124 comments

[ 5.4 ms ] story [ 179 ms ] thread
They are trying to prevent both millions of deaths and and worst economic collapse in modern age. Privacy isn't as important. Fight this thing when corona-virus is over.
This is exactly the kind of dumb mentally the government wants, and you fell right into the trap. They always use situations like that to push bad stuff that won't be easy to ditch later...
People can't literally exit their houses right now. Much more basic freedoms are taken. If you think ditching that later will be hard, ditching it now when it's desperately needed is impossible.
that policy is easy to understand can be reverted easily

this is not true for surveillance systems

That is no excuse to tell people to give up their privacy. Some people value their freedoms more than you, it seems.
How many deaths is worth the increased privacy?
That's a good question. It depends on how many deaths would the increased privacy save. In the future it won't be as easy to burn the papers documenting whatever group needs saving before the invasion. On the other hand, a lot of it is already in so many private systems, that this likely makes little difference.

I'm not even sure I'm against the current application, but the question is not a simple one.

> They always use situations like that

There has never been a situation like this in the modern age. Last time it happened 50 million people died.

> This is exactly the kind of dumb mentally the government wants,

Is this supposed to be an argument?

(comment deleted)
Weird that he hid in China and Russia, spoke nothing about their horrendous violations against humanity, likely trading US secrets and eventually creating notPetya indirectly.
Surely this technology has many useful applications beyond just the pandemic. It could be used to trace the networks of terrorists, the associates and contacts of criminals, child pornographers, anti-government insurgents, political opponents, environmental protesters...

Once governments have these tools, they will want to keep them around.

Terrorists won't voluntarily publish their keys.

That's an important difference. If you want to argue against Covid contact tracking, at least do it reasonably.

Exactly what the NSA said.
Yes. It's not often I end up agreeing with the NSA but this is one of those times.
(comment deleted)
Same exact thing could be (and was) said about terrorism and the patriot act.
I agree, anyone who thinks they have privacy whilst carrying a mini communications computer in their pocket is dumb.

Remember https://en.wikipedia.org/wiki/WARRIOR_PRIDE, Pepperide Farms does.

There is no point trying to remain private whilst there is a phone where you have little control over private data. If you want privacy then you should look more towards using a collection of VPNs and fuzz your browser each time you use it. Change the installed fonts, randomize the browser window and destroy the user account that started it.

You can't do this reliably with a phone. All surveillance relies upon the user favouring convenience.

> They are trying to prevent both millions of deaths and and worst economic collapse in modern age.

Are you implying we are not already in the worst economic collapse? Is there something to prevent at this point in time?

Too late. If governments ever want to make a Bluetooth contact tracking app mandatory, they can already do so, and could have done so before this platform was created. All Google and Apple are doing is making it very marginally easier.
I read somewhere that there are beacon detectors throughout many retail stores that track people throughout the store.

That’s been in place for some time.

The technology used for this is the same as for locating your lost device and takes care of privacy in a very smart way, more info: https://www.wired.com/story/apple-find-my-cryptography-bluet...

"Apple says an elaborate rotating key scheme will soon let you track down your stolen laptop, but not let anyone track you. Not even Apple."

I'm sorry if a one word dismissal is too confronting for those who know absolutely nothing about what has been going on in dragnet surveillance in silicon valley. But see all these words I'm writing? They don't change the fact that it is impossible to be cynical enough about such fatuous claims. You'd have to be stunningly ignorant to give them more than a second of credulous thought.

Apple are not the good guys or anything like it. Trust Apple to secure you from anyone? You're utterly insane of you do.

> "but not let anyone track you. Not even Apple."

Bullshit is about the most polite response such a claim should be received with. There is not enough bile in the world for it.

Better?

This is no better, because you are not saying anything of substance. There is no engagement with fact or reality, just pure emotion and intuition. While this is good enough for some political offices, it is not typically good enough for HN comments.

If you can show the claim to be wrong, you will receive tremendous accolades, and perhaps fame within certain communities. If you just have suspicions, that's uninteresting and not useful.

It's insane such a nonsense claim was made here. Really. Why would anyone take it seriously? Make the case it should be taken seriously in the light of what we've found in the past few years. Please.

Such a substanceless assertion can be dismissed without further analysis.

