Will they use it and risk the public asking how they came to know so much, as if by magic?
I'm hoping after this is all over perhaps the public might finally be in a mood more conducive to sitting down and discussing things in a reasonable manner, without the involvement of government and their corporate influence, and ideally on a platform with minimum censorship, and has a solution for dealing with ideological issues that have ruined so much of the rest of social media.
Which is based on discrete data from a graph built from phone calls, fixed line locations and SMS/email meta data. It doesn't have (from the Snowden dump) selectors for intersecting location tracks. TBH, I just don't think that is the way the FBI finds dead drops.
They were already drowning in data, and as reported recently, basically no arrests from it in years. It can't detect terrorists -- no Americans, not foreigners, fascist or religious extremists, any better than stuff the FBI was already doing.
This should've happened a long time ago. I really think there should be more cooperation between governments and tech companies so they can come up with solutions like this much faster like they did in China
Explicatory edit: The CCP, like every government in history, is motivated to conceal its human rights abuses. China also lacks a free press, an important window into its current events. Accordingly, there are obstacles in the way of justly assessing China’s response to this crisis.
Wouldn't it make more sense to work with the cell service providers? Surely at least some people turn off location permissions? I would think the cell service providers have much more reliable data.
They have cell location data, but could have quite a few people in it. They already have this data, and I would guess that they find it useless for contact tracing. In contrast, Google/Apple and to some degree fb have super accurate traces of exactly which shops and offices you went to.
> I would think the cell service providers have much more reliable data.
Google tracks location history from GPS and this is accurate to at most a few meters and it can be use to check if people walked by each other on the street.
As far as I know phone service providers don't have anything similar. The cell you're connected to can cover an entire neighborhood.
That was true for GSM, but 3g & 4g have directional signal management, and track location to enable cell 2 cell handover. Information is limited inside.
I wish our politicians would just fucking own it and declare their own surveillance state rather than this bullshit death of a thousand cuts public/private partnership horseshit.
They already have a mechanism to do this -- it's called a John Doe (wiretap) warrant.
What they really want is full take -- the complete location movements of the US population. This would be useful for COVID-19 tracking ... and authoritarian control.
If you're following HK/China, you know that they are already doing this tracking. Visitors and quarantined people are being required to do this in HK by a number of reports.
I'm curious, if I have no internet access and gps turned off on my phone (Samsung Galaxy S7) is there still hidden shit which is tracking my location? .. Like, is GPS not really turned off for example?
> I'm curious, if I have no internet access and gps turned off on my phone (Samsung Galaxy S7) is there still hidden shit which is tracking my location? .. Like, is GPS not really turned off for example?
Your location can still be determined by at least your service provider based on the strength of the signal it emits as received from the (presumably various) antenna sites in the area.
You can’t use a phone without the tower knowing where your phone is. When data is sent to you it’s not transmitted via every tower in the country; it is sent out only via the tower to which your phone is associated.
The only way to avoid this is to turn your phone off/disconnect from the network. Sadly network access and coarse location logging are impossible to unlink.
GPS is receive-only. You'd need substantial power to hit geostationary satellites.
If you truly have no cellular or WiFi connectivity, nothing will be tracking your location. However, hardware kill switches are the only way to be sure of that. Or physically messing with the hardware.
‘in moments of crisis, people are willing to hand over a great deal of power to anyone who claims to have a magic cure—whether the crisis is a financial meltdown or, as the Bush administration would later show, a terrorist attack’ (Naomi Klein, The Shock Doctrine)
Klein has gotten lost in the anti-Trump personality rhetoric, she should re-gain her focus on the critic of society / anti capitalism roots. Basically a Democrat would be doing the same things as Republicans with regards to her warnings but you don't get as many books sold if you say that. And its more comfortable to think that if you just change one person it will all change than knowing that one removing person really doesnt change much.
Maybe law can be created to allow state/local government to collect and use such info when "declaration of local infectious deceases emergency" by state governor. Especially allow for department of public health to access the Google's Sensor Vault data in emergency situation.
I would support that BUT I also understand how that might open the "pandora's box" for all other government requests/laws like the existing geofencing warrant.
If the government asked for constant location data in exchange for $1k / month "UBI", most people would take that, and they'd be silly not to because that's likely the highest price their data will ever fetch.
Things don't happen by coincidence. If we ever wake up from this human containment experiment, we may find ourselves in a world where the panopticon is already in place, and there is no escape . The intelligence agencies are watching us. The tech companies are watching us, and many people in this forum have contributed to that. 5G is the new incarnation of the surveillance state. It connects with every available device in its vicinity. It can generate 3D images of the insides of buildings. But the mm frequencies are absorbed by the transmitter's surroundings, so we need transmitters everywhere. If the frequencies get absorbed by trees, then they also get absorbed by the human body and brain. This massive project is not about giving people faster internet speeds.
"The Fed" refers to the Federal Reserve, not federal agencies, branches, or the government in general. Not to be confused with "feds," referring to federal agents individually or in general.
Also, the submission title is simply missing a word: the article uses "Federal government in talks [...]" which is a very conventional usage, whereas "Federal" as a standalone noun is considerably more rare.
> We don’t know exactly what this new future looks like, of course. But one can imagine a world in which, to get on a flight, perhaps you’ll have to be signed up to a service that tracks your movements via your phone. The airline wouldn’t be able to see where you’d gone, but it would get an alert if you’d been close to known infected people or disease hot spots. There’d be similar requirements at the entrance to large venues, government buildings, or public transport hubs. There would be temperature scanners everywhere, and your workplace might demand you wear a monitor that tracks your temperature or other vital signs. Where nightclubs ask for proof of age, in future they might ask for proof of immunity—an identity card or some kind of digital verification via your phone, showing you’ve already recovered from or been vaccinated against the latest virus strains.
The government tracking everyone's location all the time would be/is a gross infringement on privacy. The government tracking everyone's location for a limited time period in order to curb a deadly epidemic seems much more reasonable. The difficulty is trusting them to give back that power when the crisis is over. If not for the experience of the Patriot Act, I'd be more inclined to give the benefit of the doubt there.
