TraceTogether_Why_open_sourcing_matters.pdf

 TraceTogether_Why_open_sourcing_matters.pdf

TraceTogether - Why Open Source Matters

75935a034e6c04dfd6f6946a299c3937?s=128

Harish Pillay

May 13, 2020
Tweet

Transcript

  1. TraceTogether Why open sourcing matters for trust and confidence Harish

    Pillay, h.pillay@ieee.org, @harishpillay CC-SA 13 May 2020
  2. What is the problem that needs to be solved, and

    why? - Contact tracing - Close range and exposure duration as per epidemiological advice - Ensuring that privacy of individual is honoured - To identify affected individuals and help them recover in order to control the spread
  3. Why open source? 1) Open source offers a layer of

    trustworthiness 2) It can be reviewed by experts globally to confirm it works the way the development team says it should. 3) It encourages people from all over to collaborate to solve a very critical, existential challenge 4) Trust but verify
  4. Privacy/Security Challenges a) Using mobile phones to collect proximity data

    b) In collecting proximity data, the privacy of the individual has to be honoured and vigorously protected c) The individual, upon being positively identified as being infected, has to, with consent, allow proximity data collected to be made available to authorised health authorities in mitigating infections via contact tracing. d) The solution should be specific and targeted with a sunset clause built-in including deletion of all proximity data on the device as well as those sent to health care systems.
  5. How Solutions Stackup Code Signal Centralised Loosely Centralised Decentralised TraceTogether

    Open GPLv3 Bluetooth,, wifi/mobile data - Phone # asked for registration - Upon infection, with permission, contact logs used to contact trace CovidSafe Open Bluetooth, wifi/mobile data - Same as TT but asks for full name, age range, postcode Aarogya Setu Closed Bluetooth wifi/mobile data GPS All data is sent to the central server periodically SafePath Open Bluetooth, wifi/mobile data GPS Fully decentralised until infected and with permission data uploaded PEPP-PT (a framework) Open