If we don't like how awful the reputations if silicon valley companies are with respect such claims, having a tantrum about it doesn't change much.

If Google or Apple wanted to track the movements and activities of everyone using an Android phone or iPhone, they would just do it. They wouldn’t need to publish an API and wouldn’t need to tell you about it. They could just do it and we might never know.

So this has nothing whatever to do with trust of Google or Apple tracking us, it’s about trusting what data they share and expose via this API for virus contact tracing. That’s it. That’s why the concerns of the linked article, and yours, while possibly valid in a themselves are completely irrelevant to this specific issue of virus contact tracing.

It is utterly insane to trust Google or Apple for any reason whatsoever under any circumstance. They lie as often as they can get away with. You understand what they do, with with it or not despite any promises they make.

Fool me yet again and i feel bad so I'll trust you absolutely now? Come on!

Multiple people have asked you to support your claims with evidence. Why is it so hard for you to do this? Could it be that you have none?!
Hahaha. Oh really. You're serious?

You don't think silicon valley has performed the most massive bait and switch setting up a surveillance state? You've never heard of the NSA? You don't think Apple, Google and All the rest have literally created APIs to serve them?

The case is not one I have to make. The case for not treating "trust" with utter, withering contempt is the one that has to be made. And it has not been made. At all.

Why? Because it's actually not possible to do with a straight face.

But have a go. You seem confident at least.

> In other words, certain governments or companies ... can create an app that report the fact that they have been close to a person of interest in the last few weeks.

So this assumes that any random app installed by a user will have open access to the contact database? That seems unlikely to me, but I have not read the full spec.

Governments don't need it. The model suggested links nearby bluetooth mac addresses which get linked to the phones IMEI, and governments already have multitudes of legal ways to link names to IMEIs.
Where did you read that it links to the phone's MAC Address/IMEI? I can't find IMEI being mentioned in any of Apple's spec documents.
There isn't any IMEI linkage. I think the post you reply to is implying the link between Bluetooth MAC address to IMEI could be established by a state actor.

That isn't the case though, due to Bluetooth MAC address randomisation, which the paper does address - the 10-minutely identifiers advertised are updated in sync with the local device updating its own MAC address, to prevent correlation between the last MAC address and next one.

Cell tower based contact tracking is already used to infer someone's social graph and pattern-of-life. Bluetooth association data - even with opaque tokens - can easily be correlated with cell tower movement to refine CO-TRAVELER style analysis.

Cell-tower-resolution analysis is already very powerful - it can trivially reveal someone's associations and overall behavior. When correlated with short-range proximity data, I suspect the same analysis might reveal behavioral details within a organization ("which meetings you attend" instead of merely "what address you work at").

https://www.washingtonpost.com/world/national-security/nsa-t...

https://www.eff.org/deeplinks/2013/12/meet-co-traveler-nsas-...

In a previous life we we also able to identify the owners of anonymous (burner) SIM cards.

Even crooks and anarchists lead very predictable lives.

There’s always ALWAYS some tech extremist who can never see the good, can only EVER see the dark shadows, the spooks, the spies, the nefarious dark forces.

For these guys it’s all a matter of sticking by their extremely dogmatic “principles”.

Wouldn’t matter if god himself turned up to do good deeds for all, they’d condemn his omnipotent presence for its ability to spy and break privacy.

They’ll always come out at times like this and whine.

I’m nit saying big tech companies aren’t privacy bashing personal data leeches - they are - it’s just tedious to listen to the whiny little privacy nuts come rolling out even when there’s a positive initiative on the table - “but it’s not positive! They’ll turn it to evil and we’ll never get it wound back!” Sheesh.

One of the things I've learned over the past ten years is that those "tech extremists" were way more right than I had ever expected.

In this particular case, I'm leaning towards "this is worth it if the alternative is economic oblivion for billions of people" - but this guy's about page is enlightening: he's not some random commentator, this is very much his field.

Please mention some of the "good" that went by unseen for example during the last 30 years.
It seems well thought out from privacy side but I acknowledge their could be unintended consequences and bad actors that take advantage - but - I feel this is a price worth paying given the magnitude of the situation we are all in.
??? I don't think anybody who catches the coronavirus wants to be anonymous. There is no social stigma.

