
better term.

Nothing prevents anyone from using their phone's location history to remember
what to tell the contact tracing people.

~~~
azinman2
What exactly is the difference?

~~~
paxswill
Say Alice tests positive.

Contact tracing: Alice is able to say, “I was in contact with Bill and Carol.”
Then authorities can talk to Bill and Carol, and have them trigger their
phones to see who they’ve been near. But because that’s slow, most plans would
upload the lists of who’s been near who to a central server. Then the
authorities can do a simple query to see who’s been near who.

Exposure notification: Alice enters a code that she got with her positive test
result in to the app. The app has been continually broadcasting rotating,
random identifiers which it then uploads to the central service. The code she
entered verifies to the central service that she has a legitimate positive
result. Bob and Carol’s phones periodically check with the central server for
the list of positive IDs. Their phones stored one of the IDs from Alice’s
phone when they were near each other earlier. Once they get the latest list of
infected IDs, their phones will alert them that they have been exposed and
should be tested.

In CT, the central service has all the data, and you can trace contacts
without the knowledge of the users. In EN, the service has a list of infected
people, and everyone needs to check that list periodically.

Pretty sure there’s some subtlety with the IDs being a cryptographic sequence
or something so there isn’t a gigantic list of IDs everybody is constantly
pulling down, but this is the gist of it.

ETA: The FAQ from Apple+Google is a pretty quick rundown of where exactly each
part of the data is stored and when it leaves your device.
[https://blog.google/documents/73/Exposure_Notification_-
_FAQ...](https://blog.google/documents/73/Exposure_Notification_-
_FAQ_v1.1.pdf)

------
buboard
covid19 has become a buzzword factory. Politicians popularize terms like "herd
immunity" , "crush the curve", "testing", "ventilators", "PPE" etc to appear
to be doing something. "Tracing" is the next in line, but it's a total sham.
No country has been able to contain the epidemic with bluetooth. And all the
countries that manage the epidemic have first waited until they have very few
cases , which can be traced manually, and they did isolation well. As long as
there is a high number of active cases, tracing won't work.

So, it's good that apple+google are banning those apps because they would be
useless and a damn spying vector.

~~~
artursapek
You seem to agree with Schneier! I'm with you, the whole premise is utterly
useless.
[https://www.schneier.com/blog/archives/2020/05/me_on_covad-1...](https://www.schneier.com/blog/archives/2020/05/me_on_covad-19_.html)

~~~
chimprich
Schneier's a security expert, not an epidemiology expert. I don't think I'm
going to put much weight in his opinion. The UK's epidemiology and behavioural
teams have some confidence that this app will have an effect.

It doesn't need to be perfectly effective to be useful. Even a small reduction
in R is very helpful.

~~~
DanBC
To be clear: Sage thinks it will work, but we're not told who is on Sage not
which of them think this will work.

For all we know this is Cummings not understanding any of the science.

~~~
chimprich
For what it's worth, I was thinking of developing an app on similar principles
a couple of months ago and I talked to at one of the Sage people. They were
enthusiastic about it. There have also been papers modelling the effect.

I don't like Cummings' politics but he is a smart guy. I think he'd follow the
science.

------
crushthecurve
We've been looking at digital contact tracing from the perspective of
Australia, as we see a huge push for the COVIDSafe app, based on Singapore's
TraceTogether app.

It seems the sensible order of questions is:

1) Do we have a contact tracing problem?

2) Does digital contact tracing generally solve it?

3) Is the specific app / implementation useful / safe / privacy-respecting?

It appears the national conversation almost entirely skips thinking about 1)
and 2) and gets lost in the limited analysis of 3).

We had a deeper look at 2) in this recent piece:

[https://blog.crushthecurve.today/why-should-you-install-
the-...](https://blog.crushthecurve.today/why-should-you-install-the-
covidsafe-app-part-2/)

~~~
viraptor
The post has a very city-specific view. (and it may have good points about
that environment) Compare it to a regional town: minimal public transport,
few/no dense residential buildings, no large offices. For me the app is
literally a "does anyone I stood next to in the shop / petrol station test
positive" indicator.

