Pandemics, Liberty and Digital Transformation

China, Taiwan and your favourite video chat apps

One of the things that us in the western hemisphere hold dear is freedom. In some countries, it is taken to an extreme by its defenders who fight for their right to do stupid and dangerous things. But that’s beside the point.

When we talk about freedom in a digital context, clearly the very definition of freedom is something that hasn’t quite been entirely resolved. More confusingly, is the fact that freedom is often grouped, incorrectly, with privacy. Your right to do something does not necessarily translate to a right to be private about what you do —depending on the country in which you live, notwithstanding.

The currently worsening worldwide pandemic is exposing what these terms really mean, and how those definitions are suffering manipulation for the benefit of beating the spread of the virus. Or are they? That’s what I wanted to discuss in this weeks’ issue.

Enjoy.

User notes: There are a lot of links in this and my other articles, click them as they offer context and help your understanding of my writings 🙏 Hint, there’s nine in this article.


Is Taiwan the model to follow?

There are two immutable facts to understand for this crisis; Taiwan has a proven record low number of cases and deaths during this spread of SARS-COV2 virus, and the official figures coming out of China are not to be trusted at all.

In fact, as many an analyst has pointed out over the last couple of weeks and months, to understand China, look at what they do, not what they say. For example, look at some of the reports emerging from China that suggest that the number of deaths is indeed something of an order of magnitude larger than official figures, with reports of crematoriums running late into the night —generally, they only work in the mornings— and the delivery of thousands of urns for cremations. A journalist that surreptitiously filmed activity in a crematorium is alleged to have gone missing, watch the report on FranceInfo for more details.

So, what has this got to do with Taiwan? Well, several things in fact. And this is where Digital Transformation has been part of the solution for Taiwan but sadly lacking in the responses to the pandemic around the world.

Let’s look at the figures for Taiwan and then try to understand why.

Screenshot 2020-03-31 at 08.54.30.png

Looking at this we can see that Taiwan seems to have effectively “flattened the curve”, unlike pretty much all western states. With a population of 23.8 million people, cases per million people are 13.5. For comparison, Martinique is at over 300 cases per million currently, and we haven’t even reached the peak it would seem!

If you look at the how, you will see that Digital Transformation enabled this. From a basic infrastructure point of view, but also from the tracking and public information systems available to the population (and in some cases the rest of the world). An example is the eMask 2.0 system pioneered by Taiwan’s Central Epidemic Command Center (CECC). Users register using their national ID cards and can order online to pick up their masks at convenience stores and pharmacies local to them from anywhere in the country. This tweet from Audrey Tang, Taiwan’s Digital Minister, shows it in action:

The system, additionally, helps the public understand stock levels and re-ordering dates, giving them precious knowledge that masks are available and on order, limiting panic buying and hoarding by giving the public the confidence in an integrated system that is set up to protect their health. Imagine the benefits that could be extended to other services too, like treatments for other ailments or even essential food and toiletries. In the event of a crisis — think hurricanes and earthquakes— imagine if you could be reassured that food, water and medical supplies were available in your area and being assured by a working supply chain, you might be less inclined to stock enough toilet roll to wipe your 🍑 for the next 10 years! (I’m looking at you, people in the UK!).

IMG_1371.jpeg

For a bit of background about why we’re not hearing much about this around the world, this BBC article goes into some detail about why Taiwan is excluded from the WHO by political pressure from China. It contains a link to a (frankly) shocking video shown above: 

Why Taiwan has become a problem for WHO


Your privacy after COVID-19

As housebound working-from-homers now, we are all forced to rely on services that we would not necessarily use as much prior to this pandemic. You were probably on a Zoom call over the last couple of hours or days, your child probably on a Google Hangout and in your private life, you'd possibly even toyed with using House Party.

I’ve mentioned these applications and services in a section about privacy for very good reason, as you’ll discover.

Starting with Google, if your school or school board have put in place access to this service through Google Classroom, you probably don’t have much to worry about, and in fact, if they’ve done their due diligence and used best practice configuration correctly as advised by countless consultants specialising in this field, the privacy settings in the school system will be sufficient to guard a reasonable amount of privacy for your child.

But there are some caveats to be aware of. Being in a Google Classroom means that the child intrinsically has a Google Account and that Google Account can be used for things other than Classroom. You may be surprised to learn that they can now use YouTube logged in, and therefore have all their watching habits tracked by YouTube. Sure, the School should be able to monitor this and help you keep a close eye on what they are doing, but seriously, do you think they have time for that currently?

Zoom is a different type of example, an example in poor privacy management. Last year Zoom users discovered that when the software was installed on computers, it self-installed a web server that poked through your internet router, allowing Zoom to reach in a control certain portions of your system, including the camera. The web server remained installed and active even after uninstallation of the main app. The outcry was huge, and Zoom didn’t react quickly, forcing Apple to issue a remote security patch to kill the offending server.