The problem is exactly the reverse: infected people would gladly tell everybody exposed, but they can't reach them since the virus spreads so easily and the exposed could be delivery drivers, people in the grocery store, etc

Unfortunately in my country - Croatia - the social stigma exists. While we have a very good situation (total of 1500 cases on population of 4M, with 20 deaths), and we are geographicaly very close to Italy, there were multiple reports of patients’ families being harassed.
In that case, the number of cases might be much higher, as people try to hide their sickness in order to protect themselves or their relatives.
Well then it's good that this system doesn't tell you who tested positive.
(comment deleted)
This article isn't about covid, this is about the longer term prospects of having corporate-government cooperation in sharing data about your day to day activities, contacts, any other information on your phone and building infrastructure to make that even easier than it is now. AND it will be deeply buried into the operating system and not a simple app that can be uninstalled, it will become integral to it's operation and always on. They also seem to have no plans mentioned about ripping its hooks out after the covid emergency is over, or a 3rd party monitoring what they are up to or the source code being open for investigation for 3rd parties.
Moxie Marlinspike has an interesting analysis on this: https://twitter.com/moxie/status/1248707315626201088
He objects to two things:

1. Doing it globally would require download of too much data, thus (contra promise of the spec) location data will have to enter. However, from what I can tell, that could be very coarse data, on the level of country and/or time zone (thus, not even necessitating access to GPS location data). I don’t see it as a major problem.

2. The “prank” danger: someone just pressing “I’m infected” for fun. One could introduce a tiered system where “I’m infected” requires some sort of authentication from a hospital/lab (a QR code on positive test results for example). There would also need to be a tier for “I have symptoms”, and yes, that could be abused/“pranked”.

Would be interesting to see a deeper analysis on both points. I don’t think they’re deal breakers.

I don't think there is any suggestion of using any kind of granular location data, be it GPS or cellular network location. Doing it per region could certainly work, and only reveal maybe 4 bits of information about location. I imagine for Europe and some parts of the world, per country could be too granular due to localised travel (at least as things ease back), but at region level you would be revealing more from your (even cellular) IP address than actually passing on a rough region of interest.
His argument No. 1 is self-defeating. If you have rapid exponential growth and would have to publish hundreds of megabytes of keys per day (and phones only need to download the delta to the previous day), this approach of contact tracing is useless and you must instead get the entire population under lockdown. If everybody is sheltering at home, nobody needs notifications of possible contacts, because everybody is doing what would be the response to such a notification already. So you can simply disable the app in a certain country or don't accept submissions to the diagnosis server during that time.

This approach, just like the manual approach of tracking potential contacts via paper and phone, is only of use in a scenario with a very limited number of transmissions and an R (reproduction rate) of around or below 1. Its purpose is not to reach such a situation, but to aid in keeping that situation in effect without severe measures. But severe lockdowns must first suppress the infection counts to such levels before any contact tracing may work at all.

I think the point with this is when the curve starts to flatten, we can _safely_ reopen the economy. Contract tracing and rapid response can end this.
> The “prank” danger: someone just pressing “I’m infected” for fun.

How about you can only check the "I'm infected" box if your phone is near the phone of a health worker?

Another idea is that you get a code in the mail from the hospital which you have to enter in the app.

In the UK, most supermarkets have an hour where only health workers can enter (quite right, give them priority). But this makes it trivial to get close enough to health-worker to execute your prank, just join that queue.
Published keys are 16 bytes, one for each day. If moderate numbers of smartphone users are infected in any given week, that's 100s of MBs for all phones to DL.

That seems untenable.

It's a lot, but untenable? If 300 million report as infected, that's 4.8 GB, coincidently the size of a DVD. So 2 hours of Netflix, 1 hour at 4k. Very easy to cache this data close to the edge, too.

> Published keys are 16 bytes, one for each day. If moderate numbers of smartphone users are infected in any given week, that's 100s of MBs for all phones to DL.

> That seems untenable.*

> It's a lot, but untenable? If 300 million report as infected, that's 4.8 GB, coincidently the size of a DVD. So 2 hours of Netflix, 1 hour at 4k. Very easy to cache this data close to the edge, too.