Still, if this were done in a truly open way, and the criteria for ending the program were clearly specified at its outset, it's something I could support. Looking at the Chinese response, advanced and extensive contact tracing has allowed them to restart significant commerce in areas where initial outbreaks have been controlled through social distancing. Doing the same here might not only save lives, but also livelihoods.
Of course I would be nervous about the potential for overreach, misuse, and acclimatization. But if the allowable uses and time-frame were set into law, perhaps those concerns would be outweighed by the potential benefits.
This is happening already - anyone who use Google map has their location data collected for the past 10 years with default setting. Police can issue geofencing warrant against the location/time and Google will share that data.
I read the first one in detail, and it's not Google Maps, but worse, it's cell phone location data for all phones, for up to a decade, probably more, in a database called SensorVault. So it can be used as a global surveillance database.
This is not surprising, since data companies always have a database like this, but we should have privacy laws in place to limit retention time and access.
> But if the allowable uses and time-frame were set into law
They were with the Patriot Act, though. And many of its provisions are still being routinely extended.
The problem is that once all this data starts flowing in, government agencies who want to use it will find loopholes to apply it in scenarios it wasn't intended to be used, but which the law didn't anticipate. And then, once it proves useful for something important, they'll point at it as the evidence that it's too useful to allow to expire. Again, we've seen that with Patriot Act - originally passed solely to "combat terrorism", DoJ is now justifying their asks for extensions by, among other things, the need to fight child porn. Which means that any politician who votes to not extend it, risks being painted by their opponents as aiding and abetting sexual predators.
This has all the potential to be an order of magnitude worse. A real-time location database for practically every person in US would get all law enforcement agencies salivating immediately. And worse yet, it will actually let them solve otherwise unsolvable crimes etc, and set up a showcase. Probably terrorism and/or child porn again, because it pushes so many emotional buttons at once. And who would dare say that it's not justifiable, because child porn is less of an issue than coronavirus? More importantly, who would get elected after saying that?
That's the real danger of creeping police state - it works more or less as advertised, and it's just too easy to ignore all the "abstract" stuff about freedom and privacy (until you're its target - but most people don't expect to be one, and most of them won't be). So every inch that it gets is nearly impossible to wrestle back.
Is it reasonable to track everyone's detailed location during a pandemic though? What purpose does it serve in the absence of good molecular testing info, which would be an even grosser violation of privacy?
General levels of social distancing can be gleaned without phone location info. All you need to do is have police drive around and look.
The problem with requests like this, for detailed phone data, is that everyone can imagine vague benefits in the abstract, and wants to be helpful, so you're more willing to cede protections of privacy (which are ultimately protections of liberty). But those vague abstract benefits don't necessarily translate into actual benefits if you think it through.
I don't see anything necessary about phone surveillance at this time whatsoever. What is necessary is mass testing.
It's very helpful, because as soon as someone has symptoms or tests positive, you automatically know everyone they've come into contact or close proximity with, and can have those people isolate. You can also better determine whom to test, since there is nowhere near the testing infrastructure to blanket test everywhere.
In China they also have an app where anyone can see locations where an infected person has been, and how recently, both so they can avoid those places, but also so they can feel more confident being out in society otherwise (in areas without significant current outbreaks). This video demonstrates how it works in one Chinese city: https://www.youtube.com/watch?time_continue=4&v=YfsdJGj3-jM&...
I agree with many of the problems pointed out, but it does appear that the benefits during the pandemic would be significant.
There is no need to track everyone's location, even for a limited time.
South Korea only tracks the locations of people who were confirmed to have been infected, and cross-checks their location data with CCTV footage as well as credit card records. That's a lot of data, but only for certain people. For each case outside of the Daegu area, local governments are tasked with publishing a list of locations and timestamps -- easily visualized on a map -- to help others figure out if they were in the same place at the same time as an infected person. There is no need to track the other people, as they would show up at testing centers on their own. Also, the people in charge of doing all the tracking have no obvious ties to law enforcement. The government is not a monolithic institution; there are both legal and technical barriers to sharing data among the various agencies. The police in S.K. only gets involved when known-infected people refuse to cooperate, since it's a crime to interfere with an epidemiological investigation.
I'm not sure who "the feds" referred to in the article are, but if they have any ties to law enforcement or are asking for data about an unnecessarily large number of people, beware!
Once you know someone was infected, you need to go back and see where they've been up to that point. That's only possible if you're tracking everyone. Of course you don't need to keep the tracking data on everyone for more than ~14 days.
Yes, there are other ways to do this tracking and contact tracing, but they are much more labor-intensive and imperfect. Governments can and should still do this, but once a certain percentage of the population becomes infected, it's no longer feasible. Also the more contacts that are missed through these tracking measures, the more potential avenues for spread. Hence the attractiveness of a system that would both be more comprehensive and require much more manual work.
The interesting thing about ideas like this is that they reveal how authoritarianism during times of stability does a terrible amount of damage during times of crisis.
This is the sort of problem that could be solved in a better world; collecting location data to find interactions between people would allow you to get them tested faster and prevent a disease from spreading. But it simply can't be done in this country primarily because everyone has the entirely reasonable fear that the feds want this power for nefarious reasons and will never give it up - and they're probably right.
If we had a society where privacy was an absolute right, and civic trust in our community organizations and institutions was built up over time, during a crisis like this one we could come together and find agreement on a way of providing this data to a responsible institution that would use it only for the purpose of saving lives and then delete it when the crisis was over. And they'd lose access to future data at that point too. Anyone who still didn't trust the communal institutions could opt out, but the point of building up this trust is that it makes people want to work together and feel safe doing so.
We're so far from that in this country that we're not only paranoid about privacy issues, it seems altogether most likely that our secret agencies are actively planning to exploit this crisis to be able to spy on us in the future.
I don't know, maybe it is. Maybe the politics of our world simply are that cynical and won't allow for such a thing to exist. But I guess I'm hoping it isn't. I'm trying to imagine how a non-authoritarian institution would work; it wouldn't have the "authority" to compel anyone to turn over their data, but just about everyone would have enough trust in the community and its decision making process to be okay with it.
What I guess I'm asking is ... what if the organizations we built looked more like the WHO, and less like the CIA?
Personally, I think the only way we will retake our privacy is when hobby level, readily available hardware, software, and 3d printable parts enable hobbyists to create “good enough” phones with encryption and privacy options that won’t exist in mass market phones.
