数据隐私和数据分享_大流行中的数据隐私

数据隐私和数据分享

A s nations around the world begin to gradually reopen, governments are looking at all options in hopes of containing future outbreaks.

A S世界各国开始逐步重新开放,政府在未来含爆发的希望看所有选项。

Their holy grail: Contact Tracing Apps

他们的圣杯:联系追踪应用

Experts have already raised concerns about the security and effectiveness of these apps. But, before we get into that, let’s discuss the analog counterpart.

专家们已经对这些应用程序的安全性和有效性提出了担忧。 但是,在深入探讨之前,让我们先讨论一下模拟对象。

For many of us, this may be the first time we have heard of Contact Tracing, but it is nothing new. Contact Tracing has been used by public health officials for centuries. Most notably, to contain STD/STI transmissions.

对于我们许多人来说,这可能是我们第一次听说接触跟踪,但这并不是什么新鲜事物。 几个世纪以来,公共卫生官员一直使用“接触追踪”。 最值得注意的是,包含STD / STI传输。

First, they isolate the infected person to prevent further spread, and then they track down every individual who they were in contact with. They do all of this without disclosing the identity of the individual. That last part is critical to this operation, contact tracing does not require the identity to be revealed and privacy is essential.

首先,他们隔离受感染的人以防止其进一步传播,然后他们追踪与之接触的每个人。 他们做所有这些事情而没有透露个人的身份 。 最后一部分对于此操作至关重要,联系人跟踪不需要公开身份,并且隐私至关重要。

So, what have governments and private companies been doing to bring the process to the digital world? Well, let’s discuss the two approaches being used.

那么,政府和私营公司在将流程引入数字世界方面正在做什么? 好,让我们讨论所使用的两种方法。

Photo by İsmail Enes Ayhan on Unsplash İsmailEnes Ayhan在 Unsplash上 拍摄的照片

集中式 (Centralized Approach)

In a centralized approach, a user’s phone sends their GPS location to a central server, along with the time they were there. Both, United Kingdom’s NHS and France, have decided to go this route.

在集中式方法中,用户的电话将其GPS位置及其到达时间发送到中央服务器。 英国的NHS和法国都已决定走这条路。

The biggest flaws with a centralized approach is: security & privacy, and battery.

集中式方法的最大缺陷是:安全性和隐私以及电池。

The government knowing their citizens’ exact location at any given moment used to be the Big Brother nightmare that kept George Orwell awake at night. One pandemic later, millions around the globe are volunteering that information. As an American, it is part of the culture to distrust the government, but providing near real-time location is no doubt in some young-adult dystopia novels.

政府在任何时刻都知道其公民的确切位置,这曾经是“老大哥”的噩梦,这使乔治·奥威尔在夜间保持清醒。 一场大流行之后,全球数百万人正在自愿提供这些信息。 作为美国人,不信任政府是文化的一部分,但是毫无疑问,在某些年轻人反乌托邦小说中,提供近乎实时的位置是毫无疑问的。

The UK and France have argued that the application will be secure and that the data will not be used for any purposes other than the contact tracing it is meant for. In an ideal world, the protectives provided to EU citizens through the GDPR (not even sure how this works with Brexit) would give them the necessary legal safeguards. But, in the event that the government lies and uses the data unlawfully, who is going to keep them accountable? That same government?

英国和法国争辩说,该应用程序将是安全的,并且该数据仅出于其意图进行的联系人追踪之外,不会用于任何其他目的。 在理想世界中,通过GDPR向欧盟公民提供的保护措施(甚至不确定这与英国退欧如何配合)将为他们提供必要的法律保障。 但是,如果政府非法说谎和使用这些数据,谁将对它们负责? 那个政府?

Moving past Big Brother, experts have also raised concerns with malicious actors gaining access to the data. The UK’s contact-tracing app is currently being tested in the Isle fo Wight. Concurrently, they have shared access to cybsecurity experts to receive feedback. Well, as anyone could have guessed, the cybersecurity experts found some security flaws. Adding insult to injury, one of their recommendations was to switch to a decentralized approach, which they had already rejected last month.

