[ad_1]
Prime Minister António Costa said Tuesday that the Portuguese Covid-19 detection app, Stayaway Covid, is “sure because you can’t make fun of jokers“. In addition, she has perpetually stated that “there will be no false alerts.” The phrase was delivered during the presentation speech of the Stayaway Covid application at the Instituto Superior de Engenharia do Porto. However, this statement by the Prime Minister is exaggerated. The Observer confirmed that there is a situation that theoretically allows users to make these types of matches.
“I can only give the alert if a doctor who has detected that I am positive gives me a code and only with that code can I, here [na app num smartphone], insert ”, said António Costa. The code to which the prime minister refers is valid for 24 hours and, after being delivered in a sealed envelope to the infected person, it is up to that same person to decide whether or not to put it in his application (if there is one) . This act is completely voluntary.
Now, in these 24 hours there is, in fact, room for there to be a misuse of the code by the “funny”. The application does not have a specific mechanism to prevent this type of situation. But let’s go through the points.
Indeed, the Stayaway application was created taking into account not only the privacy and voluntarism of the users, but also the reliability of the system. However, these requirements can clash with each other, and for the app to develop and be feasible, the researchers had to make compromises that would safeguard user privacy.
As José Orlando Pereira, researcher at INESC TEC, professor at the University of Minho and one of those responsible for the application project explains to The Observer. “There is a possibility” that someone with harmful purposes, or “fun”, as Costa put it, create false alerts. Even so, he justifies: “The only way to exclude this possibility was to develop not an application for mobile phones, but an electronic bracelet.”
António Costa has already downloaded the Stayway Covid application, the Minister of Health is “in process”
Even recognizing this possibility, the investigator devalues it and affirms that the Prime Minister was not wrong in his statement. “The decision was to take that possibility so reduced that the benefits could allow the use of the application ”, he explains. That is, for the researcher, the probability that someone receives a code and gets lost is very low. “We did our best to obtain this commitment, which is based on a number of factors“, Orlando Pereira assumes.
The factors are various. “It is based on validation by the doctor,” he justifies, and, in addition, “there is a period of 24 hours” for the code to be valid. That is, if someone loses the code, the time window for someone else to use it is one day, because then it is no longer valid.
“We are currently using that window so that the code is not misused. This is to avoid code loss, etc. ”, Exemplifies the researcher.
In the end, this situation will always depend on the human factor and even that was included in the accounts that the researchers made of the probability of a situation like this: “There is something we have to play with, with the assumptions we make with the behavior of society ”, justifies the teacher. He continues: “If I really got sick and got a code, [então qual] is the probability that I am someone who wants to do this attack [a outra pessoa]? All of these factors reduce this probability and, in the end, there is a non-zero probability. That probability is residual and it is something that we will have to deal with ”.
Taking this into account, the academic also says that if this situation of possible abuse “becomes worrying”, it will be necessary to “adjust all the factors along the way.” “There will be follow-up mechanisms understand how many alarms there are and know if there is a possibility that these alarms correspond to important situations ”, he says.
In other words, if people who want to do tests start to appear because they received a notification from the application and the results of these tests are always negative, then INESC TEC will adapt, safeguarding the privacy inherent in the construction of the application. I like it? “We will always be vigilant to re-evaluate the duration of the code“. This means that if the researchers detect that the codes are being used incorrectly, the time to put them in the application will be reduced, which will also reduce the probability that someone will make a “prank”.
We tested the Portuguese Covid-19 tracking app. See how it works and the questions you left us
To understand why this problem is insurmountable, it is necessary to understand why it is the infected person who enters the code and not the healthcare professional. The researcher explains that if it were a doctor who entered the 12 digits in the system, many more privacy problems would arise. And justifies: “At first, and from our experience in other countries, we have no news that this is a serious problem.“. Therefore, “the perspective is not to try to solve problems that do not yet exist.”
In other words, it is indeed a flaw, but not a serious flaw like data security, for example. “When we talk about safety, in technical terms, what we are saying is that the probability of failure is so low that it becomes acceptable in view of the usefulness of what we are going to do.“. As the academic explains, when we say that a plane is safe, there is little chance that it will crash. Even so, we say without issue that flying is safe.
For this reason, researcher José Orlando Pereira bluntly says that the application is safe. “We minimize the probability of failure, taking into account the consequences of that failure. In this case, it will be an inconvenience for the people who receive the notice and that could translate into having to do confinement, tests, etc.“He says. It is” a less serious consequence “that, says the researcher, makes the application acceptable.
Covid-19 Tracking App Now Has Over 120,000 Downloads
Ricardo Lafuente, vice president of the Portuguese Association for Digital Rights (D3) and critic of the process of creating the Portuguese application, admits that the misuse of a code “is possible”. However, it also devalues the situation. “I admit that possibility, but with the reservation that we do not know the exact terms of the protocol [do momento em que recebe o código]”He says. Still, the possibility of being able to insert a code incorrectly does not seem like” such a viable scenario. “
Now, Lafuente emphasizes that, even without these situations that involve someone with bad intentions, “there will always be false positives.” This is due to the way the application is built. For example, in traffic jams, two people with the application turned on, closed in each car, will exchange data (they can be within two meters for more than 15 minutes). Being locked in a car, they will make a test in vain.
Although the researchers affirm that the application is safe, there is at least one scenario contemplated by INESC TEC in which it is possible that some “funny guy” (to use the expression of António Costa) access a validation code and use it for bad purposes. But the other solutions that could fix this problem would create even more problems and would not safeguard the privacy that the application requests. However, a lost code can be misused for 24 hours if the recipient does not protect it properly. If INESC TEC detects that this is happening, it supports reducing the activation period of the code.
Thus, according to the Observer’s classification system, this content is:
EXTENDED
