[LINK] RFC: Does CovidSafe Actually Work?

Roger Clarke Roger.Clarke at xamax.com.au
Wed Apr 29 16:54:46 AEST 2020


> On 29/4/20 12:56 pm, Roger Clarke wrote:
>> I'm sceptical.
>> I've flung together some preliminary notes, with a view to 
>> establishing what's known about the effectiveness of apps like this.
>> I'd appreciate feedback, pointers to sources, and pointers to people 
>> who are actively working on such questions.

On 29/4/20 3:46 pm, Hamish Moffatt replied:
> In point 1 (3), you write:
> /The Australian 'CovidSafe' app appears, as promised by the government, 
> to store the data solely on the primary device. At least the model of 
> each phone is transmitted and stored in cleartext, i.e. unencrypted./
> 
> The second part appears to be (a) irrelevant here and (b) incorrect. > The app has been observed to store all of its data in encrypted storage
> on the phone.

Maybe I'm misinterpreting Culnan et al.'s statement:
https://github.com/vteague/contactTracing#user-content-the-sharing-and-plaintext-logging-by-other-users-of-the-exact-model-of-the-phone

 > It is not true that all the data shared and stored by COVIDSafe is 
encrypted. It shares the phone's exact model in plaintext with other 
users, who store it alongside the corresponding Unique ID.

But the text continues:
 > COVIDSafe records details about the messages it sends and receives, 
storing these in unencrypted form ...

and the Table cols. 6 and 7 display the phone-model.

Are you able to point me to the contrary evidence?

I wonder if there's a difference between the two (or more?) 
implementations, at least for iOS and Android, possibly for some OS 
versions and/or iPhone sub-models.


> As to the false positive rate, I'm not convinced this is a problem in 
> Australia. Right now we have such a low case rate and some state 
> governments have announced a testing blitz, so some additional targeted 
> testing seems quite reasonable.

Testing is a little inconvenient and unpleasant.  But my bigger concern 
is unjustified isolation, especially if test-results are slow or (more 
likely) ambiguous, requiring multiple re-tests, or policy-makers are too 
trigger-happy and regard one instance as evidence of a major relapse.

The inconvenience to the individuals is one factor, but the likelihood 
of media blow-ups and a loss of public support is a bigger issue.

But I'll have to think through what I really mean, because, like you, 
I've complained about the absence of:
-   targeted testing in high-incidence areas (e.g. Waverley),
     to develop a picture of latent risks, and
-   random-sample-testing elsewhere, to learn about the progress,
     or more likely lack thereof, towards herd immunity.


My rationale is that, if a vaccination proves elusive, which is a quite 
likely scenario, our options become:
-   many cycles of semi-lockdown as soon as each wave comes around; or
-   the development of herd immunity.

The talked-about immunity=50-70% may be reachable in Lombardia and NY. 
We're probably a long, long way from it;  but we don't actually know.

Thanks Hamish!


> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
> 


-- 
Roger Clarke                            mailto:Roger.Clarke at xamax.com.au
T: +61 2 6288 6916   http://www.xamax.com.au  http://www.rogerclarke.com

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA 

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University



More information about the Link mailing list