Then an enterprising startup can deliver marked-up, preassembled devices, then people might have privacy again.
The goalposts on "good enough" keep moving. When everyone else has a holographic direct-to-eye refraction display, people are going to be as disappointed in a 2020-level smartphone as people were with OpenMoko devices, which still had a pressure-sensitive touch screen with a plastic stylus when the iPhone has just come out with its relatively massive capacitive multitouch display.
I was disappointed with the OpenMoko for many reasons, but the screen wasn't one.
Things like it wouldn't read my sim (bug 666), the stylus was almost required, but there was no place to put it, audio issues, sleep/wake issues, poor battery indication and tricky to charge from a flat battery.
Sure, the screen was kind of small, but the resolution was high, so you could claim hidpi before Apple invented it?
Depends...'good enough' goalposts are for a particular audience. Technophobes seeking privacy are certainly less motivated to upgrade to a holographic direct-to-eye display, than a technophile.
Personally, I like the idea of a Fairphone with Lineage/MicroG.
I say like the idea of as opposed to use as currently Fairphone is out of my budget and I can't find a phone in my budget range that's supported by Lineage/MicroG so I just have somewhat reliable <£100 phone with as much de-googling as I can while still having normal android.. (Not much)
Edit: the bonus of phones in this price range is like Fairphones they almost always make it easy to quickly remove the battery so you're certain nothing's running.
What if information could be revoked? Imagine the government suspects me in some investigation. I give them a key that gives them all information about me and my recent activities. Then once some period elapses, I revoke that key and they no longer have any of that information. Nor, of course, were they able to copy or independently distribute it in any way when they had it.
This is probably pure fantasy, but if there was any way this scenario would be possible, I think it would go a long way to assuaging people's concerns. As it is, we know data can be copied and distributed without permission. That's kind of been the underlying problem of spies throughout the history of the world.
I think this concept is where Stephenson was going with Snow Crash, but his scenario for this seemed like fantasy as well to me.
I maintain that copying is fine in some or a lot of cases because stale data has a diminishing ROi and eventually becomes useless. Doesn’t mean the govt couldn’t amass data from multiple sources to provide a complete picture of you. But you just proposed DRM for your personal data and we all know about the analog loophole...
Every time I think about this issue, the closest I can get is a distributed world of APIs, where everyone hosts their own data [however], and for any service whether it be government, commercial, work, friendly, etc, the entity's agent makes an API request and gets a result. But that result isn't the data - it's a privacy-focused result that can be used in place of the data.
The simple example would be "I'd like to send indigochill a gift", which would send a request to your API (with some notification for you to approve or deny receiving said package) and return an id that could be written or printed on an envelope. That id is unique and the mail service would scan the id and the package would be routed. And the mail carrier would scan the id and get an actual address (or a blip on their map of the block or something). Nobody along the way has learned your address or name or anything - nor do they know my address, which is just another unique id.
There are some very interesting implications in that data can become stale so quickly. If you approved of receiving the package but were out of town for the week, the package could be routed directly to you without any interaction whatsoever. Nobody along the way would know the difference between your home or your hotel room.
The same could easily be done for lots of personal data. Phone numbers, email addresses, etc. All your shopping history could be stored on your own private data store and the local grocery stores would send out a mailer "Address this mailer to all people in the neighborhood who have purchased discounted burgers in the past month". The store doesn't know who is getting the flyer, but the people who would be likely to use a coupon for buying burgers would get a notification and likely go buy some burgers on sale - or reject the notification and not be bothered - to the savings of the store and the recipient.
Social Media could still exist with this sort of thing but the services would be querying engines rather than the creepy data warehouses that they've become.
This of course gets significantly harder with the queries this article is about, but the idea is the same. Instead of "give me everyone's location for the past month", the request would be "give me the anonymized ids of people who have been to x locations for x amount of time within x amount of space between one another". The response would provide data that could be used for the purpose in question, but the underlying data remains private.
I've been pondering this idea on random occasion for about 15 years, but I don't care enough about it to make it my life's work. But I sure would like to live in a world with that level of data ownership and privacy.
Sounds like an interesting possible world that might one day get built.
In the meantime, sounds like most likely outcome is the government hits CTRL C, CTRL V on Facebook/google’s user database and starts a China/Tencent style SQL dB on every American.
Or even more likely, this already exists and now the government can start using it more openly.
This could be possible if the data is stored encrypted in a public ledger (blockchain), which has time-locked script functions that permit another key to decrypt certain pieces of data for a limited duration. I think something like this is a primary goal of most decentralized identity projects, some of which have been underway for around a decade.
Of course none of this stops the person with temporary access from making a copy to save forever. I doubt that problem has a technical solution but would love to be proved wrong.
I think the solution would be sending as little data as possible to answer the query, and choosing which/how many queries to respond to. Any large scale requests for data would have to be designed in a way that minimizes intrusiveness or risks being largely ignored. I don't think there's a great way to counter spoofing or sending garbage results without sacrificing user control, but the onus to de-noise should be on whatever institution is attempting to collate data. Additionally, if it's an opt-in system focused on public good there would generally not be much incentive to mess with it as long as users are somehow verified as being in the community (cert generated/granted once after initial identity check, etc). Sadly this is all very pie in the sky at the moment, the amount of cultural change + added infrastructure required for any system like this at the scale of a country would be insane
That's a good point. A common example is how a bar doesn't need to know your birthday, let alone your home address or driver license number, but right now it's common to hand over your entire id. All they need is a yes/no answer to "is this person 21+ today?"
What if information can't be revoked on systems outside your control? That's the reality, however many secret handshakes you do, blockchain, etc, eventually some person or process knows something and can do something with it (e.g. copy it).
You could pull a gmail and say, there is no human in the loop, it's just a process of personal data ingestion and ads come out the other end. That might be more comforting if it was open source, but even open systems have things can be hidden in obscure technical details.
The truth is, we are all human, including our leaders. Your average human is weak and susceptible to trading a vast privilege like having control of everyone's whereabouts for favors (e.g. money, position, control, sex, etc...).
I'm a sucker for an open source process (e.g. robot) that would look at the data and tell us who needs to be quarantined, but again, you still have human technical people, with all their failings, controlling the system (e.g. source code). How much do you trust the open source process is a matter open for debate.
