Google, Apple Covid-19 Tracking Tech Faces EU Scrutiny (bloomberg.com) 68
The European Union said it will scrutinize Google and Apple's proposed contact-tracing technology to ensure it meets the bloc's new standards governing the deployment of Covid-19 apps. From a report: Officials from member states and the EU's executive arm will "seek clarifications on the solution proposed by Google and Apple," the European Commission said on Thursday as it issued guidelines aimed at making the various virus-tracking apps interoperable. Alphabet's Google and Apple late last week announced they would add technology to their platforms to alert users if they have come into contact with a person with the coronavirus. While the system is voluntary, it has the potential to monitor about a third of the world's population. In a video-conference earlier this week with Google CEO Sundar Pichai and YouTube CEO Susan Wojcicki, EU Industry Commissioner Thierry Breton "insisted on the need for all digital actors to develop apps to trace the spread of the virus in full respect of the privacy of individuals and ensuring interoperability and security of communications," the EU said.
EU need its own tech (Score:1)
Re: (Score:1, Flamebait)
Google and Apple are multinational corporations. People need to stop thinking about them as "US companies". They aren't.
Re: (Score:1)
Nope. It is a multinational. Not sure what I would tell Huawei?
Re: (Score:1)
Google LLC is an American multinational technology company... Google is Alphabet's leading subsidiary and will continue to be the umbrella company for Alphabet's Internet interests.
About Alphabet, Inc. [slashdot.org] we find:
Alphabet Inc. is an American multinational conglomerate headquartered in Mountain View, California.
Both are American companies. I am, technically, a multinational company as I have a small HK subsidiary - but we're formed, legally organized, and headquartered in the US.
Re: (Score:2)
There is an idea of the Uniform Economy, where all countries have the ability to make equal economies. Just do what the US does and your economy will flourish. But that isn't the case.
Even in the US, we have Silicon Valley where there is a large tech sector in the economy, we got Detroit where there is a big thing in auto manufacturing. Vergina, Maryland, and DC is where many government services are.
It isn't all just because of the Climate Silicon Valley Tech doesn't need to be close to actual Silicon fo
Re: (Score:2)
Yes, it is a catch 22 problem. It will take a lot of effort to change an area where skills are concentrated. Towns and Cities around the world, often ones that use to be Industrial Centers are having a difficult time changing to different economies because it is tough to get companies to invest in them.
It is possible though, but it often takes a lot of effort, what I see that works well is industry incubators, where Universities and Communities work together to create areas, to support startup companies o
Re: (Score:2)
Generally, it does have to be that way. Business economics is a combination of geography, government policy, a bit of luck and demographics.
Re: (Score:2)
I think you are mistaken. There are reasons car manufacturers developed cars in Detroit or the government is in DC and Silicon Valley is in CA. You should learn economics and history to understand. Companies don't just spring up because it's convenient for them, otherwise you wouldn't see any concentration happening anywhere throughout history.
Re: EU need its own tech (Score:2)
The reason Silicon Valley remains in California is because of the fact that noncompetes are unenforceable there. This is why other states can't replicate it.
Re: (Score:2)
That's a noble ideal, but here in the real world smartphones are largely based on either Android or iOS, both of which are developed by US-based companies. Unless you're suggesting that the EU compel its citizens to install a different OS or turn in their devices for something homegrown (with Nokia out of the picture, I'm having trouble remembering any EU-based major players at this point...), I don't know how they would do what you're suggesting. At best they could write an app, but an app won't have the s
Re: (Score:3)
The NHS is in a standoff with Apple and Google after the two tech firms refused to support the UK’s plans to build an app that alerts users when they have been in contact with someone with coronavirus.
But the policies, unveiled last week, apply only to apps that don’t result in the creation of a centralised database of contacts. That means that if the NHS goes ahead with its original plans, its app would face severe limitations on its operation. The app would not work if the phone’s screen was turned off or if an app other than the contact tracer was being used at the same time. It would require the screen to be active all the time, rapidly running down battery life, and would leave users’ personal data at risk if their phone was lost or stolen while the app was in use.
Re: (Score:3)
Instead of having to rely on US technologies and become beholden to USA. That should also help with the NSA spying.
The european app is https://www.pepp-pt.org/ [pepp-pt.org]
Re: (Score:1)
Yeah, won't happen.
The EU's vast army of meddling bureaucrats makes the development of Googles and Apples there rather unlikely.
It won't work (Score:1)
You can only track someone carrying a device. People will leave their device at home when they don't want to be tracked. People without a device won't be tracked.
This strikes me more as a power grab, like "look how much good we did tracking 50% of the people. let's make it mandatory for everyone to be tracked so we can do even more good!"
I'd rather get sick and die than live in that world.
Re:It won't work (Score:5, Insightful)
Or you know, you can just store 14 days of GPS / bluetooth data on the phone, and only ask people to share it if they get infected, like the Icelandic app does. Why do people assume that the only way to design such an app is to automatically, instantaneously share everything with some government database?