Just doing the math here, assuming a perfectly efficient wire protocol was used, each infected person would amount to (16 x 14 = 224 bytes) of data to be transmitted.

Assuming we see 150k new cases per day, worldwide (worldometers is reporting 100k new cases per day as the peak, and let's factor in 50% margin), this would be 33.6 MB of data per day.

Since you only need to transmit that day's data rather than the full database, a very basic sync protocol could be used here - the phone simply stores the sequence number of the last identifier handled, and it can be given subsequent data. This could even be done with a static (and thus cacheable) server if cases are chunked sequentially into 1MB chunks, and addressed by filename based on the last case ID.

For clarity here, case ID would be simply be the sequential number that a given tracing ID has in the server-side record, so you only need to fetch data you haven't already checked against.

300 million each day would be the whole world population on less than a month. At current numbers ( 13000 per day ) that’s a few megabytes without compression.
Yes. That's my point. Even if you chose a ludicrously high value -- in this case approximately the entire population of the US --, you still get an amount of data that's manageable as evidenced by the fact that various companies manage it every day.
> Or be ready to ditch your smartphone and get yourself a dumbphone.

Isn't this the standard prescription for the extreme privacy conscious individuals anyways? For the rest of us, we can always turn off bluetooth. Maybe this will bring back headphone jacks or replace the standards all together. In the mean time, some of us want security over privacy. Many of us never valued the latter much in the first place.

> However any decentralised scheme can be turned into a centralised scheme by forcing the phone to report to the authorities that it was at some point in time close to the phone of an infected person.

If the system was different, it would be bad?

This is a slippery-slope argument that I do not find compelling. The amount of surveillance that this is supposedly guarding against--govt tracking of an individual's location--is already possible with no changes to any system.

It is no more slippery a slope for raw unscrambled BTLE identifiers to be reported to a centralized system. I don't think that the encrypted system makes it any easier in the least.

These devices that we carry everywhere are huge privacy concerns, but I don't think this author is even warning about the right things. Does the author even know the amount of location tracking going on in stores, currently? The amount of data that is sold back and forth with no user knowledge or understanding?

The concerns raised here ignore the much worse reality that already exists!!

Generally I agree that location tracking is already relatively widely done, and the Apple/ Google protocol makes reasonable efforts to preserve privacy.

I do share some caution, however -- tracing 'personal contacts' by BTLE is likely much more personally specific, and hence significantly more intrusive, than just location.

If such mechanisms became more generally available they would likely become used as part of the machinery of repression in states such as China. Or everywhere (depending on our future).

Location is fairly imprecise as to social contact, but I guess the concern would be that this will be accurate enough to track dissenters, find their contacts, and accuse/ imprison you.

(comment deleted)
There are legal/ethical barriers though between google and apple sharing this stuff with the government. This is an effort to soften up the populace on "what a good thing" tracking and activity sharing with the government is and why next it should be permanent rather than just an emergency tactic. "Imagine all the good we could do if we had all the data of things you buy, where you go, who you interact with and provided that to government in a package with a bow on it". Kind of like the sunset clause on the "Patriot Act" which keeps getting renewed and is a travesty.
I'm for this. I'll opt into anything that can give us a chance to slow this thing without crippling the global economy.

You can stay safe by putting your phone in a Faraday cage if you must.

Would you rather be forced to stay at home for all foreseeable future?
I mean surely mobile phone operators already have this information? I never hear about them being subpoenaed or attempting to deny requests, makes me think the make this information fully available.
Operators currently have handset location data, based on cell tower triangulation. I imagine many will store this, but this may vary by network. The absolute minimum you need, in order to run a network, is to know the current location of the handset, so you can route calls to it. Historical data isn't required for delivery of the service. I imagine in countries with weaker privacy laws, data like this can be used like we saw with the "tracking spring break beach-goers heading home".

Triangulated location data is far from precise however. It would let you determine roughly where someone is, but nothing like accurately enough to do contact tracing or infection monitoring. You'd also need to start storing historical location data on a huge scale, but it would be accurate to a few hundred metres typically. Not ideal for contact tracing.

