- From: Christopher Allen <ChristopherA@lifewithalacrity.com>
- Date: Sun, 29 Mar 2020 08:02:12 -0700
- To: Credentials Community Group <public-credentials@w3.org>
- Cc: Joe Andrieu <joe@legreq.com>, Kim Hamilton <kimdhamilton@gmail.com>, elizabeth.renieris@gmail.com, Sarah Jamie Lewis <sarah@openprivacy.ca>
- Message-ID: <CACrqygCAjWZ6uy07sNoAgbrPLivPF12oz6rCdy25d_cM+PTKqQ@mail.gmail.com>
In addition to the implementations that I shared in the original Agenda email for our call Tuesday, here is another major contact tracing tool: #TheShield from Israel https://www.difesaesicurezza.com/en/cyber-en/israel-the-shield-will-help-to-track-the-possible-coronavirus-exposure/ I've heard that there may be another one coming from the EU soon. Some more general links: I really appreciate Elizabeth Renieres @hackylawyer’s article *When Privacy Meets Pandemic* https://medium.com/berkman-klein-center/when-privacy-meets-pandemic-fbf9154f80b3 “So, where does this leave us as a privacy community and what is our role in the time of Corona? It means that before we debate the particulars of a specific technology or application, before we tweak certain features or functionality to better protect individual privacy, or before we impose certain transparency or accountability measures, we take a step back. Before we concede that a measure is necessary and begin to assess its proportionality, we question that underlying assumption — especially when it’s coming from private companies who stand to gain from it or governments who fear being perceived as lacking control over the situation. We apply the age-old tests of legality, necessity, and proportionality — in that order. We require concrete evidence that a measure will further specific aims or achieve certain measurable outcomes. If privacy advocates don’t step up and do this, who will?” I also like Sarah Jamie Lewis’s Twitter thread https://twitter.com/sarahjamielewis/status/1242142313192644608?s=21 in particular this statement: “There is no such thing as a robust privacy preserving contact tracing tool because social graphs and location graphs are impossible to anonymity because anonymity is fundamentally about removing social and location context - once you do that all that is left is the honour system” Despite that I agree with those that a key of the problem is that the task of #LocationPrivacy and anonymity is extremely difficult, I do believe that in the short term we can be pragmatic & not suffer “the perfect is the enemy of the good”. We can share best practices, salute those doing the right thing, shame those who do not, and demonstrate our commitment to both the common good as well as to preventing individual harm. An effective Honor System is not the worst short-term outcome. We also need to set the stage so that in the long term we can invest in the much more difficult problems of solving these problems more idealistically correctly. We need to fund things like deep requirements engineering, great user centric design including nudge/incentive/mechanism/ approaches, as well implementing the latest secure code practices, privacy protocols, zk-proofs and other modern cryptographic security approaches, etc. For if we do not be somewhat pragmatic now, and set a stage to be able to invest in a more ideal future, we risk that everything we are currently doing on the privacy front now will fail because in the end, everyone will being tracked at another layer. I look forward to discussing these topics further with you on Tuesday! — Christopher Allen
Received on Sunday, 29 March 2020 15:03:04 UTC