It exists. Its not that people "don't allow" non-authoritarian institutions/solutions. Its that they have their own limitations in dealing with complexity. Rationality is Bounded. Know what the bounds are. Read some Herbert Simon - https://en.wikipedia.org/wiki/Satisficing
Look at the EU. There is no dearth of cockups there, even though their instinct at everything is non-authoritarian.
I disagree that "large" authorities could be fantastic. Authority, like most things, is better when smaller. For one thing, a small authority is more likely to notice those people subject to it.
Just to be clear, I don't subscribe to it. But I have noticed that pretty much any time anyone has a good idea, their next idea is to force everyone to do it.
I would trust the CCC or the EFF with this I think, and the other paranoid fighters for privacy. But only as long as it takes for the to rotate their members enough for takeover by others.
We've seen that wit smaller political parties as well. When membership suddenly become a viable path to power things change in the structure and people.
I agree. Once you cross the point in organizational size where people stop feeling personally responsible for the organization and start feeling responsible to the organization it starts behaving like a sociopath in pursuit of whatever it's official goals are (shareholder value, catching criminals, etc).
You can mitigate this to some extent by having one or a couple people who are personally responsible for the whole organization (royal families in monarchies, the owners of privately owned companies, etc) but then your organixation is not resilient to bad leadership.
I agree. Ironically the measures that should have increased national security are endangering social contracts established around fundamental rights in a way the opposite is achieved. But I guess you are preaching to the choir here...
But that aside, I don't think the measure would be worthwhile even now. Instead focus should be to fortify local health services and provide support where needed.
A damaged believe that fundamental rights are compromised has of course negative repercussions on the willingness to cooperate with authorities of any kind.
Trust cannot be enforced and authority is always limited. I wouldn't call it paranoia, because in that case the respective fears aren't confirmed that often by people now in solitary confinement because some hot shots thought they were in control and did was was allegedly necessary.
> a responsible institution that would use it only for the purpose of saving lives and then delete it when the crisis was over
The UK managed to get rid of ID cards in 1948 on pretty much this basis. The problem is, that war ended, but the one started on 9/11/2001 hasn't. For temporary authority we need both clearly defined end conditions, a belief that they will be reached, and faith in the authorities to work in good faith towards the ending of that crisis.
It just shows that different people have different triggers that makes acceptable for them to restrict basic rigths and liberties. For some it is terrorism or child pornography, for others it is pandemic.
We do not really need to find agreement, it would suffice if mobile operators implement opt-in that could be easily enabled in web portals. Then society can just advertise this opt-in.
> This is the sort of problem that could be solved in a better world; collecting location data to find interactions between people would allow you to get them tested faster
NO. Global data about who interacts with who and where should NOT be available to anyone. Especially NOT to HEALTHCARE orgs, I couldn't imagine less trustworthy and skewed-incentives institutions! At least you can trust that a country's secret service like your NSA would keep most of that data safe (as in "safe even the eyes of from judges & prosecutors unless you have a national security issue" etc.). Like in I'd rather have +10k deaths from preventable contagious diseases per year and take the chance of being amongst them then having this on a wide scale.
> civic trust in our community organizations and institutions was built up over time
You have no reason to trust anyone and anything. Stop doing so.
> a responsible institution
There's no such thing. Any institution should be considered thoroughly corrupted in the absence of evidence to the contrary.
> our secret agencies are actively planning to exploit this
It's their job to do so! If you want to provide solid security in globally connected world the "protectors" need to be a bit above the law - it's OK as long as what they collect stays in their archives and you prevent them from holding political or financial power.
The point is to build societies that can function TRUSTLESSLY and where everything is SECRET BY DEFAULT unless explicitly shared.
That's the only way to have an open society! Sure, in small isolated pockets you can have your "trust" in institutions and stuff.
Otherwise it's a choice between:
(1) accept framework of trustlessness + secrecy-by-default + broad exceptions for security agencies mostly as long as they DON'T share data with anyone (no, not even to "save lives", unless you're taking more than thousands...)
(2) drop the global interconnectedness, drop most free travel and work (I don't mean relocation - you'd also need to drop the kind of temporary travel that can't be easily monitored!), move to a more localist society - here you can have trust in the institutions of your own "pocket" that you voted for yourself.
Unfortunately it seems that the pendulum will now swing towards (2) as you seem to say you prefer - ...too bad, I'm sure we could've made the global-village thing work too :( probably we need to try again when tech advances a few extra steps, eg. neural-interfaces + pervasive-AI + usable distributed financial tech. and use the tech properly to make the openness and interlinking irreversible!
I had this conversation with my dad a month ago, are we not already past the point of no return on this? Can’t the government legally buy purchasing data from credit bureaus and other vendors? Can’t they legally buy location data commercially from at&t and other entities? Don’t they already do it anyways to monitor food shortages etc,?
It’s not a question of can they, but have they yet. Don’t police officers already have access to this data therefore the feds definitely do?
The boom in location based advertising a decade ago was the final nail in this coffin because it made the availability of location tracking data required and highly accessible.
Privacy should be a right. In the USA it should be up there with the Bill of Rights. The only way it can be gone around is with a warrant or something similar. Cops don't like that and neither do police state regimes.
I have been somewhat conflicted/despairing about Taiwan’s response (only 77 cases and 1 death as of right now, 2020-Mar-17, despite reslly cloze ties with China and an almost equally early onset) since I read this: https://jamanetwork.com/journals/jama/fullarticle/2762689 a couple of weeks ago. Paragraph 2 is especially instructive. I have historically been dead against the type of cross referencing and identification this article discusses, but their capability for pulling multiple disparate sources together to allow tracing, categorization and enforced tracking of all individuals is massively impressive. We really need to either figure out a way to execute on these capabilities without revoking privacy, or else accept that some granting of privacy (whether to Google or another entity) will be inevitable.
Even if we gave the feds access to cell phone data and even if we allowed them to cross reference it with border points of entry, it would be useless. Cellphone data doesn’t have a common data entry with info you give at the border, additionally even if that part worked: we don’t have a single EHRS. So getting that info to the people that need it would require some sorta convoluted fax scheme. Basically, there’s nothing we can use from what Taiwan did so don’t feel bad about it. (also at this point it’s no longer being spread by ppl coming from outside, its ppl inside the country giving it to each other.) We need to do two things to be ready for the next pandemic.
