|
|
|
|
|
|
by falcolas
2240 days ago
|
|
|
> government agencies and law enforcement … to be honest, I have no idea why they should be interested, but surely, they will. This one’s easy. Bob commits a crime. Police think there’s an accomplice. So, they use a contract tracing system to identify and start investigating Bob’s direct and second-order “contacts”. Note - this is independent of the actual implementation, which does seem fairly secure against such uses. Still, I worry that given the public nature of the “infected” list, and that phones automatically add themselves to the list, there are some statistic correlations which could be made. |
|
|
If "identify" means to discover the identity of, I don't see how law enforcement can do that under the Google/Apple system.
Law enforcement can get Bob's phone. And it will have a list of all the pseudonymous ids it collected. They can pull that data, but what do they do with it? The ids aren't IMEI or phone number or anything. And there is no central database of them.
If you had the contact's phone, then you could get data off both phones and confirm whether they had been nearby. But if you're confirming a link between Bob's phone and someone else's phone, it means you already discovered the identify of the contact through other means.
It would be possible to build a central database of these ids through dragnet surveillance, but since they are stored locally only, that would require putting malware onto the entire population's phone to upload the ids somewhere.