~~~
crushthecurve
In a regional context a bluetooth proximity app offers even less theoretical
value.

A contact is only registered after 15 minutes of time spent within an
estimated proximity of 1.5 metres (itself a primitive model of infectious
disease transmission based on a 1942 paper). Note other countries set the
distance at 2 metres.

As outlined in other comments in this thread, close contact rules include
anyone in a room for more than 2 hours, so even though all close contacts have
to be manually interviewed (there is no instantaneous notification and
isolation) for most social situations close contacts won't be registered
through crude estimates of proximity: home, family / friends, work all require
thinking about and providing contacts.

When you strip out all the situations that aren't beneficial, that starts to
leave public transport in major metro situations where commutes are greater
than 15 minutes.

Keep in mind that also implies the end of any social distancing (as otherwise
no contacts are registered). That seems obvious, as public transport becomes
overwhelmed if capacity is significantly reduced.

------
spicyramen
Location information, political preferences, socioeconomic status, photos,
emails, search locations, to name a few. Is very dangerous that they are
openly monopolizing access to everybody's life without regulations in place. I
personally believe that Engineering teams do their best to anonimize
individuals but reality is that other products teams such as Ads or growth
don't do it

------
ghuntley
See
[https://twitter.com/GeoffreyHuntley/status/12561244277810626...](https://twitter.com/GeoffreyHuntley/status/1256124427781062656?s=19)
for Australia.

~~~
shakna
Where are the bug bounty programs? That's easy. It's a crime to see how any of
the app is running. Reporting a security flaw would likely see you receive a
$5000 fine, and potential jail time atop of that.

They didn't bother to get the servers running before pushing out a gigantic
advertising campaign shaming anyone for not using it.

... Despite it having obvious flaws from day one, that showed it was mostly a
cut 'n paste of Singapore's GPL app. (Though you can't access the source.
National security trumps freedom of information and promises.)

~~~
viraptor
> It's a crime to see how any of the app is running.

Have you got something supporting this? Here's a panel of Australian-based
security people decompiling and discussion the details of the app:
[https://www.youtube.com/watch?v=U3dN99ljgD4](https://www.youtube.com/watch?v=U3dN99ljgD4)
Are you saying they've all publicly admitted to committing a crime and are
unaware of those laws? Are all editors here
[https://docs.google.com/document/d/17GuApb1fG3Bn0_DVgDQgrtnd...](https://docs.google.com/document/d/17GuApb1fG3Bn0_DVgDQgrtnd_QO3foBl7NVb8vaWeKc/preview#)
criminals?

The only serious analysis I can find is in
[http://www.austlii.edu.au/au/journals/JlLawInfoSci/2003/2.ht...](http://www.austlii.edu.au/au/journals/JlLawInfoSci/2003/2.html#Heading337)
and it's "kinda depends why you're doing it, but either way it's largely
untested".

~~~
shakna
It isn't actually a law yet - that happens later this month. Instead, we've
received a determination by the minister [0], which will act as a kind of
back-date for when those laws are passed.

> A person must not decrypt encrypted COVID app data that is stored on a
> mobile telecommunications device.

That video shows them looking into how the data bundle is assembled, but I
don't believe they actually touch it or run it in an emulator, which would
very much breach the determination - because unless you're one of the
exceptions, you're not legally allowed to run the software outside of tracing.

Exceptions are given for those in employ of the health department, or other
government bodies.

Whilst that might vaguely not mean decompiling the app, the minister's own
press conference is clearer on the intent [1]:

> It cannot leave the country, it cannot be accessed by anybody other than a
> state public health official, it cannot be used for any purpose other than
> the provision of data for the purposes of finding people with whom you have
> been in close contact, and it is punishable by jail if there is a breach of
> that.

Decompiling the app steps outside the provisions for looking at the data, and
yes, you don't have permission to look at your own data.

[0]
[https://www.legislation.gov.au/Details/F2020L00480/Html/Text](https://www.legislation.gov.au/Details/F2020L00480/Html/Text)

[1] [https://www.health.gov.au/ministers/the-hon-greg-hunt-
mp/med...](https://www.health.gov.au/ministers/the-hon-greg-hunt-
mp/media/press-conference-about-the-covidsafe-app-launch)