1) Come up with a system for tracking it at points of entry.
2) Create a system and process for containment once it’s no longer contained.
I've been posting that link in various comments on the web over the last week, it's a very interesting article. But Taiwan is not the US; they have shown a very healthy trend away from authoritarianism over the last 33 years since the lifting of Martial Law in 1987 (and the 40 years of 'White Terror' [1] that preceded it).
Also, on the question of authoritarianism, I think there is a case for greater tolerance of it during a defensive war, where a nation is battling for its survival. And I think a pandemic can be characterised as a defensive war against an invisible, completely merciless enemy. Not to say that blanket authoritarianism should be allowed but measures that make sense and help in the battle should be shown greater tolerance for a limited duration. Of course this is the whole idea behind (duration limited) emergency powers legislation. Going back to Taiwan, their 40 years of martial law also shows the risk of abuse, however I would describe the KMT as an invading power, not a native, somewhat trusted authority (as is more the case with their present, democratically elected government).
> however I would describe the KMT as an invading power, not a native, somewhat trusted authority (as is more the case with their present, democratically elected
A Taiwanese friend mentioned that the majority of indigenous peoples of Taiwan support the KMT rather than the DPP (the current party in power).
I suppose for them, all Han Taiwanese are “colonists” but the KMT gave them more benefits.
I suggested something similar but based on using Bluetooth and running an app locally. This would be more sensitive to proximity while potentially giving away slightly less data about exactly where you are, and easier to opt out of, either temporarily (while at home say) or completely.
There could also be the option of logging nearby Bluetooth addresses locally only and looking up an online database of infected owners, or submitting collected data online to allow aggregation and preemptive notifications of potential exposure before symptoms show
I was thinking along similar lines. Maybe it's possible to use BLE for this (don't know if the standard PXP profiles would be applicable or you'd need something else).
You could also have app-level 24-hour rolling identifiers to prevent non-infected people's contacts from being correlated over time, even locally—if that would make people more comfortable using such an app. (The app would have to keep track of all its previous identifiers; if the user is found to be infected, all their previous identifiers would be marked as such in the database.)
Some challenges off the top of my head:
- What polling rate is needed? (How do disease experts define a "contact"?) What's the battery impact?
- What fraction of the population has BLE-capable phones?
- What fraction of the population keeps their phones physically on their person as they go about their day?
- Can distance be roughly inferred from RSSI? Does the mapping of RSSI to distance vary much depending on the transmitting radio / phone model?
- If you live in an apartment, you might be identified as a "contact" of your neighbor even if you never breathe the same air, etc.
Israel started using cellphone tracking as of today.
An in stable (transitional) government got an approval from the justice department.
The tracking is based on location / cell data stored at the mobile operators and should be used for tracking people around a positive covid person to send text messages asking them to get into their home to a lock down for 14 days.
Cellphone data is retrospective of course.
However, once asked to go home. Enforcement will used current location data.
They already had a law that allowed Shin Bet to collect that data without any warrants, though. And to use it for many purposes - just not an epidemic.
The _interim_ government (_not_ an actual government), which is headed by a criminal who has been evading his trials on several corruption scandals for several years, has given itself approval to access people's geo-location data, phone conversation history, browsing history etc. using some covid-19-related excuse.
The government had initially tried to have parliament authorize this measure - but the "secret services" committee, discussing the matter, did _not_ approve immediately, requiring more information. So the government just used one of the draconian powers it has... thanks to anti-Palestinian legislation.
The tracking will _not_ be limited to covid-19 patients.
It is a total travesty.
It should be said in fairness that the legal infrastructure for this has been laid over a decade ago with the "Big Brother" law and the General Security Service law. People were silent about it then, and now the chickens have come home to roost.
Cynic in me thinks that this is a request from the richest people and other elites, who want to isolate themselves from the infected, all the while blocking policies and measures that would actually help them.
I also want to point out, there are low tech solutions to track and control coronavirus spread. Simply isolate infected or suspected people, not in their homes, but in a hospital built specially for the purpose. Chinese did that.
Whether this is preferable to mass surveillance is your choice. I think it has merits and is less authoritarian overall.
Best solution to this IMO is a special app which allows you to check in, prove your virus status (have it, had it, don't have it yet). Map of other users in the area so you know you're safe. You could then use that to check in to shops etc. and not be allowed in without showing status, those who have it have to stay home and check in for a given period. Uses biometrics to ensure a given user is using it.
Apple should be working on this.
After the virus is contained or has burned out everyone deletes the app. No feds snooping at location data required.
> Map of other users in the area so you know you're safe.
I think that would be a terrible idea. Not everyone in the world is a rational-thinking HackerNews reader ;). I would imagine it would lead to cases of mob-mentality which could be very thoughtful like community support for food/necessity delivery but also cases of unfortunate mob-mentality that could be very bad.
> You could then use that to check in to shops etc. and not be allowed in without showing status
This is exactly what's being done in China. But without the map of your neighbours. Everyone (that cares to go out) has a 'green' 'amber' 'red' status code via Ali or Tencent. Green indicates fine, Amber indicates movement (provincial or international, sometimes inter-city depending on province) within the past 14 days, Red indicates suspected.
Thank you for share this post for us. This post is very helpful for me and I hope also other. Please keep update and add more topic. https://www.rangefinderguides.com/
185 comments
[ 0.23 ms ] story [ 164 ms ] threadI'm hoping after this is all over perhaps the public might finally be in a mood more conducive to sitting down and discussing things in a reasonable manner, without the involvement of government and their corporate influence, and ideally on a platform with minimum censorship, and has a solution for dealing with ideological issues that have ruined so much of the rest of social media.
Cell phone location data helps to suggest if a person has travelled to certain location with their regular phone but that is about it.
New York Times science reporter Donald G. McNeil Jr. explains in this video, and in this article:
https://twitter.com/MikeIsaac/status/1238604080571772928
https://www.nytimes.com/2020/03/04/health/coronavirus-china-...
I hope.