And with regards to that.... seriously, the notion that this is some sort of government way to track everyone's locations makes no sense. You're already literally walking around with a radio transponder in your pocket, for crying out loud. If you're afraid of being tracked, you always want to leave that thing behind. If a government wants to track you in a way that you can't shut off and you're not going to think about, they're not going to do it by asking you to voluntarily install a disease tracking app; they'll do it with backend data and backdoors. And probably already do.
Re: (Score:2)
Heck, given that cell signals also propagate upwards, I wouldn't be shocked if they could triangulate them with high precision by satellite.
Re: (Score:2)
"Why do people assume that the only way to design such an app is to automatically, instantaneously share everything with some government database?"
About a hundred years of Anti-Communist Propaganda. With country slogans touting freedom. Has made Americans especially wary about the government. When the Republicans are in charge, the people who are left of the group worry about them trying to take away their rights, When the Democrats are in charge the people who are right of that group are afraid they are
Re: (Score:2)
I want the freedom to walk the street of my city without getting shot = I want the people who have guns to relinquish their freedoms and get rid of their property.
I want the freedom to walk the street of my city without getting stabbed = I want the people who have steak knives to relinquish their freedoms and get rid of their property.
Like that?
It does not work that way. Come back with research on murders committed by lawful gun owners, as opposed to murders committed by illegal gun owners, and we'll talk again.
Re: (Score:2)
Whenever someone wants something we don't like, we ill normally strawman up to the worst-case scenario
In the absence of any information, that's a pretty good strategy. In this case, full details of the protocol are published, and (at least in the case of Android) the implementation will be open source.
Re: (Score:2)
Or you know, you can just store 14 days of GPS / bluetooth data on the phone, and only ask people to share it if they get infected, like the Icelandic app does. Why do people assume that the only way to design such an app is to automatically, instantaneously share everything with some government database?
To be clear, the Apple/Google proposal also shares data only from people who are infected, and only with their permission -- except the data it shares is vastly less privacy-sensitive than GPS/bluetooth data. To a first-order approximation, it's not sensitive at all, just a set of 14 random numbers with no connection to the user's identity or location history.
Re: (Score:2)
The way phones are tracked today is different from the way this system would track them. This system is much more precise.
You see, carrier's mobile towers triangulate your position with 3 towers (granted that you get signal from 3+, which is only in cities usually) which is not very precise (even with 3 towers). This is why Apple and Google are providing movement data right now on their COVID sites.
GPS is not on all the time because it consumes a lot of battery and does not work indoor. Effectively it gives
Re: (Score:2)
Then you move or rebel. Second amendment exists for a reason.
Re: (Score:2)
Then I'll have two phones. One that I use and one that carries the app whenever I have to have the app around.
It doesn't need to work to destroy privacy (Score:2)
Based on my rejected submission on another aspect of this topic I'll go ahead and blow up all the technical security defenses in the most obvious way. Leaving your phone at home is only the most trivial of the technical defenses.
If the government doesn't like you and they want full access to your tracking data, then it's totally easy. Just arrange to "expose" you to someone who might have the disease in question. Then ALL of your contact data is unencrypted and sent upstream to other agencies where it can b
Re: (Score:2)
Add that with the fact that most modern cars have Bluetooth and there are Bluetooth tracking apparatuses sitting on most highways this war is mostly lost. Best you can do is buy a beater and a flip phone.
And even that doesn't work, with optical license plate tracking now very widespread. Every police car records every license plate it sees, everywhere it goes.
Hell, it would only cost a few thousand dollars to train an image recognition network to not only recognize vehicle makes and models but also to look for and flag individually identifying imagery such as scratches or dents. This has already been done somewhere. We just haven't been told about it.
Re: (Score:2)
You pack that device with a ton of features, people will carry that device all the time.
We carry our smartphones all the time. We use them to pay for stuff, some people use them to unlock their car doors....
Re: (Score:2)
In the past week, while just sitting there, its been losing charge much faster than normal.
Its obviously now doing some shit that I would not approve of.
Re: (Score:1)
For the past month, my android smartphone has done nothing but sit here at home being unused. In the past week, while just sitting there, its been losing charge much faster than normal. Its obviously now doing some shit that I would not approve of.
Are there any "5G" towers near you that recently burned to the ground? [slashdot.org]
Re: (Score:2)
Re: (Score:2)
Of course it violates privacy (Score:2)
I, for one, am perfectly fine with moving back to the pre-HIPAA model where people who checked into the hospital had their name, age and condition broadcast (printed in the newspaper back then) for everyone in the community to see.
I'm not
HIPAA isn't there to protect you (Score:2)
Think of it this way, if you've got the CEO of a large company who drives their stock price up and he gets diagnosed with stage 4 terminal cancer a month or two before buyout negotiations, what would that do to the stock price?
I don't think we're going to say goodbye to HIPAA. But I do think we're going to get these tracker apps and that they will be made mandatory to enter stores. Either by the Government or just plain by the stores themselves.