~~~
viraptor
IANAL, but I think your interpretation goes beyond what they're after.

The determination is clearly aimed at data usage and prevents people from
trying to decrypt the reports from other users. The whole fragment of the
interview is about the data produced by the app and how it should be protected
as sensitive information. I can't see anything there that would prevent you
from reverse engineering "to see how any of the app is running."

It's not even obfuscated or protected from decompilation in any way, so it's
trivial to look at with static analysis tools. (i.e. without trying to run it)

Even the headings don't mention the code: "Collection, use or disclosure of
COVID app data", "Treatment of COVID app data", "Decrypting COVID app data",
"Coercing the use of COVIDSafe".

~~~
shakna
> IANAL, but I think your interpretation goes beyond what they're after.

Perhaps more than the intent, but this is a government that doesn't deserve
the benefit of the doubt.

Circumventing any "access control technical protection measures" is currently
a crime under Australian law (Section 116, Copyright Act). They may well
consider any decompiling tools to fall under that particular law, as well as
use of said tools.

In March, they pressured a university in firing someone researching into their
own data breach to see how bad it is. [0] There isn't a law against de-
identifying, especially when it is in the public interest, but they went ahead
and threatened severe legal action anyway. Whilst simultaneously claiming that
said data breach doesn't contain any personally identifiable information.

They had to be taken to the High Court to be shown that an algorithm cannot be
used as evidence that a debt exists, and that decision makers actually need to
do more than just trust the system. [1]

If it embarrasses them in any way, then they are not above twisting laws to
suit them. [2]

[0] [https://www.theguardian.com/australia-
news/2020/mar/08/melbo...](https://www.theguardian.com/australia-
news/2020/mar/08/melbourne-professor-quits-after-health-department-pressures-
her-over-data-breach)

[1] [https://www.theguardian.com/australia-
news/2019/nov/28/robod...](https://www.theguardian.com/australia-
news/2019/nov/28/robodebt-the-federal-court-ruling-and-what-it-means-for-
targeted-welfare-recipients)

[2] [https://www.abc.net.au/news/2020-02-28/abc-not-appealing-
fed...](https://www.abc.net.au/news/2020-02-28/abc-not-appealing-federal-
court-ruling-on-afp-raids/12008886)

------
frankzen
The idea that this won't be abused is nuts after seeing what's already been
done by the likes of Facebook, Zoom, Microsoft and others. Privacy is privacy.
No one has the right to take that away.

------
ComodoHacker
I have two questions.

1\. Why are location data needed? What difference could it make vs just
contacts?

2\. Couldn't this ban be easily circumvented by telling people to install
another app that shares location data?

------
miguelrochefort
I can't imagine that working out in China.

EDIT: Nevermind. Looks like this only applies to apps using their new contact-
tracing framework.

------
jaimex2
Here in Australia our Covid tracing app is already out.

It uses Bluetooth proximity logs and local storage unless you test positive
and are asked to upload.

I had a look at whats in the apps DB and it seems it just keeps a log of
unique ids it bumps into. When you test positive and upload I'm guessing it
publishes those unique ids if the logs show over 15 minutes of contact.

The government already have our locations via cell towers so they just have to
match the data if they really wanted to.

~~~
crushthecurve
A misunderstanding is that this system results in instantaneous contact
notification and isolation (which is what one of the original papers on
digital contact tracing efficacy assumes).