Explicatory edit: The CCP, like every government in history, is motivated to conceal its human rights abuses. China also lacks a free press, an important window into its current events. Accordingly, there are obstacles in the way of justly assessing China’s response to this crisis.
Google tracks location history from GPS and this is accurate to at most a few meters and it can be use to check if people walked by each other on the street.
As far as I know phone service providers don't have anything similar. The cell you're connected to can cover an entire neighborhood.
What they really want is full take -- the complete location movements of the US population. This would be useful for COVID-19 tracking ... and authoritarian control.
https://asia.nikkei.com/Spotlight/Coronavirus/Hong-Kong-tell...
Up until the virus, they were mandating no face covering so their all seeing surveillance camera network could see your face.
Your location can still be determined by at least your service provider based on the strength of the signal it emits as received from the (presumably various) antenna sites in the area.
The only way to avoid this is to turn your phone off/disconnect from the network. Sadly network access and coarse location logging are impossible to unlink.
If you truly have no cellular or WiFi connectivity, nothing will be tracking your location. However, hardware kill switches are the only way to be sure of that. Or physically messing with the hardware.
https://www.commondreams.org/news/2020/03/17/we-know-script-...
I would support that BUT I also understand how that might open the "pandora's box" for all other government requests/laws like the existing geofencing warrant.
https://en.m.wikipedia.org/wiki/List_of_national_emergencies...
Also, the submission title is simply missing a word: the article uses "Federal government in talks [...]" which is a very conventional usage, whereas "Federal" as a standalone noun is considerably more rare.
I'll update to at least be colloquially correct.
Thanks!
> We don’t know exactly what this new future looks like, of course. But one can imagine a world in which, to get on a flight, perhaps you’ll have to be signed up to a service that tracks your movements via your phone. The airline wouldn’t be able to see where you’d gone, but it would get an alert if you’d been close to known infected people or disease hot spots. There’d be similar requirements at the entrance to large venues, government buildings, or public transport hubs. There would be temperature scanners everywhere, and your workplace might demand you wear a monitor that tracks your temperature or other vital signs. Where nightclubs ask for proof of age, in future they might ask for proof of immunity—an identity card or some kind of digital verification via your phone, showing you’ve already recovered from or been vaccinated against the latest virus strains.
Looks like that'll cover the rest of us..
Still, if this were done in a truly open way, and the criteria for ending the program were clearly specified at its outset, it's something I could support. Looking at the Chinese response, advanced and extensive contact tracing has allowed them to restart significant commerce in areas where initial outbreaks have been controlled through social distancing. Doing the same here might not only save lives, but also livelihoods.
Of course I would be nervous about the potential for overreach, misuse, and acclimatization. But if the allowable uses and time-frame were set into law, perhaps those concerns would be outweighed by the potential benefits.
https://www.theregister.co.uk/2020/01/18/google_geofence_war...
https://www.nytimes.com/interactive/2019/04/13/us/google-loc...
I read the first one in detail, and it's not Google Maps, but worse, it's cell phone location data for all phones, for up to a decade, probably more, in a database called SensorVault. So it can be used as a global surveillance database.
This is not surprising, since data companies always have a database like this, but we should have privacy laws in place to limit retention time and access.
Source: DBA.
They were with the Patriot Act, though. And many of its provisions are still being routinely extended.
The problem is that once all this data starts flowing in, government agencies who want to use it will find loopholes to apply it in scenarios it wasn't intended to be used, but which the law didn't anticipate. And then, once it proves useful for something important, they'll point at it as the evidence that it's too useful to allow to expire. Again, we've seen that with Patriot Act - originally passed solely to "combat terrorism", DoJ is now justifying their asks for extensions by, among other things, the need to fight child porn. Which means that any politician who votes to not extend it, risks being painted by their opponents as aiding and abetting sexual predators.
This has all the potential to be an order of magnitude worse. A real-time location database for practically every person in US would get all law enforcement agencies salivating immediately. And worse yet, it will actually let them solve otherwise unsolvable crimes etc, and set up a showcase. Probably terrorism and/or child porn again, because it pushes so many emotional buttons at once. And who would dare say that it's not justifiable, because child porn is less of an issue than coronavirus? More importantly, who would get elected after saying that?
That's the real danger of creeping police state - it works more or less as advertised, and it's just too easy to ignore all the "abstract" stuff about freedom and privacy (until you're its target - but most people don't expect to be one, and most of them won't be). So every inch that it gets is nearly impossible to wrestle back.
General levels of social distancing can be gleaned without phone location info. All you need to do is have police drive around and look.
The problem with requests like this, for detailed phone data, is that everyone can imagine vague benefits in the abstract, and wants to be helpful, so you're more willing to cede protections of privacy (which are ultimately protections of liberty). But those vague abstract benefits don't necessarily translate into actual benefits if you think it through.
I don't see anything necessary about phone surveillance at this time whatsoever. What is necessary is mass testing.
In China they also have an app where anyone can see locations where an infected person has been, and how recently, both so they can avoid those places, but also so they can feel more confident being out in society otherwise (in areas without significant current outbreaks). This video demonstrates how it works in one Chinese city: https://www.youtube.com/watch?time_continue=4&v=YfsdJGj3-jM&...
I agree with many of the problems pointed out, but it does appear that the benefits during the pandemic would be significant.
South Korea only tracks the locations of people who were confirmed to have been infected, and cross-checks their location data with CCTV footage as well as credit card records. That's a lot of data, but only for certain people. For each case outside of the Daegu area, local governments are tasked with publishing a list of locations and timestamps -- easily visualized on a map -- to help others figure out if they were in the same place at the same time as an infected person. There is no need to track the other people, as they would show up at testing centers on their own. Also, the people in charge of doing all the tracking have no obvious ties to law enforcement. The government is not a monolithic institution; there are both legal and technical barriers to sharing data among the various agencies. The police in S.K. only gets involved when known-infected people refuse to cooperate, since it's a crime to interfere with an epidemiological investigation.
I'm not sure who "the feds" referred to in the article are, but if they have any ties to law enforcement or are asking for data about an unnecessarily large number of people, beware!
Yes, there are other ways to do this tracking and contact tracing, but they are much more labor-intensive and imperfect. Governments can and should still do this, but once a certain percentage of the population becomes infected, it's no longer feasible. Also the more contacts that are missed through these tracking measures, the more potential avenues for spread. Hence the attractiveness of a system that would both be more comprehensive and require much more manual work.
