Why is the misuse of TT data of such paramount importance? And can't authorities, if they wish, just obtain access to cell data or "GPS"?

A thread in plain English, with as little tech jargon as possible. 1/
TT works by exchanging Bluetooth signals with other devices running the TT app every time you come within range of one.

Now, what data should TT exchange that can be "private", yet traceable? There must be some way to identify you when needed, tio bo? 2/
Obviously, phone numbers or NRICs won't do since they're directly linked to you. Phone serial numbers or the serial number of the phone's Bluetooth chip may sound like better ideas - except they can also be hijacked by third parties, like a (rogue) telco or phone shop. 3/
Pause for a moment.

What has been implied is: "The data that is exchanged could have been very insecure data, but the G found a way to make it secure."

This statement is factual...
but only as long as the data user - the G - does not abuse it, either.

Hold that thought. /4
Back to my explainer. So what is this data? Well, it consists of a user ID (generated from your personal info), a random number, and a start and expiry time. The purpose of the latter items will become clear later.

This data is then scrambled up, like a Rubik's Cube. Why? /5
See, imagine the guy who scrambled the data is the G. If the method of scrambling is only known to the G, only the G should be able to unscramble it.

(Of course this is a simple analogy since any Rubik's Cube can be solved by anyone given enough time. But you get the idea.) /6
The random number, start and expiry time ostensibly add another layer of security. The start and expiry time ensure that any data exchanged is only valid for a certain period of time (in practice this is about 15 minutes)... /7
And if the random number is known only to both your phone and the G, and both update the random number between them at the same time, another layer of complexity is added.

An interceptor would have to know both the random number and the method of descrambling... /8
...while a different sort of attacker, hoping to impersonate someone else's phone, would also have to know the random number AND the start/expiry time of that particular "piece" of exchanged data - which is virtually impossible! /9
So we know TT data is secure. But it is accurate? Relatively speaking, VERY.

TT data is transmitted over Bluetooth. Normal Bluetooth has a range of 10 metres. And BT devices also report their signal strength, so that 10m range can be broken down into even finer accuracy. /10
Cell tower positioning, by comparison, is determined by triangulating the distance of your phone from three or more adjacent cell phone towers or base stations. So the accuracy depends on the distance between cell base stations... /11
...and while indoors this may well be be on the order of a few metres, outdoors it could be as high as a few hundred metres. Cell tower data would have to be obtained by making a request to a telco. /12
What about GPS? The thing about GPS is that it is a one-way signal from satellites in space. So there's no way to "scan" or know where another phone is - except if that phone has some other way to transmit its GPS location to a third party.

Oh, and GPS doesn't work indoors. /13
Cell tower data and GPS data are localised on one device. If you want to track dozens of users using cell tower data - you have to make a request for dozens of users. If you want to track someone using GPS, you have to find some way to get their device to report its location. /14
By contrast, TT relies on exchanges with many devices around you, potentially hundreds at a time. It's relatively easy to find out not just where you were but who you were with at any time, simply by knowing where one person was. /15
I hope I've shown you that the accuracy and reach of TT data are without doubt. Now, I have no doubt about the security of TT data. The problem, rather, it's the intent of the one holding the keys. The party with the "descrambler" - the G - needs to be fully trustable! /16
And it is at best concerning that TT data, originally touted as being only for MOH use, can now be used to track anyone for the purpose of crime investigation. What makes it particularly disturbing is that this was done before notifying us. /17
Understandably, this is a golden opportunity. Again, cell tower tracking can be inaccurate, and requesting that data may pose difficulties. GPS requires users to consent to (or be tricked into) sending their GPS position data. /18
But TT, being a real-time network of very accurate Bluetooth exchanges, is an excellent way of tracking community - not just individual - behaviour. As some have pointed out, TT could be used to obtain statistics, some of them very private. /19
We should not say "govts can already get data from anywhere else". They can, but we can see how Bluetooth contact tracing systems, in the name of pandemic control, are an unprecedented opportunity to tighten surveillance.

And what we now see, seems to reinforce this.
Note: In order to enhance the understanding of Joe Average regarding this matter, I have simplified some of the information, perhaps reductively.

Those in the know, please don't flame, ok?
@top10lasagna dedicated to you
You can follow @formerforceuser.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.