DNS + WiFi + Mobile phone masts etc. You could probably get some real location data by augmentation with coopted social networks add in some AI for expected locations and regular appointments. Do iPhone photos include location data in the exif data? I think the information exists but it’s just used by spooks right now is all.
I'm afraid someone has to tell the author that what is already possible is worse than the concerns raised here. This technology is actually an effort to not use the available methods that would ignore privacy.
Ding ding ding. It’s sad how quickly we forget that we live under dragnet digital surveillance. We haven’t even really internalized it.
Yet, still there is a conscious effort on the part of these companies/orgs/governments to slang the "we're protecting your privacy™" narrative because it's always easier to these leverage tools against others when they don't see it as a threat and aren't willing to mitigate against it to any degree.
That's a useful perspective to be aware of, and if this were a pure susbtitution of one mechanism for another then that could be a clearer win.

I think it's also true that deploying yet another potentially privacy-invading technology makes it more difficult for privacy advocates and lawmakers to deal with and reduce existing overreaches.

Indeed, combined with the authors stream of consciousness rant made this an infuriating read. I've met people like this before, usually their paranoia is made worse by their lack of technical knowledge. This also makes them difficult to convince that they are wrong. Since they don't have enough knowledge to tell who is right in a discussion, they often just listen to the loudest voice that is reinforcing their world view.
The author (and anyone half awake about what their phone is) is well of aware of the technology. Currently there are laws and legal standards that stop a lot of this. This is an attempt to soften up the public to the idea of having every movement, purchase, contact, and interaction go into a database and then passed on to the government when they don't do necessarily what the government wants. In the walled garden of helping with covid there is no doubt that this could do good. Outside those walls are governments hoping such tactics soften up the populace to the idea that this is actually a good idea for everyday life.
Working with the [Taiwan's] five major telecoms companies, the system tracks the quarantined individual by triangulating the location of the their phone relative to nearby cell towers. “Each telecom company has a different way of calculating the location of the phone, including how far it is from the cell reception tower and its direction in relation to the tower,” said Jyan Hong-wei, director general of Taiwan’s cybersecurity department. “As long as the phone is turned on, we can figure out the location. And if the phone is turned off, we’ll know that, and we can send a message to front line administrative or police officers so they can follow up.”

https://qz.com/1825997/taiwan-phone-tracking-system-monitors...

Exactly: Pervasive tracking is already available to the telcos and is being used in at least one country.

Disagree.

The argument seems to be: the spec is fine and presents little danger, but if an app went rogue, or a government mandated an app with further capabilities, then it would be problematic. Yeah, sure. But that also describes the status quo, and everyone still carries their smartphone around.

If the authors come up with a better spec that achieves the same thing with improved privacy then sure, let's not use the Apple/Google one. But until then, this is the best we have.
You are starting from the premise “we must implement this feature”
I don’t find this convincing at all. Proposed system is incredibly privacy-conscious, with all the control of self-reporting left to the user.

Let’s not stop this initiative that protects health and safety of societies that can trust their health authorities— and there are many.

We should be vigilant and try to stop autocratical implementations or misuses of the system. But it seems that even that will be difficult considering how the system is designed. And if governments can compel you to install some app on your phone, no amount of stopping Apple / Google will help.

Wait until this fellow hears about Apple's "Find My" feature:

> In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they're offline, allowing nearby Apple devices to relay their location to the cloud. That should help you locate your stolen laptop even when it's sleeping in a thief's bag. And it turns out that Apple's elaborate encryption scheme is also designed not only to prevent interlopers from identifying or tracking an iDevice from its Bluetooth signal, but also to keep Apple itself from learning device locations, even as it allows you to pinpoint yours.

* https://arstechnica.com/information-technology/2019/06/the-c...

* https://blog.cryptographyengineering.com/2019/06/05/how-does...

This guy is wrong about the Apple/Google contact tracing program.

As created, it’s opt-in only and does not report matches to a central authority.

This guy says, yeah, but the gubment could abuse the tracing mechanism for things besides an epidemic, force your phone to report matches centrally, and force the removal of the opt-in part of it.

...except, if a government can pull those off, they don’t need this new contact tracing platform. These assume the government already has deep, control of the details of the operating system.

In other words, this contact tracing platform has nothing to do with his privacy concerns.

There are always people who see a tragic pandemic and just see a chance to use the concern and attention to highlight their own cause. And then there are the ones who fight against the efforts to mitigate the suffering to promote their cause, like this guy. Whew.