This is the sort of problem that could be solved in a better world; collecting location data to find interactions between people would allow you to get them tested faster and prevent a disease from spreading. But it simply can't be done in this country primarily because everyone has the entirely reasonable fear that the feds want this power for nefarious reasons and will never give it up - and they're probably right.
If we had a society where privacy was an absolute right, and civic trust in our community organizations and institutions was built up over time, during a crisis like this one we could come together and find agreement on a way of providing this data to a responsible institution that would use it only for the purpose of saving lives and then delete it when the crisis was over. And they'd lose access to future data at that point too. Anyone who still didn't trust the communal institutions could opt out, but the point of building up this trust is that it makes people want to work together and feel safe doing so.
We're so far from that in this country that we're not only paranoid about privacy issues, it seems altogether most likely that our secret agencies are actively planning to exploit this crisis to be able to spy on us in the future.
What I guess I'm asking is ... what if the organizations we built looked more like the WHO, and less like the CIA?
Then an enterprising startup can deliver marked-up, preassembled devices, then people might have privacy again.
Things like it wouldn't read my sim (bug 666), the stylus was almost required, but there was no place to put it, audio issues, sleep/wake issues, poor battery indication and tricky to charge from a flat battery.
Sure, the screen was kind of small, but the resolution was high, so you could claim hidpi before Apple invented it?
https://en.wikipedia.org/wiki/Blackphone
I say like the idea of as opposed to use as currently Fairphone is out of my budget and I can't find a phone in my budget range that's supported by Lineage/MicroG so I just have somewhat reliable <£100 phone with as much de-googling as I can while still having normal android.. (Not much)
Edit: the bonus of phones in this price range is like Fairphones they almost always make it easy to quickly remove the battery so you're certain nothing's running.
This is probably pure fantasy, but if there was any way this scenario would be possible, I think it would go a long way to assuaging people's concerns. As it is, we know data can be copied and distributed without permission. That's kind of been the underlying problem of spies throughout the history of the world.
I think this concept is where Stephenson was going with Snow Crash, but his scenario for this seemed like fantasy as well to me.
The simple example would be "I'd like to send indigochill a gift", which would send a request to your API (with some notification for you to approve or deny receiving said package) and return an id that could be written or printed on an envelope. That id is unique and the mail service would scan the id and the package would be routed. And the mail carrier would scan the id and get an actual address (or a blip on their map of the block or something). Nobody along the way has learned your address or name or anything - nor do they know my address, which is just another unique id.
There are some very interesting implications in that data can become stale so quickly. If you approved of receiving the package but were out of town for the week, the package could be routed directly to you without any interaction whatsoever. Nobody along the way would know the difference between your home or your hotel room.
The same could easily be done for lots of personal data. Phone numbers, email addresses, etc. All your shopping history could be stored on your own private data store and the local grocery stores would send out a mailer "Address this mailer to all people in the neighborhood who have purchased discounted burgers in the past month". The store doesn't know who is getting the flyer, but the people who would be likely to use a coupon for buying burgers would get a notification and likely go buy some burgers on sale - or reject the notification and not be bothered - to the savings of the store and the recipient.
Social Media could still exist with this sort of thing but the services would be querying engines rather than the creepy data warehouses that they've become.
This of course gets significantly harder with the queries this article is about, but the idea is the same. Instead of "give me everyone's location for the past month", the request would be "give me the anonymized ids of people who have been to x locations for x amount of time within x amount of space between one another". The response would provide data that could be used for the purpose in question, but the underlying data remains private.
I've been pondering this idea on random occasion for about 15 years, but I don't care enough about it to make it my life's work. But I sure would like to live in a world with that level of data ownership and privacy.
In the meantime, sounds like most likely outcome is the government hits CTRL C, CTRL V on Facebook/google’s user database and starts a China/Tencent style SQL dB on every American.
Or even more likely, this already exists and now the government can start using it more openly.
Of course none of this stops the person with temporary access from making a copy to save forever. I doubt that problem has a technical solution but would love to be proved wrong.
What if information can't be revoked on systems outside your control? That's the reality, however many secret handshakes you do, blockchain, etc, eventually some person or process knows something and can do something with it (e.g. copy it).
You could pull a gmail and say, there is no human in the loop, it's just a process of personal data ingestion and ads come out the other end. That might be more comforting if it was open source, but even open systems have things can be hidden in obscure technical details.
The truth is, we are all human, including our leaders. Your average human is weak and susceptible to trading a vast privilege like having control of everyone's whereabouts for favors (e.g. money, position, control, sex, etc...).
I'm a sucker for an open source process (e.g. robot) that would look at the data and tell us who needs to be quarantined, but again, you still have human technical people, with all their failings, controlling the system (e.g. source code). How much do you trust the open source process is a matter open for debate.
Look at the EU. There is no dearth of cockups there, even though their instinct at everything is non-authoritarian.
We've seen that wit smaller political parties as well. When membership suddenly become a viable path to power things change in the structure and people.
This is the key. The power makes joining their ranks appealing to those that would abuse the power.
You can mitigate this to some extent by having one or a couple people who are personally responsible for the whole organization (royal families in monarchies, the owners of privately owned companies, etc) but then your organixation is not resilient to bad leadership.
it is not paranoia but an acknowledgement of the times we live in.
>> our secret agencies are actively planning to exploit this crisis to be able to spy on us in the future.
this is based on their past history. Like you said, it is entirely due to utter lack of trust.
But that aside, I don't think the measure would be worthwhile even now. Instead focus should be to fortify local health services and provide support where needed.
A damaged believe that fundamental rights are compromised has of course negative repercussions on the willingness to cooperate with authorities of any kind.
Trust cannot be enforced and authority is always limited. I wouldn't call it paranoia, because in that case the respective fears aren't confirmed that often by people now in solitary confinement because some hot shots thought they were in control and did was was allegedly necessary.
The smallest step up from that is running an open-source algorithm on Google's servers, for corona detection.
From that situation, maybe we could figure out a way that people would trust, enough ?
