obrien-j
commented
3 years ago In keeping with our newly really release cds-snc/covid-alert-documentation#31 practices, I've moved this up into the covid-alert-documentation repo as our central point for taking input from folks outside the team, and am converting the issue into a Discussion.
Great work on these well-structured covid alert app repos! This request was motivated by the additional info requests from the BC gov, and perhaps others, which have delayed their adoption. I believe it may also address the fact that while many may distrust sharing their data with the Canadian government, they may be more inclined to trust their regional health authority.
If I understand the app correctly, currently all key-submission activities are made to a Canada wide Bulletin Board (BB) like service. These are pushed back to client apps across the nation.
The problem:
Even though the data being shared is minimal, the public may be concerned that contact tracing could be abused. The Singapore gvt has recently said that they would allow law enforcement to use it in prosecuting crimes after initially saying they wouldn't for example. Although the CAN Covid-19 app does not allow this mechanism of abuse, the general public does not have the technical expertise to verify this for themselves.
Proposed solution:
Since most device-code pairs will occur in a limited geographic region, most pairs from B.C would not need to be shared with PEI for example. If the key-submission service was running at Provincial or even regional levels, then locals could be promised that their contact tracing data will not leave the health-district/province unless they travel outside that boundary. Only codes generated during their time outside their home region ( + a 2 week buffer) would be shared with a parent key-submission server. This might significantly improve adoption as trust for local government is usually higher than that of the national gvt.
This may also support provincial authorities wishing to track more data as they could do this at the regional/provincial level but only share CAN-Covid19 compliant data with national servers. Finally, in the event of some breach, there would be less data exposed in any tier/pool of servers.