Amazon, Apple, Google discussed on The Signal
And a big part of the problem here as far as Vanezis is to do with the fact of everything being on one centralized set because the government has awarded the APPS data storage contract to Amazon. And that's how the company plans to do things. But it's not the only way because Google and apple also working on a similar system but without that same vulnerability and I think it's highly significant than that other countries like Germany and Switzerland adopting a decentralized model adapted around the new process from apple and Google. That is coming out. That will mean it's not just a different big database hosted by apple and Google. It's a completely decentralized system in which there isn't a central place where this information gets stored at the very least the Amazon. Seva loons list of contacted everybody who was infected and it has enough information should happen to have a way of acquiring information scored on the Pistons. Fine it has enough information to Decrypt Information Mundi. That person was close to. It haven't been affected the apple and Google solutions fundamentally different reasons a single interesting facts. There aren't any collections of entities except the fines. That heavy the information necessary to identify the context of stored on a Pistons Five. Okay and we've been talking in the abstract about Australian governments in general but what about the government in particular? What is its record like when it comes to handling these sorts of sensitive data sets? Well unfortunately there's a bit of a history of making mistakes and not being entirely honest about my research group with Chris. Collin and Ben Rubenstein was the group that identified that a Medicare and Dasa in which the Department of Health published nearly three million people's complete Medicare and pay records online. Back in two thousand sixteen was actually very easily identifiable. The encryption of the doctors wasn't done properly and the the patient was actually really is now. Unfortunately although the Department of Health was honest about that easy decryption of the doctors I never really been completely honest about the easy route implications patients. So there's a good two and a half million. Australians at his complete previously identifiable Medicare and PBS records published online and. They still haven't been talked in. That context a field. It's really really important for us to have a lot more transparency about how the fat really works. 'cause we still knife show what's actually happening on the service side. For example we know what happens in trist together because the Singaporeans of my this civic completely openly available for public inspection. But we still haven't got any code that tells us what the is doing. So if I've made another mistake and they've just missed their encryption game. There's no way for us to detect that figure it out. You want to mark the government's homework well it do. Yeah exactly and we already saying even just from the APP for already saying some really constructive examination from people who know a lot more about Bluetooth than I do. Who figuring out some details about how to improve the white works and bluejays. If the government made the civic openly available for public inspection by the rest of us then we'd be able to look at it and understand with mistakes and helping fix Saddam in a way that in cracked everybody okay. So we've talked about the vulnerability of this data set to governments. What about some of those other parties that we talked about who might want to? I guess hacking you mentioned that we don't have proper is yet on the way that daughter is encrypted but from what we do know how secure it. We don't know for sure Amazon. Sittin reasonable reputation for making ed at least as hot as anybody else for random house things on the other hand. We deny that there are some foreign nations in particular that are very sophisticated and have the potential to break into things that are extremely well defended castrating strating right so and you can. You can see why a crispell design would be one. That just didn't have that. What you just said the sugar pot on the table in the first place. If we didn't have that central server we wouldn't have to wonder about with Amazon's pretty good protections Besa than for example. The Chinese government's probably very sophisticated capacity to breaking.