> This guy says, yeah, but the gubment could abuse the tracing mechanism for things besides an epidemic..

> ...except, if a government can pull those off, they don’t need this new contact tracing platform. These assume the government already has deep, control of the details of the operating system.

It doesn't have to be about the security services having root on your phone - they can use legislation, forcing Apple/Google to hand over location data so they can hoover it up. Alternatively, they can use legal loopholes - as we've seen before after Snowden.

Honestly, it's naive to think they wouldn't try to get this data.

You’re missing the main point: if the government can do this, it will, independent of this contact tracing platform.

Also, there is no location data in this platform, and Google and Apple don’t have the data that does exist.

> naive

I think you need to understand what’s going on here before you start throwing around words like that.

> You’re missing the main point: if the government can do this, it will, independent of this contact tracing platform

How? I'm not talking about getting a warrant to infiltrate a single suspect's device, I'm talking about mass surveillance. They need a means, and depending on how they approach it, they need to soften up the public so they are willing.

Apps like this provide a means - maybe they don't collect everything the security services want from the beginning, but we could see a creeping escalation, especially under coercion by the security services.

As for softening up, western governments are already very good at keeping the general populace fearful, whether it be the commies, Russians, Chinese, Islam, terrorists, etc, there is always some boogeyman de jour.

Apps like this could be the opportunity they need - the straw that broke the camel's back, convincing people it's all to save lives. "good citizens will use these apps to save lives - what have you got to hide?".

We’re already at the bottom of the hill of that slippery slope argument. Nearly everyone already carries the tools of mass surveillance around with them everywhere they go already.

What may or may not be partially missing (don’t forget, cell towers are already tracking everyone’s general location and governments can get that data in various ways) is the software and backend systems to collect that data and make it available to governments... and this contact tracing system isn’t that software and doesn’t have back end components.

So again: while these privacy concerns are valid, they have nothing to do with this contact tracing system

A key difference for me is that it is way easier for the government to get a company or individual to give up keys or data than it is to get them to write the code to gather data in the first place. I'm sure there are those in government that are quite pleased that Apple and Google are doing it willingly.
First, you make some good points but you could have made them without rudely characterizing the author ("...but the gubment could.." etc.)

Second, the author is not wrong - when you build in tracking at such a deep-level it is open to abuse. Read the authors bio, he is not a naive techie. This is an area he has strong background in and deep technical knowledge.

Maybe this is the path forward, but Apple and Google appear to be rushing into this without considering the larger picture.

It’s exactly because of the Author’s bio that I come down hard on him.

He knows what he’s saying is wrong, and he knows that if the FUD he’s spreading catches on, a lot of suffering will happen that otherwise would not have.

> when you build in tracking at such a deep-level it is open to abuse.

True, which is why he should do an analysis of this system rather than this. He could be using his platform as an authority and presumed skills as a teacher to explain the system rather than spread misinformation.

No, what he is saying is very plausible and very likely correct. It is not mis-information. It is a well founded concern. I've been in tech long enough to know that what he is proposing is very possible.

Other commenters here go into better detail than I.

Please do read comments by others. There are some good ones that go through, point by point, places where the author is wrong.
Also, the government already has this capability in place, they can track and bug individuals and groups via telecom networks.
Yes but previously they would have needed a law passed to do such monitoring without a warrant, now people are just volunteering it with the drive by apple and google to publically and very openly track who you hang out with, where you're going, where you've been and then enthusiastically sharing it with the government. This is the softening up. Once covid is over in a few months or years they will be like "well look at all the good we can do, now we can use it to track all sorts of diseases, crime patterns, what you had for dinner and how that ties in with your other webs of interaction TO HELP MAKE YOU SAFER"
Is a rubber stamped warrant which allows mass surveillance really a warrant at all? How many requests has the fisa court denied? Which law allows for warrantless collection of all this data?
There's quite a difference between either forcing Apple and Google to build such a feature, which seems hard, vs. just forcing them to turn an existing feature on.

Same for turning such a feature on surreptitiously vs. installing such a feature surreptitiously.

It’s not just turning something on though.