The reality is the entire 'human in the loop' contact tracing process is still
manual. Health staff working in state contact tracing teams still need to call
and interview every contact to determine whether they could be considered a
close contact from an epidemiological perspective.

Also consider that close contacts include anyone you've spent more than 2
hours in an enclosed room with.

So that immediately limits the utility of any bluetooth proximity app: you
still need an entirely manual process for home, work, social gatherings - any
situation where you are in an enclosed room.

We've taken a deeper look at the assumptions and expert opinion, both from
individuals and institutions, which appear to discount this kind of system
from providing significant value.

Even the product lead of Singapore's TraceTogether app, as a natural advocate
for this kind of initiative, admits the technology is oversold and is only an
additional tool (due to the significant potential for false positives /
negatives):

[https://blog.gds-gov.tech/automated-contact-tracing-is-
not-a...](https://blog.gds-gov.tech/automated-contact-tracing-is-not-a-
coronavirus-panacea-57fb3ce61d98)

~~~
jaimex2
Thanks for the insight.

Why wouldn't they just auto-alert anyone who came in adequate proximity to get
tested though? Surely there is some benefit to letting people know they need
to be extra careful now and get tested ASAP.

All the manual human work can continue as normal.

~~~
crushthecurve
If someone is determined as a close contact they have to legally self-isolate
for 14 days regardless of symptoms or test results.

The policy there probably reflects the understanding that people in the early
stages of infection won't test positive or exhibit symptoms.

------
estebarb
The GPS data couldn't be "rounded" to have less precision, depending on
population density?

~~~
smeyer
Wouldn't that sort of defeat the point here?

Contact tracing apps want to use location data to know when I might have been
in contact with someone. If you do something like round the data to a suburban
neighborhood or a densely populated city block in Manhattan, you can't
effectively contact trace.

Any granularity of data that is useful for contact tracing would seemingly
raise the same concerns that are leading to them banning this.

------
ufo
Does anyone know if the original statements from Apple and/or Google are
available online?

~~~
hashemian
I believe it comes from here:

[https://blog.google/documents/72/Exposure_Notifications_Serv...](https://blog.google/documents/72/Exposure_Notifications_Service_Additional_Terms.pdf)

Section 3.c.i

~~~
ufo
Thanks.

It sounds like this only applies to Google's own exposure notification service
and would not apply to standalone contact-tracing apps such as the one being
proposed by the UK government.

------
kristianc
Somewhat inevitable that the briefing will begin tomorrow against Apple and
Google that American big tech firms are deliberately frustrating attempts to
fight COVID and wouldn’t it be better if we just taxed them out of existence.

Shame, as a UK citizen I’m entirely supportive of the stance Apple and Google
are taking.

~~~
tomatocracy
I'm not so sure that this type of framing will work so well in the UK. I
suspect a lot of the press will jump straight to "it's because Dominic
Cummings wants to benefit his mates who do dodgy data mining". Even if that's
demonstrably totally untrue, enough people will believe that narrative for it
to become mainstream.

The fact that there are plenty of other countries who are content to go with
the Google/Apple API will also neutralize a lot of this type of criticism.

~~~
PaulKeeble
I have no idea how to predict the UK public anymore. When it comes to the
snoopers charter it went by with barely a whisper from the populace and yet
when it comes to the 18+ filter on broadband something like 93% of people had
opted out on their home broadband. It's exceptionally rare to find so many
people do the opposite of default. I can't work out if the Uk public do or do
not care about privacy and their security or what but they surprise me with
their actions at times.

------
tobyhinloopen
Interesting. I wonder if countries will try to force them to re-enable it

------
Fiveplus
What is the status of contact tracing apps in the United States?

~~~
skybrian
Not launched yet.

------
known
Under the cover of coronavirus, governments punish adversaries and reward
friends [https://archive.vn/Ea2qr](https://archive.vn/Ea2qr)

------
HABytes
Awesome but not yet launched.!