The UK managed to get rid of ID cards in 1948 on pretty much this basis. The problem is, that war ended, but the one started on 9/11/2001 hasn't. For temporary authority we need both clearly defined end conditions, a belief that they will be reached, and faith in the authorities to work in good faith towards the ending of that crisis.
We do not really need to find agreement, it would suffice if mobile operators implement opt-in that could be easily enabled in web portals. Then society can just advertise this opt-in.
NO. Global data about who interacts with who and where should NOT be available to anyone. Especially NOT to HEALTHCARE orgs, I couldn't imagine less trustworthy and skewed-incentives institutions! At least you can trust that a country's secret service like your NSA would keep most of that data safe (as in "safe even the eyes of from judges & prosecutors unless you have a national security issue" etc.). Like in I'd rather have +10k deaths from preventable contagious diseases per year and take the chance of being amongst them then having this on a wide scale.
> civic trust in our community organizations and institutions was built up over time
You have no reason to trust anyone and anything. Stop doing so.
> a responsible institution
There's no such thing. Any institution should be considered thoroughly corrupted in the absence of evidence to the contrary.
> our secret agencies are actively planning to exploit this
It's their job to do so! If you want to provide solid security in globally connected world the "protectors" need to be a bit above the law - it's OK as long as what they collect stays in their archives and you prevent them from holding political or financial power.
The point is to build societies that can function TRUSTLESSLY and where everything is SECRET BY DEFAULT unless explicitly shared.
That's the only way to have an open society! Sure, in small isolated pockets you can have your "trust" in institutions and stuff.
Otherwise it's a choice between:
(1) accept framework of trustlessness + secrecy-by-default + broad exceptions for security agencies mostly as long as they DON'T share data with anyone (no, not even to "save lives", unless you're taking more than thousands...)
(2) drop the global interconnectedness, drop most free travel and work (I don't mean relocation - you'd also need to drop the kind of temporary travel that can't be easily monitored!), move to a more localist society - here you can have trust in the institutions of your own "pocket" that you voted for yourself.
Unfortunately it seems that the pendulum will now swing towards (2) as you seem to say you prefer - ...too bad, I'm sure we could've made the global-village thing work too :( probably we need to try again when tech advances a few extra steps, eg. neural-interfaces + pervasive-AI + usable distributed financial tech. and use the tech properly to make the openness and interlinking irreversible!
It’s not a question of can they, but have they yet. Don’t police officers already have access to this data therefore the feds definitely do?
The boom in location based advertising a decade ago was the final nail in this coffin because it made the availability of location tracking data required and highly accessible.
1) Come up with a system for tracking it at points of entry.
2) Create a system and process for containment once it’s no longer contained.
Also, on the question of authoritarianism, I think there is a case for greater tolerance of it during a defensive war, where a nation is battling for its survival. And I think a pandemic can be characterised as a defensive war against an invisible, completely merciless enemy. Not to say that blanket authoritarianism should be allowed but measures that make sense and help in the battle should be shown greater tolerance for a limited duration. Of course this is the whole idea behind (duration limited) emergency powers legislation. Going back to Taiwan, their 40 years of martial law also shows the risk of abuse, however I would describe the KMT as an invading power, not a native, somewhat trusted authority (as is more the case with their present, democratically elected government).
[1] https://en.wikipedia.org/wiki/White_Terror_(Taiwan)
A Taiwanese friend mentioned that the majority of indigenous peoples of Taiwan support the KMT rather than the DPP (the current party in power).
I suppose for them, all Han Taiwanese are “colonists” but the KMT gave them more benefits.
There could also be the option of logging nearby Bluetooth addresses locally only and looking up an online database of infected owners, or submitting collected data online to allow aggregation and preemptive notifications of potential exposure before symptoms show
You could also have app-level 24-hour rolling identifiers to prevent non-infected people's contacts from being correlated over time, even locally—if that would make people more comfortable using such an app. (The app would have to keep track of all its previous identifiers; if the user is found to be infected, all their previous identifiers would be marked as such in the database.)
Some challenges off the top of my head:
- What polling rate is needed? (How do disease experts define a "contact"?) What's the battery impact?
- What fraction of the population has BLE-capable phones?
- What fraction of the population keeps their phones physically on their person as they go about their day?
- Can distance be roughly inferred from RSSI? Does the mapping of RSSI to distance vary much depending on the transmitting radio / phone model?
- If you live in an apartment, you might be identified as a "contact" of your neighbor even if you never breathe the same air, etc.
However, once asked to go home. Enforcement will used current location data.
The government had initially tried to have parliament authorize this measure - but the "secret services" committee, discussing the matter, did _not_ approve immediately, requiring more information. So the government just used one of the draconian powers it has... thanks to anti-Palestinian legislation.
The tracking will _not_ be limited to covid-19 patients.
It is a total travesty.
It should be said in fairness that the legal infrastructure for this has been laid over a decade ago with the "Big Brother" law and the General Security Service law. People were silent about it then, and now the chickens have come home to roost.
I also want to point out, there are low tech solutions to track and control coronavirus spread. Simply isolate infected or suspected people, not in their homes, but in a hospital built specially for the purpose. Chinese did that.
Whether this is preferable to mass surveillance is your choice. I think it has merits and is less authoritarian overall.
Apple should be working on this.
After the virus is contained or has burned out everyone deletes the app. No feds snooping at location data required.
I think that would be a terrible idea. Not everyone in the world is a rational-thinking HackerNews reader ;). I would imagine it would lead to cases of mob-mentality which could be very thoughtful like community support for food/necessity delivery but also cases of unfortunate mob-mentality that could be very bad.
> You could then use that to check in to shops etc. and not be allowed in without showing status
This is exactly what's being done in China. But without the map of your neighbours. Everyone (that cares to go out) has a 'green' 'amber' 'red' status code via Ali or Tencent. Green indicates fine, Amber indicates movement (provincial or international, sometimes inter-city depending on province) within the past 14 days, Red indicates suspected.
Unfortunately the GNSS (GPS) is on one chip with modem, but otherwise great feature to have killswitches for cameras and comms.
https://wiki.pine64.org/images/8/89/PinePhone_switches.jpeg
As the title makes clear, this is about the government gaining access to that information.
https://www.washingtonpost.com/technology/2020/03/17/white-h...