[Image from https://www.solarwindsmsp.com/blog/what-pii-and-phi-and-how-do-you-secure-them and added NO to it using gimp.]
I wrote earlier that asking for a phone number when registering the TraceTogether app on the mobile phone was about the only useful and barest minimum piece of information I am prepared to provide for contact tracing. And since I did install the app when it first came out, that was all that I did. That promotional video says even less:
Now I am reading that in addition to the phone number, registrants of the TraceTogether app will need to provide their NRIC as well. I assume that it is for those who are newly installing TraceTogether who would be asked to add one more PII.
I think it is WRONG.
I will quote the entire reason from TraceTogether’s site here (from the link above):
Why is NRIC needed?
Your unique identification number allows MOH to reach the right person when they need to give you important health advice on COVID-19. It is stored in a secure server, never accessed unless needed for contact tracing, and never shared with other app users.
As much as I am fully supportive of doing contract tracing using tech and the fact that I did step up to help with making the code trustworthy by encouraging and working with GovTech to open source it as OpenTrace back in April, I am NOT IN FAVOUR of the very slow creep in data collection.
Let’s play along and explore the issues:
- First, what if the NRIC # provided at registration is really not of the person who is registering? You can trivially generate valid NRIC #s (see my post from two days ago). I can stop here, but let’s play along.
- Second, in registering a phone (or a non-phone device) with TraceTogether, you can just as easily use any other valid phone number to get an OTP. With that OTP, you are then able to enable that device to be the tracker, provided you keep it with you as you move about in order for TraceTogether to work as designed. Should you become infected with COVID-19, and as the MOH extracts with your permission, the contact details from your device, MOH would then determine who else came into contact with the infected person and do the needed contact tracing – the human in the loop. Now, say someone else was infected and that person’s contact log has your encrypted ID (because you were around that person), then the number MOH will be contacting might not be yours. Hopefully, for your own good, you should have a way to be notified that whoever was contacted by MOH, is able alert you as well. So, this registration loop-hole, as it were, has been there all along. Now if you add the NRIC as well, MOH could potentially have two bits of information that might be invalid from the perspective of that not being directly associated with the infected person.
- Third, say the G says “no, we will make it mandatory and, if you provided a phone number and NRIC that is not yours, you could be prosecuted.” Is that something we should even be doing? Yes, the Infectious Diseases Act can be thrown at the individual.
We are missing a key ingredient here. If we can gamify TraceTogether (as was discussed in this webinar on 19 May 2020:
Then we can easily increase the uptake and actual USE of TraceTogether. We have a simple means to make this doable, but, it is not, to the best of my knowledge, being explored.
Instead, tweaks are being made to the registration process and asking for more PII and also, a piece of hardware that will raise many issues.
Let’s look at those issues:
- Will the hardware design be open sourced?
- Will the software be open sourced?
- Can the device be trivially recycled? Do we really need to add to e-waste?
- What if the device is dropped/lost/flushed-down-the-toilet/random-issue, would there be a free of charge replacement? And how many times?
- Can the device be turned off by the user?
- What if the device’s battery is dead and there are challenges in charging it?
- Is there now going to be a whole army of tech support people just to support this piece of hardware/software?
- If I am already running TraceTogether on my phone, can I opt out of this piece of hardware?
Yes, while it seems like a interesting idea to look at a dedicated, single purpose device for contact tracing, it is clearly not the way to do anything.
Considering how people take much greater care of their mobile devices, I cannot see that level of importance or enthusiasm for a tracking device, even if the device is only tracking the exact same thing that TraceTogether does.
This is potentially an exercise in futility that we should avoid.
And, it is OK for the G to back off the hardware idea because, clearly, it is not viable.
Gamify TraceTogether. Do that instead.