越过“老大哥”,专家们也对恶意行为者获取数据访问权提出了担忧。 英国的联系追踪应用程序目前正在Isle fo Wight中进行测试。 同时,他们可以共享网络安全专家以获取反馈。 就像任何人都可以猜到的那样, 网络安全专家发现了一些安全漏洞。 他们的建议之一是增加伤害,这是他们改用分散的方法,他们上个月已经拒绝了 。

For any contact-tracing app to work, whether centralized or decentralized, the phone will have to be continuously broadcasting information. Adding all the times a phone has to do this throughout the day, it puts a dent on the battery. However, centralized approaches have an added drawback, specifically with iOS devices. Apple does not allow bluetooth information to be broadcasted by an application in the background. Apple has already made it clear to companies that it will not ease these restrictions. To get around this, some apps on iOS need to remain open to work.

为了使任何联系人跟踪应用程序正常工作,无论是集中式还是分散式,手机都必须不断广播信息。 加上手机全天必须执行的所有操作,这会给电池造成凹痕。 但是,集中式方法有一个额外的缺点,特别是对于iOS设备。 Apple不允许应用程序在后台广播蓝牙信息。 苹果已经向公司明确表示, 它将不放松这些限制 。 为了解决这个问题,iOS上的某些应用程序需要保持打开状态才能正常工作 。

Singapore has attempted to reach a balance between using a centralized approach, but addressing the public’s concerns. Singapore has open-sourced their application, and state that data is not shared to a central server unless they turn positive.

新加坡已尝试在使用集中式方法与解决公众关注之间取得平衡。 新加坡已将其应用程序开源,并声明除非数据变为正数,否则不会将数据共享给中央服务器。

If true, Singapore could be a model for other countries who are still adamant about using a centralized approach. The final concern that will remain is the opt-in/opt-out dilemma.

如果属实,新加坡可以成为仍然坚持使用集中化方法的其他国家的榜样。 剩下的最后一个问题是选择加入/退出困境。

India, the world’s largest democracy, has already required citizens to download the application if they want to keep working or avoid possible punishment. Even Singapore, despite being opt-in, have indicated it may not be optional forever. The University of Alabama system in the United States is “encouraging” faculty and students to use their app, but it is not certain if they will require it to be on-campus. With still fairly limited data protection laws around the world, individuals may find themselves forced to download these apps. If not by their governments, by their employers or grocery stores or any other businesses they wish to work with.

印度是世界上最大的民主国家,如果他们希望继续工作或避免可能受到的惩罚,已经要求公民下载该应用程序。 即使是新加坡,尽管已选择加入,但也表明它可能不会永远是可选的。 美国的阿拉巴马大学系统正在“鼓励”教职员工使用他们的应用程序,但是不确定他们是否要求将其安装在校园内 。 全世界的数据保护法律仍然相当有限,人们可能会发现自己不得不下载这些应用程序。 如果不是由他们的政府,他们的雇主,杂货店或他们希望与之合作的任何其他企业来做。

As a result of moves like these, a programmer in India has circumvented the app. Now, they walk freely with a constantly showing the ‘Safe’ badge without broadcasting any data. This is the best-case scenario. Experts have shared concerns of individuals sending out false-positives. Doing so, would end up causing more harm than good.

由于采取了这些措施, 印度的程序员绕开了该应用程序 。 现在,他们自由行走,不断显示“安全”徽章,而无需广播任何数据。 这是最好的情况。 专家们对个人散布错误肯定表示担忧。 这样做最终会导致弊大于利。

Photo by Ketut Subiyanto on Pexels Ketut Subiyanto在 Pexels上的 照片

去中心化方法 (Decentralized Approach)

The decentralized approach has been led by a collaboration between Apple and Google. Both companies have recently sent out updates to their respective phones that adds this opt-in API.

