WeTrace icon indicating copy to clipboard operation
WeTrace copied to clipboard
verified publisher icon AndreasGassmann

Questions on data privacy assurance and level of audit

Open paulcwang opened this issue 5 years ago • 1 comments

Hi David, Hi Andreas,

Thanks for reaching out to me David. I happened to have seen the pitch of WeTrace on Tanya's interviews earlier before seeing your current message. I find the initiative very interesting and worth developing. As I am currently involved also with MyDataGlobal and in particular one of the projects related to the deployment of #mylog14, it interests me a lot, appears simple from a usage perspective and preservation of privacy, as I understood it. Some of the questions relate to data privacy assurance, security by design, avoidance of duplication, errors and integrity checking in addition to the level of audit you give both to the citizen/user who uses the App as well as to the backend.

  • How "frequent" is the random ID been generated?

  • What is the seed?

  • How do you determine whether the frequency is enough or not sufficient or an overkill?

  • You mention that when people get close to each other by 5m, the two devices "communicate" with each other:

    • how precise is this "5m" criteria?
    • How do you ensure at what speed the location is collected?
    • Do you need to enforce then that the user authorizes permanent geolocalisation to allow WeTrace to permanently record the movement of the phone user? Is there a single id for the user to authenticate into the WeTrace app to allow the phone to be shared among several users or do you assume that the phone is single usage only?

  • Assuming a person is negative on 2020-03-29 at 22:50 with an assigned random generated ID let's call it ID1001. Then on 2020-03-30 at 07:30 his random generated ID is ID1002. At this time, he turns positive.

    • Another person who had ID9001 on 2020-03-29 at 22:50 and now at 2020-03-30 at 07:30 he holds a new random generated ID called ID9002.
    • How is ID9002 (previously ID9001) informed at 2020-03-30 at 07:30 that he did walk by ID1002 (who previously used to be ID1001 that the day before) that he or she was in contact with ID1001 ?
    • How do you establish the link between ID1002 and ID1001, where do you keep the entire historical data, I believe on the user's phone and not on a server.
    • Does each of the user holds the historical data of each of the IDs he or she went by? You indicate only when a user is informing that he or she's positive. If so, how can ID9002 can know that ID1001 is now ID1002 if the data are not centralized on a backend on a permanent basis, I don't see how these data can be broadcasted only when someone is informing that he or she's positive, including the historical data?

  • In case there is a manipulation error from a user, how can the user made a correction to avoid false positive or false warning being broadcasted? Is there a retroactive change possible?

  • How can a user audit the data that is kept on the App and also audit what is kept on the backend

That's about all my questions. I do value every feature that you intend to develop.

Cheers. Paul

paulcwang avatar Mar 30 '20 14:03 paulcwang

Hi Paul, can you please check the following wiki entry and tell me if this answers your question: https://github.com/AndreasGassmann/WeTrace/wiki

dcale avatar Mar 31 '20 11:03 dcale