You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems to me that a lot of the potentially problematic information collected probably has a legitimate justification, ie:
timestamps (to work out length of contact)
phone models (for distance modelling, which probably needs to be done on a central server as the modeling will probably need to be adjusted over time, potentially retroactively).
However it seems to me that the log could theoretically be submitted without any reference to the user sending it, ie it might leak information about "someones" day (or if broken up, as parts of possibly several "someones" days), but not be directly linked to the person submitting?
I suppose with infection rates as low as they are in Australia that probably limits the ability to effectively anonymise the data as few people will actually be be submitting it. The upside to that is that it also means it wouldn't be an effective tool for general state surveillance....
Would there be value in an "Easy Wins" section?
Things like:
increasing the frequency of ID rotation
creating a symmetric key on ID rotation, sending it to the central server and encrypting the phone version sent in the public bluetooth beacon
seem like they would bring privacy improvements without requiring significant changes to the system design.
The text was updated successfully, but these errors were encountered:
It seems to me that a lot of the potentially problematic information collected probably has a legitimate justification, ie:
However it seems to me that the log could theoretically be submitted without any reference to the user sending it, ie it might leak information about "someones" day (or if broken up, as parts of possibly several "someones" days), but not be directly linked to the person submitting?
I suppose with infection rates as low as they are in Australia that probably limits the ability to effectively anonymise the data as few people will actually be be submitting it. The upside to that is that it also means it wouldn't be an effective tool for general state surveillance....
Would there be value in an "Easy Wins" section?
Things like:
seem like they would bring privacy improvements without requiring significant changes to the system design.
The text was updated successfully, but these errors were encountered: