1/4: When I installed the service Vic app on June 4 (when it became compulsory) the splash screen told me "Your personal details always stay on your phone," which is not true: your check-in details are uploaded to a central database immediately when you check in. #Vicpol@OVIC_AU
2/4: Now (surprise, surprise!) we're debating further access to that database, which never had to be built in the first place. Aotearoa/NZ and the UK have 'automated diary'-style apps in which your check-in data does stay on your phone, with notification to the affected person.
3/4: I even wrote up an idea for the best of both worlds, in which local personal data storage could be combined with automatic notification to govt if you'd visited an exposure site. github.com/AusOpenTech/Au…
4/4: IMHO access by Vic police with a warrant for investigating serious crime is the least of the concerns for this database. Unauthorised access by organised crime, abusive partners, foreign spy agencies, etc, is a greater risk - one we won't have the luxury of "debating."
• • •
Missing some Tweet in this thread? You can try to
force a refresh
1/5: Remember how @ElectionsACT didn't need to make their source code openly available for public scrutiny because it was going through an "audit and certification process"?
They published the votes on Friday and it is immediately evident that the counting code has bugs. #ACTpol
2/5: Andrew Conway implemented the count & found notable discrepancies with the official tallies - more than 20 votes in some cases. Our report is at github.com/SiliconEconome…
None of these bugs change the winners. They could have, but this year - by sheer good luck - they didn't.
2/11: Singapore & the UK have released whitepapers explaining their crypto and assumptions. The UK's is by @NCSC's Ian Levy: ncsc.gov.uk/files/NHS-app-…
In both cases, there are some things I disagree with, but I respect the authors for putting the details out for review.
3/11: Singapore rotates encrypted IDs every 15 mins.
Aus #CovidsafeApp rotates them every 2 hours.
The UK's app keeps the same one all day. The explanation is that this can helpfully nudge people about how much close contact they've had.
1/11: Why there are there two almost-opposite technical threads here, one saying "#covidsafeapp gathers so much LESS data than anything else on your phone," and another saying "this app gathers info that no other app on your phone collects"? The answer is that they're both true.
2/11: It's true that #covidsafepp doesn't do any of the usual nasties, e.g. GPS tracking or microphone surveillance. However, it builds an infrastructure for gathering a completely new kind of mass data: fine-grained detail about who was how close to whom, when.
3/11: Just as #covid19 is a new virus that will probably be with us forever, physical proximity data is a new form of data gathering whose implications will be lasting, and which we are only beginning to understand.
1/7: Hang on a minute, I have misunderstood something important. In my blog post I wrote of Tracetogether "Whenever you're within Bluetooth range of a person, you send them your ID, encrypted with the public key of the Singaporean authorities."
Is that what everyone else thought?
2/7: But their whitepaper actually says: "TempIDs are cryp-tographically generated by the backend service." bluetrace.io/static/bluetra…
Those encrypted IDs you send out all the time are AES encryptions, generated for you by a central server, using a key you don't know.
3/7: The public-key-based system I thought they were using is described as an alternative that isn't implemented because of its computational burden. They add that this allows health authority monitoring by "logging the issuance of daily batches of TempIDs." Daily is a key word.
1/6: OK, let's think of a list of specific questions - I'll start with whether "What is being proposed is no different than our existing health surveillance system." In our current system, a health official asks an infected person for a list of people & places they've been near.
2/6: Some obvious differences:
- When relying on human memory, you might forget. Automation should be better.
- When relying on human memory, you can choose to omit certain people or places. Will Australia's app have that option, or will it be all-or-nothing? #covid19australia
3/6:
- Human memory cannot usually be compelled (at least not in countries like Aus), but data can be compulsorily acquired, e.g. under TOLA. Will TOLA, and other laws about compulsory phone-opening, be amended to carve out contact data stored on your phone by the app? #auspol
Analysis with @SarahJamieLewis and Olivier Pereira of the SwissPost-Scytl e-voting system. people.eng.unimelb.edu.au/vjteague/Swiss… The code uses a trapdoor commitment scheme, so it is possible for an authority to provide a proof of a correct election outcome while actually manipulating votes.
This is exactly what verifiability is meant to prevent. They say they have now fixed it, but without an open public process for examining the code, we can't be sure whether other similar issues remain, or whether other Internet voting systems such as NSW iVote are also affected.
Nothing in our analysis suggests this problem was introduced deliberately. It is entirely consistent with a naive implementation of a complex cryptographic protocol by well-intentioned people who lacked a full understanding of its security assumptions & other important details.