General Thoughts on Contact Tracing, best practices, rules, information to uncover

https://www.lawfareblog.com/paper-hearing-experts-debate-digital-contact-tracing-and-coronavirus-privacy-concerns We need to at least consider if it is our domain to play the "what if" game of contact tracing that Ryan Calo engages in here. I fully support his concern. I am not certain if is our domain to consider here? Maybe it falls under ethics for us to considered negative societal impact and comment therein? thoughts?

We are definitely in the "what if" game, but I don't think his arguments change anything for us. Which specific "what-if" are you concerned with? The ease of misuse by a political agent?

I am thinking about both Ethical breaches and CyberSecurity breaches. I view his political example as an Ethical breach. I am not even sure how to handle this. Whether it is political or industrial espionage, how to determine a malicious actor? Cybersecurity has models for this, but I am not sure if our Ethics conceptualization is sufficient yet. Thinking...

https://sites.google.com/fpf.org/covid-19-privacy-resources This link is the vast collection of links that Future of Privacy Forum collected in google. I have no comment other than to say it is a vast array of info and links and represents my greater concern of "too many words and too much info" We must be a source of distilled thought here, not just resource aggregation because it quickly becomes too mcuh

Initial guiding principles  on Contact Tracing  1) Opt-In only (unless mandated by law)  2) Data cannot be resold, but may be provided to a legal authority  3) Bluetooth - but concerns about security  4) Anonymized or potentially encrypted  5) Cybersecurity high-level compliant 6) Phone ID and not individual names and certainly no addresses, although the address of contact is permissible

On the legal side, publicly revealing patients’ protected health information (PHI) is a violation of the federal HIPAA Privacy Rule [9], and the Fourth Amendment bars the government from requesting phone data without cause [10]. Some of these norms may be suspended during times of crisis—HIPAA has recently been relaxed via enforcement discretion during the crisis to allow for telemedicine [11], and a public health emergency could well be argued to be a valid cause [12].

I've been thinking about how technologies shift (not necessarily replace) human labor. Re-reading a fantastic piece from Jaron Lanier, I wonder how we might create audit rules that examine the offset of human labor by Contact Tracing apps.

"China’s greatest advantage in AI is less surveillance than a vast shadow workforce actively labeling data fed into algorithms. Just as was the case with the relative failures of past hidden labor forces, these workers would become more productive if they could learn to understand and improve the information systems they feed into, and were recognized for this work, rather than being erased to maintain the “ignore the man behind the curtain” mirage that AI rests on. "

https://www.wired.com/story/opinion-ai-is-an-ideology-not-a-technology/

Do you think that jobs or human replacement are the domain of audit rules for contact tracing? In my view, the rules have to reflect the "thing" doing the work and that would vary depending upon the "thing" for example, bias is more likely from a human doing the tracing, but eliminating the human does NOT eliminate the potential for bias and it should be considered in either case. But I do view this effort as creating audit rules for a highly systematized contact tracing system

Yes, I think it's important to consider whether human replacement is within the domain of audit rules for contact tracing.

Are you for or against human replacement? Or are you neutral and want to put in place rules to cover both? I am not sure there is much demand for audits of human executed contact tracing (even if it may be valuable)