------
baybal2
Will they boot existing contact tracing apps with GPS from the App Market?

------
elisharobinson
this is a text book cluster fack

------
mrfusion
I’m so confused. Can you opt out of this?

~~~
djrogers
Can you opt out of installing an app? Is that actually what you're asking
here? If so, yes..

~~~
mrfusion
If Apple wanted to they could force your phone to install an Unremovable app
or just add in the software in an update.

~~~
AlexMoffat
This is not just a straw man it's a straw giant.

~~~
mrfusion
True. I just haven’t been following this. I’m glad to hear it’s completely
voluntary.

~~~
azinman2
Which is very unfortunate, because it means it'll be far less effective.

------
Gollapalli
Yes. I believe them. Totally. The borg has my best interests at heart. My big
brothers Apple and Google will look after me.

------
goindeep
Horrible.

------
cat199
if the goal is 'privacy', I'd think contract tracing is every bit if not more
more of a privacy concern than is location

~~~
azinman2
How so? You're an anonymous identifier in this system.

------
alkibiades
even without location tracking it’s creepy. what happens when the govt contact
traces a man with his mistress and then blackmails him?

~~~
sjwright
I laugh at conspiracy theories which revolve around the Government paying
special attention to normal individuals.

Dude, Governments have the power to tax millions of people. They don’t need
your piddling bribery money. It’s too much work for too little reward.

~~~
macinjosh
It’s not about the money and it’s not about “normal individuals”, whatever
that means.

Law enforcement and intelligence agencies find this sort of information useful
to further their agendas.

~~~
sjwright
Then (in your absurd hypothetical scenario) those agencies are being
incredibly stupid, they're wasting their time on on high risk / low reward
strategies.

Oh wait, you're probably talking about the United States? It's scary how
fucked up that place is just millimetres below the surface.

------
swirepe
They have to protect their valuable behavioral surplus.

------
brevityism
I am sure most people would agree life > privacy any day.

Edit: But then again, if there was an option to opt out that would be great
too. Got to give people options!

------
nitinreddy88
Good luck implementing it in other side of the world (India). You can't refuse
if Govt mandates it. So what's the point in Apple and Google wants to control
Privacy. I can trust Govt more than Greedy Private companies.

~~~
ksml
Just curious: why do you feel you trust your government more than "greedy"
private companies?

------
cratermoon
So GPS for me but not thee?

"Privacy experts have warned that any cache of location data related to health
issues could make businesses and individuals vulnerable to being ostracized if
the data is exposed."

Apple and Google already have that data in-house, it's just as vulnerable as
any data.

How is this not an absurd stance?

~~~
ghshephard
I can't speak for Google, but I know that Apple goes out of their way not to
have any clue where your are. For example, when you do mapping directions, you
get issues multiple single-use codes, that are refreshed during the trip, so
not only does Apple not know what directions you asked for, they can't even
associate the trip with a single entity.

When you say, "Apple has the data in-house" \- what are you referring to?

~~~
viraptor
> they can't even associate the trip

That's assuming the single-use codes are not persisted on the other side.
Maybe they aren't.

"Apple has the ability to have the data in-house" / "Apple promises not to
have the data in-house" would be more precise. The rest relies on the current
behaviour and T&C.

------
smallstepforman
I’m genuinely suprised that an implementation came out so quickly ... one
would think the pandemia must have been advanced before the government even
considered doing this ... and here we are with Android and iOS approved apps,
with bluetooth and permission solutions made by a team of available engineers,
implementing goverment documented requirements ... hmmm

~~~
Slartie
There is not a single app using this API in "approved" state, let alone active
use. The API is kept very simple, its implementation has just entered a beta
stage, and the Bluetooth tech it uses is almost a decade old already. And the
entire idea of contact tracing via BT has been discussed for months already by
several teams worldwide and already been implemented a few times in various
ways, so it's not exactly new either.

But don't worry, just go on with your demonstrative "critical thinking"...

