The privacy versus safety debate examines the wrong dilemma, according to Geoff Ebbs.
Numerous podcasts and current affairs programs have raised privacy concerns this week around track and trace software proposed by the Australian government. They generally framed the debate with safety as one horn of the dilemma and privacy as the other. The question is most regularly posed in the form, “How much privacy we are prepared to sacrifice to obtain the safety offered by the track and trace application proposed by the Australian government?”
Privacy is threatened
This article does not seek to devalue privacy concerns.
There is no doubt that governments have aggressively adopted surveillance and centralisation of data to strengthen their power over the population. Although essentially a democrat rather than an anarchist, I have a great deal of sympathy for Proudhorn’s view that “To be GOVERNED is to be at every operation, at every transaction noted, registered, counted, taxed, stamped, measured, numbered, assessed, licensed, authorized, admonished, prevented, forbidden, reformed, corrected, punished.”
Despite the High Court ruling last week that the Australian Federal Police used an illegal warrant to enter the home of journalist Annika Smethurst, they made no ruling to prevent the police from keeping the data they had illegally gained. Despite the High Court ruling last week that the Australian Federal Police used an illegal warrant to enter the home of journalist Annika Smethurst, they allowed the federal police to keep the data they had illegally gained. It is beyond irony that the AFP used illegal means to shut down a journalistic investigation into spying on Australian Citizens by the Australian Signals Directorate. The story involves layers of abuse by government agencies carrying out surveillance on citizens.
So, concerns about privacy are completely legitimate. The
problem emerges in the assumption that there is an inverse relationship between
privacy and safety. That there is a direct trade-off and we must choose how far
we want to push the slider along a spectrum between full privacy at one end and
full safety at the other.
A thought experiment
Without going into the deeper technical details of the
various approaches being proposed to track and trace we can carry out a simple
thought experiment between two possible and radically different approaches to reaching
the end goal of tracking and tracing.
One approach, commonly called the Bluetooth approach, is to provide
unique IDs to each citizen and then to record what other citizens you have
spent more than 15 minutes with in your phone. The other approach is commonly
referred to as the GPS approach and it maps your location over time, providing the
possibility of identifying who you were near at any given time over a certain
The Bluetooth approach is considered superior for a number of reasons, and a version of it has been selected by the Australian government. The most widely discussed reason is the better accuracy of the system. The GPS data is easily confused when people are in the same building, but not near to each other, for example. The Bluetooth method ensures you are close enough to share a signal, which roughly equates to breathing the same air.
There is a fundamental difference to the nature of the data
and the world model involved. This is really important, if a little abstract.
The Bluetooth model, at its simplest, simply stores a list of ids that you have shared space with for more than 15 minutes. It requires a date to be stored along with the ID so that you can eliminate people who you shared space with outside the incubation period of the virus. Other than that, nothing else is required. So, when you are found to have CoViD19, ie test positive for a response to the virus named SARS-CoV2, you supply the list of IDs you have had contact with to the government and they are duly notified. That’s it.
The model of the world maintained by this method is a record of interactions. If that was fully shared, we could build a day by day account of who was with whom, which may be useful for lots of reasons, especially if shared with other data, but in itself it need not constitute surveillance of a particularly invasive kind. It also requires a relatively small amount of data. 1 billion people, each recording a couple of hundred interactions a day, involving two numbers for each transaction – the ID and the date. That is two hundred billion numbers a day, roughly a trillion numbers a week.
The GPS model, on the other hand, records the location of every individual on a map of the world at some time interval, say every minute. This necessarily has to be centrally stored, because the amount of data required to record your location like this would swamp many people’s phones. The result is that your every move is available to the data holder, and everyone who has access to it, for as long as it is stored. The amount of data required is phenomenal. Every person requires at least two numbers to identify which of the 149 million, million square metres of the earth’s land surface that they occupy and another number (or, more usually, pair of numbers) to identify which minute of which day that space is occupied.
Tracking the same billion people requires (1,000,000,000 * 4
* 86,000)= 346 thousand trillion numbers per day or roughly one and half million,
trillion numbers a week. That requires one million times the storage of the
There is little wonder that the Morrison government has opted
for the Bluetooth model.
The purpose of this analysis is not to confirm the wisdom of the Morrison government’s decision, indeed they may not implement the simple and benign solution outlined above, but to identify the different dimensions involved in building such solutions and the relationships between the social, political and technical aspects of those solutions.
Extracting some principles
The simplest Bluetooth approach offers a solution that reduces the quantity of data by a factor of one million, that is six orders of magnitude. The elegance of that approach seems inherently valuable just because of these data savings. It also provides a much less intrusive data model by focusing on the data required to achieve the specific outcome.