Contract tracing
Re: (Score:2)
Re: (Score:2)
Your app regularly download's hashes and when it finds a match OFFLINE it tells you WHEN it happened (to nearest 10 minutes) and you can reconstruct the location (perhaps your app stores your GPS coordinates locally when it detects a bluetooth device).
Followed directly by this....
You don't find out who the person is.
Which is it? Do you find out when and where you were near someone with covid19, and therefore have a good idea of who that person was, or do you not find out who that person was?
How about stop being such a transparent apologist for the privacy violators.
Re: (Score:2)
I suggest listening to the "Virus Contact Tracing" episode of Security Now!
https://www.grc.com/securityno... [grc.com]
Steve Gibson does a deep dive into the technology and crypto of the system that Google and Apple designed.
Re: (Score:2)
Each phone will have a unique ID generated and only available on the phone and nowhere else. Any updated bluetooth enabled IOS/Android phone will share its unique ID and will get stored on phones in proximity along with the date, time and duration.
If you test positive, you report your unique ID to a central database. The cent
Easy to de-anonymize (Score:2)
Re: (Score:2)
Re: (Score:2)
There is a huge difference between a server in the NIH basement knowing that I am infected, and every malicious entity in the world knowing it.
Re: (Score:2)
Not sure if I am mistaken, but the following seems an easy line of attack to deanonymize all these 'privacy-preserving' apps.
A malicious actor can set up a free Wifi hotspot (for instance, spoofing the SSID of another one you normally connect to) and a Bluetooth listening device in the same location. Then they can see that at 17:42 in the afternoon a phone relays via Bluetooth the anonymous id 4e2f134a, and at the same minute your MAC address connects to their network (and maybe logs on their network on a captive portal with your username, or accesses a http page, etc.). It is easy for them to figure out who this 'anonymous' id 4e2f134a belongs to. Boom, deanonymized.
AFAIK the info that 4e2f134a had corona won't be relayed to you, just that someone you've spent time with has reported they are infected. You'd need to be able to submit false data to be able to triage (for example create a fake user that reports that the only person they've encountered was 4e2f134a).
Re: (Score:2)
I must have misunderstood then, because I thought the main idea is that all anonymous ids of infected people in the past 14 days get published.
If that's how you suggest, then it is even more worrying, because to do that they need a database of all encounters.
Re: (Score:2)
I must have misunderstood then, because I thought the main idea is that all anonymous ids of infected people in the past 14 days get published.
If that's how you suggest, then it is even more worrying, because to do that they need a database of all encounters.
I found the specs here: https://blog.google/documents/... [blog.google] https://blog.google/documents/... [blog.google] https://blog.google/documents/... [blog.google]
Re: (Score:2)
Re: (Score:2)
No, you just publish a list of IDs that have it.
The database of encounters stays on your phone locked away. When the list of known contacts with it is updated, your phone downloads the updated list, and compares it with every encounter it had recorded.
The problem is subpoenas (Score:2)
That said, I don't think we're going to be given a choice on this one. It has the potential to let us reopen the economy months and months sooner. It's too valuable. It will be forced
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Take a look at the specifications (https://www.apple.com/covid19/contacttracing/) – they aren't really all that complicated. The MAC address in the Bluetooth LE advertisements are already randomized, changing (about every 15 minutes) and uncorrelated with the MAC address you'd use to connect to something. This is also true of the WiFi probes phones generate, by the way –those also come from a random MAC address that has nothing to do with the actual MAC address you'd use to connect to a WiFi net
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Simple Solution: EU do it yourself. (Score:2, Insightful)
This is stupid. The EU can't deliver this kind of technology, in any reasonable time frame or cost. So, when corporations, which they usually bash on, come up with something they want to complain.
Have it your way: All corporations stop trying to be good citizens. Simply do nothing. Oh wait, then the EU will complain they should help....
Typical government, can only point the finger, can't produce anything.
Re: (Score:2)
This is stupid. The EU can't deliver this kind of technology, in any reasonable time frame or cost. So, when corporations, which they usually bash on, come up with something they want to complain.
Have it your way: All corporations stop trying to be good citizens. Simply do nothing. Oh wait, then the EU will complain they should help....
Typical government, can only point the finger, can't produce anything.
Perhaps they've adopted the policy of just being annoying enough for someone to google the answer for them?
https://www.pepp-pt.org/ [pepp-pt.org] You're welcome.
Re: (Score:1)
The EU's mission isn't to deliver technology.
It's to fatten itself by taking taxes from those who can deliver technology.
The more "scrutiny" of tech companies it needs to do, the more taxes it will just have to take.
Re: (Score:2)
while its true that EU complains about US companies generally for power grabs and money, when it's also good for the general populace, i'm not all that unhappy (however rare that is)
Re: (Score:2)
The EU's major failing is not gifting corporations everything at the expense of the people. Why they don't follow the American model and fuck the public I will never know.
Also the EU has no technological development arm and aren't in the business of technology development. I guess you mean EU based companies, they can absolutely deliver this technology. You would know, Americans keep buying them out to prevent competition.
contact tracing (Score:1)
Time is of essence (Score:2)