The damage was short-lived and Zoom managed to shake off criticism quickly whilst focusing on developing its user base. It has ramped up its MAUs significantly in the last few weeks, unsurprisingly.

However, late last week, a new privacy violation was discovered. Users on iOS who had chosen to log in using Facebook as the authentication service found that Zoom was transferring more data to Facebook than their privacy policy indicated in a possibly GDPR-breaching configuration. This time, Zoom reacted swiftly and expedited an app update on Apple’s App Store but with the disingenuous read me of “- improvements to Facebook Login”.

It is inexcusable that Zoom did not clearly state in their privacy policy what was happening, and if their statement on the fact is to be understood correctly, no one is quite sure if they even knew it was happening, suggesting an ineptitude that beggars’ belief. Ben Thompson has a much better analysis of this on Stratechery

Screenshot 2020-03-31 at 17.30.48.png

As I was researching and writing this, other problematic issues have surfaced. Zoom’s meetings are not, in fact, encrypted using end-to-end encryption despite the security page stating so (see above). End-to-end encryption means something very specific. Despite what the website says, The Intercept has reported that their conference calls are encrypted but not end-to-end. The difference is important as one from is secure by design and the other is only as secure as the hosts and providers the call is passing through. I you live in a state where eavesdropping is common, Zoom will provide zero security for your meetings.

These transgressions have prompted a number of researchers to dig even deeper and other, more basic flaws, are coming out all the time; we’ve seen Zoom Bombing, where uninvited users join a call and do stupid or offensive things (don’t click the link… it’s awful). And we’ve been informed of a potentially dangerous and damaging oversight where private notes between two or more participants in a larger meeting are downloaded in clear text when any member of the meeting downloads the chat or looks at the minutes’ folder 🤦‍♂‍.

In the time I spent writing and editing this, yet another issue has been exposed; apparently they are leaking email addresses and photos to strangers!

I wanted to write about House Party’s privacy policy, but I just didn’t have the stomach 🤮 I write about this not to discourage the use of these amazing and efficient tools, but to highlight that blind adoption in a period of confusion and panic is not the best approach and it may lead to a privacy nightmare in the time after COVID-19.

But back to Taiwan, Taiwan’s policies on dealing with the crisis employs technology together with movement restriction policies to prevent the spread of this virulent disease. Taiwan tracks the location of diagnosed and suspected cases to ensure they do not leave their quarantine zone. Although they could have done this using a government created and imposed application, like the one currently being considered by the UK amongst other countries, they opted for a softer approach using the cell phone towers to triangulate where people are. The Health Ministry doesn’t have direct access to this information, only the police who have set up a dedicated working group to handle tracking and informing the relevant health system to perform site visits in the event on necessity. I think you’ll agree that this information is less nefarious than what Facebook and Google already have on you, in our “privacy-protected” world!

What you may not realise, is that in most of the counties you live in, the government already has powers to sequester this information about your (historical) whereabouts from the telecoms firms operating in those regions. Taiwan has only put this to good use for the benefit of all.

One of the things I find so frustrating, is that Taiwan has been open and forthcoming with accurate information, with a plan that has been implemented and proven to work, they have repeatedly pestered the WHO and the rest of the World to come and see for themselves and they are willing to share all of this with anyone who just asks. And what have we done? Sweet FA!

To lend credibility to Taiwan’s plan there are a couple of factors that need to be understood. One, the Vice President, Chen Chien-Jen, is an epidemiologist credited with protecting the country during the SARS outbreak in 2002/2003, and two Taiwan has appointed a “real” Digital Minister, the aforementioned Audrey Tang, a tech entrepreneur and developer who has worked in Silicon Valley. If only our Digital Ministers were digital natives!

So how do these two things relate?

Well, because Taiwan has a heap of experience and has implemented thoughtful structural change over the last twenty years, it has been able to function virtually unaffected, with privacy largely preserved —remember, it is only confirmed and suspect cases. Businesses and schools have not had to scramble to find a quick and dirty way to continue to be productive or teach children (compromising security in the meantime) and the country has built the knowledge to help any nation on earth (including China, despite the frosty relations).

Moving quickly, thoughtfully and intelligently is a key success factor in Digital Transformation we would all do well to understand what Taiwan has done. If you want to get some more ideas of where Taiwan is in their Digital Transformation, take a look at this talk given by Audrey Tang at last year’s Island Innovation Summit.

Stay Safe. STFAH.


If you enjoyed this issue of The Future is Digital Newsletter I’d appreciate it if you would share it with people you feel are interested 👇

Share The Future is Digital

Visit the website to read all the archives.

Thanks for being a supporter, have a great day. STFAH.

Matthew Cowen @matthewcowen