COVID-19: the fear of a Police State created a State of policemen

Originally published in Italian by Formiche.net

The Italian controversies on contact-tracing highlights a cultural failure: the misunderstanding of privacy and how to protect it. In short: for fear of an abstract danger of a Police State, we have accepted the concrete fact of having transformed Italy into a State of policemen. A State where the concrete and immediate application of the law protecting public order and (health) safety is entrusted with confusing rules applied arbitrarily. Continue reading “COVID-19: the fear of a Police State created a State of policemen”

COVID-19: Contact-Tracing in Italy between Science and Religion

The public debate in Italy on contact tracing is  rightly focused on the “obscurity” of how the Government has chosen the software, how does the software works and on concerns – more than about “privacy” – about the way citizens’ data are selected, collected and managed.

There are, however, two issues that would have needed a preemptive consideration.

Firstly, about the technological solution identified – or rather, “blessed” by the Italian Government: Bluetooth.

For days and days, the more or less technically competent narrative had crowned the Bluetooth as the only tool capable of achieving effective contact tracing. Then, some Jiminy Cricket (in English, and therefore unfortunately not intelligible in Italy where the “no spik inglisc” is a boast and not a shame) advanced some doubts about the fact that, for example, the range of the Bluetooth is excessive and therefore can generate unreliable results. The thing is so evident that Google has included the possibility to attenuate the signal strength among the features that can be managed via API by third-party programmers.

class? ?MatchingOptions? {? ?/**
* The signal strength attenuation value that must be reached within the exposure * duration? ?before the match is returned to the client. Attenuation is defined
* as the advertiser's TX power minus the scanner's RSSI.
*
* This value must have range 0-255.
*/

If using Bluetooth has issues, and before Google allowed a way to mitigate it, this was not possible, how did the Government decide that software A was better than software B?

How did the Government decide that this particular software was fit for the job?

Which brings us to the second issue, which is related to providing answers without knowing questions.

In theory, contact-tracing software could:

  • allow one to understand ex-post, once one was infected, whom they came into contact with,
  • warn in real-time if somebody is close to an infected person
  • enable people to avoid dangerous places due to the presence of infected people, crowds or both,
  • inform the authorities if someone is violating the mandatory quarantine,
  • allow everything, nothing or maybe anything else – like sharing data with medical-scientific research.

Deciding which options to pursue is not a technical or “privacy” issue but a matter of public policy, i.e. of the definition of public health protection objectives. But since there is no trace of this debate – at least publicly – it is difficult to disagree with the aforementioned Jiminy Cricket when he concludes:

All that said, I suspect the tracing apps are really just do-something-itis. Most countries now seem past the point where contact tracing is a high priority; even Singapore has had to go into lockdown. If it becomes a priority during the second wave, we will need a lot more contact tracers: last week, 999 calls in Cambridge had a 40-minute wait and it took ambulances six hours to arrive. We cannot field an app that will cause more worried well people to phone 999.

Which brings us directly to another important and neglected issue: the relationship between science, technology and the ability of the policymaker to understand to decide. As I write in an (I hope) forthcoming article,

In principle, looking at science as a constituent element of a political choice poses four orders of problems:
– not everything that is called “science” is science;
– science offers explanations and not certainties with limited validity;
– being a good scientist does not imply also having political sensitivity;
– a political decision can diverge from a scientific evaluation by way of opportunity – or ignorance.

In the case of the Italian contact tracing software (which yet another nudging application led Google to rename in a less threatening “Exposure Notification”) there are no elements to understand how the software was selected.

This happens not only and not so much because you don’t know how it works, there is no evidence of what data it collects and how it manages them, but because, precisely, who decides continues to give answers to questions that are not there.

COVID-19: Italian Contact Tracing App poses security concerns

Ordinance 10/2020 of the Extraordinary Commissioner for the implementation and coordination of measures to contain and combat the epidemiological emergency COVID-19 writes the final word in the chapter “Tracking yes, tracking no”. Italy wasted months idling on the decision to enforce a people’s tracking system. However, now the Government made up its mind and decided to us an “app” licensed free of charge by the developer. At the same time, however, the Commissioner’s Ordinance leaves untold some things related, in particular, to the security of the software, which, given the criticality of the moment, should have been a central element in the selection of the product.

Let’s start from strictly legal aspects: the company that developed the contact tracing software, as the Ordinance verbatim says,

solely out of a spirit of solidarity and, therefore, for the sole purpose of providing its contribution, both voluntary and personal, useful to deal with the ongoing COVID-19 emergency, has expressed its willingness to grant an open, free and perpetual licence to the Extraordinary Commissioner for the implementation and coordination of measures to contain and combat the COVID-19 epidemiological emergency and to the Presidency of the Council of Ministers, the source code and all the application components of the contact tracing system already developed, as well as, for the same reasons and always free of charge, has expressed its willingness to complete the IT developments that will be necessary to allow the national digital contact tracing system to start working. Continue reading “COVID-19: Italian Contact Tracing App poses security concerns”

COVID-19: on “privacy zealots”, again

Let’s  come back once again to the subject of “privacy zealots” and fundamental rights to clarify some concepts that should be clear but, indeed, are not yet clear enough:

  • “privacy” does not mean confidentiality. The investigative journalist, the drug trafficker and the unfaithful partner all want confidentiality about their activities, but for very different reasons that have nothing to do with “privacy”.
  • “privacy” is not even protection of private life, which is a much broader concept and extends (unlike the conventional notion of privacy) also to public places where crimes of harassment and private violence are applied,
  • “privacy” is not the processing of personal data because the processing of personal data is instrumental to the protection of fundamental rights and freedoms. So the GDPR does not protect “privacy” but first of all the fundamental good life and from there to go down,
  • “privacy” is not even (as happened with the environment) a new right to be constitutionalized because the Italian Charter already provides specific rules to protect the inviolability of the home, freedom of thought, freedom of movement and secrecy of communications that “cover” the areas that you stubbornly want to bring within the domain of “privacy”.

Continue reading “COVID-19: on “privacy zealots”, again”

COVID-19, privacy zealots and the abuse of “might” in Italy

I sound like a broken record that nobody listens to when I say that in a moment of constitutional rights – the real ones – withholding “privacy” is the least of our concerns.

Nevertheless, many supporters of an extreme concept of “privacy” continue to oppose the general and generalized identification of infected people and people who have come into contact with us because the state “could abuse” it. Continue reading “COVID-19, privacy zealots and the abuse of “might” in Italy”