This system doesn’t do what the author is talking about. It’s decentralized, opt-in, and transparent. The government would have to force Apple and Google to make it centralized, automatic, and secret. In others, force them to make a completely different platform.

The other thing is lets say the government decided to bring in this system and Google/Apple didn't give any feedback.

Then they just get a contractor to build an app that just broadcasts "I am Bob and I am at <location>" to nearby people and a central server. suddenly you have something way more open to abuse

Exactly right. And as civil libertarian as I am, I'd rather have Google and Apple tracking my location for this prosocial cause than serving targeted ads. And it's not like Apple and Google aren't already tracking iOS and Android users anyway (albeit user-tweakable).
> There are always people who see a tragic pandemic and just see a chance to use the concern and attention to highlight their own cause

You say that like it's not a PR exercise for large corporations.

> the ones who fight against the efforts to mitigate the suffering

There's more than a few billions floating around off-shore that could have helped establish universal healthcare and social safety programs, but just being a good corporate citizen doesn't get headlines, so let's focus on panic situations and instead sell our new slogan:

"Nefarious, for good!"

("good" defined as "not as evil as a global health crisis"; disclaimers may apply)

I'm not sure why you need to be so condescending in a healthy discussion like this.

> This guy says, yeah, but the gubment could abuse the tracing mechanism for things besides an epidemic, force your phone to report matches centrally, and force the removal of the opt-in part of it.

> ...except, if a government can pull those off, they don’t need this new contact tracing platform. These assume the government already has deep, control of the details of the operating system.

If your system has one RCE, you don't care about another one because it already has one? Perhaps you can work around the one, mitigating it? Also, "the government" (any in the world) can ask Google or Apple to share the data of a suspect. As they're not a one way hash, that is possible. Furthermore, an attacker can certainly gather the Bluetooth addresses and correlate these to one way hashes. If the API is public, they can correlate these hashes and detect which Bluetooth addresses got the disease. Together with the location, even an outsider can learn more about this issue.

Also, lets not forget there's recently an RCE in Bluetooth on Android (which many people still run with unpatched), and the problem of iOS not working with Bluetooth when the application isn't open on the foreground with screen open.

I think it's only opt-in on the surface. I could see governments requiring users to be opted-into the program in order to get tested for COVID.
This seems to misunderstand or dismiss a lot of important details about the proposal.

> The current specifications allow phones to learn when and where they were in contact with another device.

That's over simplifying it massively. First the spec clearly states that no location data is recorded, since the location is not necessary for the application of contact tracing.

> By pushing a button on one phone, by reporting it as infected, all other phones that were recently in close proximity reveal themselves to the central server

This is not true, they clearly state that matches with a Diagnosis key is not uploaded to the diagnosis server.

> The current specifications allow phones to learn when and where they were in contact with another device. It is unclear whether the actual identity of that device is also revealed.

This is just not true, they make it abundantly clear in their specifications, that the identity of the device is never revealed.

> A company could install Bluetooth beacons equipped with this software at locations of interest (e.g. shopping malls). By reporting a particular beacon as ‘infected’ all phones (that have been lured into installing a loyalty app or that somehow have the SDK of the company embedded in some of the apps they use) will report that they were in the area.

This is not how this works, this is not how any of this works! It is highly speculative and extremely unlikely that any random APP will have access to the tracing key to make that even remotely plausible.

This criticism is obviously written by somebody who has not read the specification[1] or did not understood key aspects of it.

[1] https://www.apple.com/covid19/contacttracing/

You trust them to not log that information when it is all clearly available to them? You are trusting apple, google, and the US government to not do the wrong thing? Or to not use this as a stepping stone to a permanent and more invasive "feature" to insure your safety?
You can argue this without having to misrepresent or lie about what their proposal says. It hurts your credibility if you do even if you were to have a perfectly valid argument.
Note: In China it's private businesses, not the government, that force people to install the tracing apps on their phones before being let into their establishments. The same thing can and probably will happen here : get tracked or be denied service.

The government doesn't have to do anything.

Wait a minute, aren't all private businesses owned or controlled by the CCP?
These hand waving, overly dismissive, FUD articles need to stop. Propose an alternative or shut up and sit down. Complaining about a tactic to combat a pandemic without a solution of your own is the lowest form of civic participation.
I'm sure they'll become illegal soon.