In this case, the desire to identify who might infect whom requires
us only to record the encounter, not its location, or time. The recording of
the encounter obviates the need for mapping any individual’s journey. The improved
requirements analysis reduces the problem significantly.
The general preference for simple solutions is generally captured by technologists under the heading of elegance. The value of elegance in programming has similarities to the core principle of Occam’s Razor, “Entities should not be multiplied without necessity” or in modern business English, “Keep It Simple Stupid.”
Similar logic applies to the concerns expressed over the
nature of targeted advertising in late 2019. Scott Morrison insisted that Google
and Facebook provide data on who had been shown what advertisements. They
resisted on the basis that it would be impossible. You only have to think for a
moment about the amount of data storage that such an endeavour would require to
realise that it is inordinately easy to imagine systems that generate more data
than it is capable to process. I have crashed more than a few computer systems
in my time with such infinitely expansionary code.
One thing that results from the simple, elegant solution of
capturing only the ID of those in close contact is that it separates the requirement
or tracking and tracing from any external surveillance concerns. The important
thing in this case is that it removes any purported relationship between privacy
The bigger picture
Some artificial Intelligence systems apply similar simplification
to resolving navigation problems. I studied an introduction to Robotics with Professor
Agris Nikitenko at Riga Technical University in Latvia. His team has produced world
champion sumo robots using AI sensors that predict the movements of their
He told me that the research they are carrying out mimic the
sonar systems of bats and other biological navigation techniques. He said that
one of the key findings was to lose the notion that they had to build a map of
the world and then identify their place in it. “That is a very modern
rationalist approach to the world,” he said, “We can build far more effective
solutions just by recognising what is a door or, more generally, what is a
possible entrance or exit, rather than trying to build an entire map.”
The general approach of modern AI to simply identify
successful results in masses of data, rather than trying to construct a system
of meaning (or map) of how that data might hang together is at the basis of
many systems we use every day. Recommendations of music, entertainment and consumer
goods that we might like, route mapping across cities, risk assessments by insurance
companies and banks; all these use AI that develops solutions from the bottom
up examination of detail rather than the top down application of meaning.
Our understanding of virology and the development of vaccines
has moved in a similar direction, leaving behind the development and testing of
hypothesis to the generation and testing of models based on large data sets.
This mimics the random nature of evolution. It is always
tempting to anthropomorphise evolution by attributing intention to specific
genes. The truth is that quite complex behaviours can be generated and
explained by relatively simple variations in the base coding. The evolution of
an ant colony, for example, can be explained with eleven rules or less,
including simple things like “put waste far away from food.” That includes
quite complex social behaviours such as “older, established ant nests are more
mellow than younger ones which need to be more aggressive to establish their
Technical co-founder of Sun Microsystems, Bill Joy, once explained
the notion of the company’s slogan “the network is the computer” to me by
describing “the ballet of the network” as data flowed between people. He said
we have moved beyond the Information Age to the Participation Age. His view was
that the network is the wiring for the organism that is civilisation.
In the Selfish Gene, Richard Dawkins proposed the concept of
a meme as conveying “the idea of a unit of cultural
transmission, or a unit of imitation” in a similar way that a gene provides a physiological
unit of transmission.
In 1992 I wrote in PC Week that the concept of Gaia, that
the planet is an organism, meets Dawkins’ concept of the meme and Joy’s concept
of the network in the concept that computer codes is the DNA of civilisation.
In the same way that ancient bacteria exist as individual entities in their
original habitat and also as enzymes in our digestive tract. Just as we humans
are meta-organisms containing the evolutionary history of the cells from which
we are built, so are we nodes in the network which is the organism of the
Architect, philosopher and accidental grandfather of modular
programming, Christoper Alexandar addressed the 1996 convention of Object
Oriented Programmers (OOPSLA) in San Jose with a challenge. His recognition as
a founder of Object Oriented Programming was based on its use of his modular
combination of patterns in architecture to create “good buildings.” He noted
that his life’s work had been to identify what was morally good in architecture
and what was amoral or worse. His challenge to the 1996 conference was that
while they had adopted his approaches to generate efficient, fast and elegant
code, there had been no attempts to build a moral framework into the code
“What I am proposing here is a view of programming as the
natural genetic infrastructure of a living world which you/we are capable of
creating, managing, making available, and which could then have the result that
a living structure in our towns, houses, work places, cities, becomes an
In the discussion of how we best design and manage the
computer systems that increasingly dominate our lives, we need to keep a very
clear head about exactly what it is we are doing.
Geoff is an author, publisher and performer dedicated to building an independent media. He worked for Australian Consolidated Press as a Packer editor until starting his own media company in the mid-nineties.
The Generator started life as a radio show on Byron Bay's Bay FM and continues as an umbrella for the Cage, the Cross and Great Notion.