Get best of the week

How to escape from Covid and from surveillance?



The state presence on the field of personal data, and the intensification of surveillance associated with the epidemic are causing growing concern. Criticism of this situation, which this article will not be devoted to, is fortunately presented very widely, in many countries, including ours. Authoritative people and organizations warn against the granting of exclusive powers to the state under the pretext of emergency measures, pointing out the danger and irreversibility of such steps. Quotes from the media are provided at the end of this article.

Aside from political disputes, we can find an unoccupied technological niche that can not only effectively help the population in the fight against infection, but also take digital rights protection to a whole new level. This publication is devoted to the consideration of such a scenario.

UFO Care Minute


COVID-19 — , SARS-CoV-2 (2019-nCoV). — , /, .



, .

, , .

: |

The growing trend of nationalization of personal data, and before that was rapidly growing in nature, is successfully justifying itself by solving pressing and practical problems. In this case, the need to control the spread of infection is so obvious that any kind of active activity aimed at fulfilling this task easily gains priority over inaction. In this context, even direct indications of the shortcomings and vulnerabilities of government initiatives associated with surveillance of the population look helpless. A significant obstacle to the development of global control may not be bickering, but real alternatives, i.e. practical solutions to the same applied problems in which the desired fight against the epidemic is achieved if not better, then at least with comparable effectiveness, without violating digital rights.

I propose to consider the option of one of these solutions to control the spread of infection, which uses personal data and the capabilities of smartphones to process it, and is based on respect for human rights and the protection of personal data.

Based on the basic ideals of protecting personal data, it is clear that you need to build on storage from the user's device. A free epidemic control application should do almost all the work on the client side and be decentralized.
The purpose of this article is not to specify a specific architecture, but instead I will outline the general concept of the application, whose task is to ensure quarantine measures, as well as collecting and processing statistics on the course of the epidemic for scientific analysis and monitoring. I emphasize that in my opinion, apart from scientific tasks and monitoring, the collection and processing of personal data associated with covid cannot have other goals.

Let's start with quarantine. A set of measures of social distance, isolation and reduction of contacts, primarily with patients, is widely described and can be clearly defined. The work of our application focused on the client’s device must be directed to meet the user's voluntary needs, to carry out this set of measures. Any measures of punishment and control by authorized bodies, as is now being implemented by some governments, should be immediately excluded from consideration as not voluntary. All other measures to counter the spread of infection that are not associated with violence are based on motivating the user to ensure their own safety and adequate participation in the overall fight against the epidemic. Such measures may include:

  • ( ) «», « », «», «», « », «» ..

  • /

  •   , ( )

  • , , .*

By installing the application, the user allows him access to the contact list and the ability to establish a p2p communication channel between the same applications in his environment. By establishing a connection through the contact list, or directly between applications, users first classify everyone with whom they are connected in three groups:

  1. close ones (meetings take place regularly)
  2. indirect (direct contacts are not regular, but a person enters into the circle of friends)
  3. random contacts (a meeting is possible, for example, in transport or on the stairs)

At the next stage, the user voluntarily decides whether to share his information with each of these groups individually. The concept of your information may include both the status “sick / not sick”, and other information, up to movements and a list of contacts. It is important that in this situation, information from the user's device is not sent to a centralized server. All data generated and received by the application is not transmitted to the server, but stored on the user's device and the "neighboring" devices of people from his environment.From the information received, you can make some impression about the likelihood of getting sick when in contact with others, and about measures to combat the epidemic that people and the user take (stay at home, for example). It should be added that in addition to forming p2p connections between users (“circle of contacts”) based on contacts, it is possible to create automatic switching of devices via bluetooth, or the notorious qr-codes for such cases as traveling by public transport, or contacts at the workplace.



There may be several modes of disseminating information from application to application. For example, it seems reasonable not to transfer the identifiers of your circle of communication to someone else’s device, but only generalized statistics on it. For example, that among those with whom I communicate there are no patients, or say that 5% of them are among people who make up all the contacts, that among them there are or are not people of my close circle. These information disclosure measures are simultaneously informative and an order of magnitude less threatening to massively compromise personal data than in the case of centralized government systems.

There are more radical modes of dissemination of information, when a person infected with covid during treatment is able to allow the application to broadcast its information during the incubation and subsequent treatment period as publicly as possible. Such a measure, without compromising the institution of confidentiality in itself, can greatly simplify the work of medical services and compliance with quarantine measures. It is also possible, with their permission, to share the information of the “close circle” of the users’s information with the sick person, in other words, the “contact” person diagnosed by Covid.

In the described model, we have a chance to get a powerful public tool for structuring personal data and an effective mechanism to combat the spread of infection. This model of user behavior engages in work on effective social distance, raises awareness about the epidemic and encourages responsible attitude to quarantine measures.

What is missing is a cool way to collect and statistical data for monitoring and researching the epidemic. The task is too tempting to abandon it for the sake of the ideals of protecting freedom and confidentiality. It is necessary to provide a special scientific protocol for the scientific analysis of personal data. This item from the list of measures to combat the epidemic is marked with an asterisk, because only it allows the technical possibility of centralized collection, processing and storage of users' personal data on the server. This protocol is a tap through which our personal data is able to leak and be collected in storage, so for its ethical implementation competition of collecting nodes for compliance with a strict list of standards, the main of which is openness and scientific authority, will be required.The final decision to send your personal data remains at the discretion of the user and is taken individually for each request. This implies that the requests must have a certain form and arrive according to the allowed schedule. The application will block all requests that do not meet the public requirements for protection against misuse of personal data. An incomplete list of such requirements includes:

  • , , .
  • , .
  • .
  • , .
  • .

These measures make it possible to supplement the civilian arsenal of high-tech anti-epidemic protective measures with a rich source of observations that allows only selective, moderate, reversible and voluntary violation of confidentiality under controlled conditions.

I am convinced that the appearance of such an application on the market will turn out to be more significant for civil society than any constructive criticism of measures taken by the government. One real decision based on the management of personal data will be more useful than a thousand words in defense of confidentiality on behalf of organizations, public figures and activists, and not only in our country.

novayagazeta.ru


meduza.io

aitrus.info


konkir.ru


roskomsvoboda.org


PPR

More articles:


All Articles