苹果和谷歌的合作主导了分散式方法。 两家公司最近都向各自的手机发送了更新,其中增加了此选择加入API。

The way the API works is fairly simple, a user’s phone creates identifier codes that change frequently. If the phone detects another phone nearby for a significant amount of time, the phones will exchange their current identifying codes. If a user is diagnosed with Covid-19, the app will broadcast their codes for the previous 2 weeks with a server. Everyone’s phone periodically checks this server, and if they find a match with an infected code, they will receive a notification.

API的工作方式非常简单,用户的手机会创建经常更改的标识符代码。 如果电话在很长一段时间内检测到附近的另一个电话,则电话将交换其当前的识别码。 如果用户被诊断出患有Covid-19,则该应用将在服务器上广播其前2周的代码。 每个人的电话都会定期检查此服务器,如果发现与受感染代码匹配,则会收到通知。

Through this approach, battery will still be an issue because bluetooth needs to be on at all times, but on iOS devices it won’t have the drawback of having to be turned on as the centralized approach does.

通过这种方法,电池将仍然是一个问题,因为蓝牙需要始终保持打开状态,但是在iOS设备上,它不会像集中式方法那样具有必须打开的缺点。

So far, Switzerland is one of the first to test out this API with their app, the Australian government has indicated that they will also implement this API into their existing application, and Germany has also adopted this API after previously been working on a centralized approach.

到目前为止, 瑞士是最早使用其应用程序测试该API的国家之一,澳大利亚政府表示将在其现有应用程序中实现此API ,德国在此前一直致力于集中化方法之后也采用了该API。 。

因此,分散式方法是完美的,对吗? (So, the decentralized approach is perfect, right?)

Well, unfortunately, no. Putting aside the privacy and security concerns, efficacy is still a concern.

好吧,不幸的是,没有。 除了隐私和安全性问题,有效性仍然是一个问题。

If Covid-19 diagnoses are entered by the users, there is a guarantee of at least some trolls sending out false-positives, negatively impacting the trust the public has on the app.

如果用户输入了Covid-19诊断信息,则可以确保至少有一些巨魔发出错误的肯定信息,从而对公众对应用程序的信任产生负面影响。

What about the times you don’t have your phone? Or if your phone dies? Or the poor and elderly who may simply not have a phone that can install the app?

那你什么时候没电话呢? 还是手机死了? 还是可能根本没有手机可以安装该应用程序的穷人和老人?

I commend Apple and Google for working on an API that puts security and privacy at the center of their design. I also commend the software engineers working on the contact tracing apps. However, this is new technology; we are not yet sure how effective it truly is. Even if it works perfectly, you are notified that you may have been exposed to the virus, possibly after you have exposed others.

我赞扬Apple和Google致力于将安全性和隐私性作为其设计中心的API。 我也赞扬在联系人跟踪应用程序上工作的软件工程师。 但是,这是新技术。 我们尚不确定它到底有多有效。 即使它工作正常,也会通知您您可能已经感染了该病毒,也可能是在您暴露了其他病毒之后。

Contact tracing apps are not a replacement for effective treatment or a vaccine, nor are they replacements for widespread testing and personal protective equipment to limit spread. Like everyone else, I hope anything these days will slow the pandemic, but it is important we do not gain a false sense of security from these apps and end up spreading the virus even further.

联系人跟踪应用程序不能替代有效治疗或疫苗,也不可以替代广泛的测试和个人防护设备以限制传播。 像其他所有人一样,我希望这些天能放慢流行速度,但重要的是我们不要从这些应用程序中获得错误的安全感,并最终进一步传播该病毒。

Thanks for reading my post. I’d love to hear your thoughts, either in the comments here or on Twitter (@SoyCarlosEO).

感谢您阅读我的文章。 无论是在此处还是在Twitter(@SoyCarlosEO)上,我都希望听到您的想法。

翻译自: https://towardsdatascience.com/data-privacy-in-a-pandemic-901e828b850a

数据隐私和数据分享

你可能感兴趣的:(python,java,大数据,人工智能,机器学习)