I had to venture out today for a new dental crown, and on the way back, I decided to stop at Trader Joe’s to pick up some eggs. Traffic on highway 101 was extremely light, although it was Friday afternoon – many people must be working from home. So I was quite surprised when Trader Joe’s parking lot was packed.

Walking into the store, a scene that I had never seen: checkout lines that disappeared into the back of the store; all registers open; most staffed by two employees for extra speed. And then: bare shelves, with lots of empty shipping boxes in the aisles – customers must have been picking up things from shelves faster than employees could restock and remove their boxes.

I had done my bulk “prepper” shopping the weekend before, when everything was normal and I only got an occasional glance from people. And today apparently everbody decided it was time to do the same thing. Must have been Trump’s emergency declaration today.

While waiting in the long time, I had time to observe, and ponder. First, what did people pile up in their carts? Almost all of the carts I could see had typical weekend grocery stuff in it. A bag of chips. A can of corn. Some veggies. One guy had filled his cart mostly with already cut-up fresh fruit. Hardly anybody had enough stuff in their cart to last for longer than a week, unless they subsist on a chocolate snack diet. And you are panic-shopping for what, today? So you have to venture out shopping again in just a few days?

What about high-energy, long-shelf-life bulk food instead? Like 25 or 50 pound bags of rice, or a few dozen cans of everything from veggies to processed meat? Admittedly Trader Joe’s is not the store where to get those things … so why even go panic shop there? Few of the people I saw seemed to have thought through why they are panic shopping today and what problem they are trying to solve.

But it gets worse. Here I’m standing in line, and for the lack of anything better to do, I count/estimate the number of people in the store. A few hundred, I thought (let’s call it 250 for my argument here). Standing all here, in relatively close proximity, all breathing the same air. And there are exactly three people (me, and an Asian couple, unsurprisingly) who wear a mask.

To compare, Santa Clara County (about 1.8 million people) today reports on its website 79 Coronavirus cases, of which 36 are hospitalized. Accounting for the disaster that is testing in the US, other countries have about 10% of known cases hospitalized, so that would lead to about 360 known cases if testing had been done properly. However, given the rapid growth of the disease (currently about 30% a day in the county), many more people will be contagious prior to the onset of symptoms, and of course there are those who have few or no symptoms at all. So I will pull a number out of my hat, and claim that there might be 5x as many cases as there are proven (well, would be proven) positive test at this time. That leads to 1800 infected, and likely contagious, people in the county today.

So, back of an envelope, 1 out of 1000 people in Santa Clara County today has the virus and can infect me. The grocery store, when I was in it, had about 250 people in it, with new people pouring in as soon as others left. I’d think that certainly more than a thousand people moved through that store today. Which means at least one infected person moved through the store, stood in line like everybody else, breathed and exhaled, and left their infectious droplets in the air around them.

And nobody, nobody – other than the three of us who were wearing face masks – seemed the least concerned about it. On the same day that the county banned all meetings above 100 people! (for good reason, given the above calculation!)

The employees, at least, had hand sanitizer at their checkouts and used it frequently. But each one of those thousand-plus customers walked by a checker within a few feet, and paused to pay and get their purchases packed, and looked at the checker and spoke to them in a direct line of sight – and exhaled droplets. There were some Corona infections in that store today.

And this, ladies and gentlemen, is why epidemics spread. Needlessly. Because people don’t think.

This diagram clearly shows what must be the best-case response to a highly infectious disease IMHO. Once the Chinese authorities got into gear, the new cases just fell off the cliff and have remained very low ever since. In a few months, we will look at the equivalent of this diagram in the US and other countries, and compare.

I’m afraid we’ll do much worse. The rise here may be slower (lower population density) but the sharp turnaround on 2/4 is hard to imagine here, we are not decisive and publicly-minded enough. (I so hope I’ll be wrong.)

Diagram from Wikipedia.

I’m reading that Taiwan has been limiting, to two a week, the number of face masks people are allowed to buy. The thesis is that it is better that most people have a few, instead of few people hoard a lot, to protect the population as a whole from COVID-19.

They implement it the straightforward way: would-be purchasers must show a national identity card, and there is a centralized database that tracks the purchases against the national identifier. You only get to buy one if you haven’t exhausted your allotment for this week. Other places, like California, do the same thing for certain medications (e.g. Sudafed), and certainly would apply it to face masks, too, if they felt like they needed to ration them. (We’ll see about that.)

Obviously, from a privacy perspective, this system is terrible. The pharmacy has no business to know whatsoever what my full name is, my address, my date of birth, and all of those things that tend to come with centralized ID cards: all information I am forced to hand over to before I can buy my cold meds in California, or a less than one-dollar mask in Taiwan. On the other hand, whatever system is implemented must be reasonably hard to circumvent, otherwise it is pointless.

So, friends in the self-sovereign identity community: how would you guys solve this problem in a privacy-preserving way that nevertheless has the same effect?

Hint: This is a great PR opportunity (in spite of the calamity), and perhaps a tech deployment opportunity, because we can be sure that what Taiwan started about masks here will be followed by others in short order. (I notice that the prices for face masks – in particular the shipping charges! – on Amazon seem to increase by the day.) And why not help out with helping people have more access to protection equipment, while also giving them privacy? There are worse use cases for identity technology than that!

For the purposes of our ongoing discussions in the MyData Silicon Valley Hub about a potential North America conference later this year, here is my attempt at segmenting the stakeholders.

	Prime mover	Follower	Neutral	Adversary
Product & Services
Channel & Distribution
Catalysts
Customers

where:

• Prime movers: innovators, inventors, people and organizations that proactively push the vision forward and do things the first time they have ever been done, not waiting for others.
• Followers: people and organizations who are willing to do things consistent with the vision but only after others have pioneered the way first.
• Neutral: people and organizations who don’t care about about the vision.
• Adversaries: people and organizations whose vision is fundamentally different and whose agenda is opposed to ours.

and:

• Product & Services: creators of apps, platforms, integration products, support and the like.
• Channel & Distribution: systems integrators, value-added resellers, app stores, retail etc.
• Catalysts: press, analysts, event organizers, activists, MyData Global itself, governments / regulators, investors.
• Customers: buyers and users of products and services (consumers, enterprises, governments).

What do you think?

In the US, we think of our struggle over data ownership as a conflict between large, unaccountable companies (like Facebook) versus us as individuals. But it is more complex than that as soon as you look beyond the US.

Take the Germany federal government, for example. How does your sovereignty as a nation look to you, if data is the new oil in the 21st century, but most of that data ends up on clouds operated by American (or Chinese) companies? Critical infrastructure entirely dependent on the goodwill of one (or two) other countries? Who can see anything you do there? Or turn it off in case of a conflict? Sounds like a disaster waiting to happen.

So what do you do? You might team up with fellow nations, like other EU members, and pass regulations such as the GDPR which erodes the exclusivity US companies have over data. Or spearhead a project called Gaia-X, which is intended to be a European alternative to American (and Chinese) “clouds” with the stated goal of regaining data sovereignty.

And into this fight steps Brad Smith, now Microsoft president, who is being quoted (in German) in the press saying:

German data should serve German companies – not just a handful of companies on the US west coast or the Chinese east coast.

(I will ignore here that this comes across as quite racist, and in case of Germany, one should not make that mistake, even if it comes from an American.)

Clearly, Microsoft has identified an opportunity to make a bundle here, by selling to countries like Germany attempting to set up their own clouds, and we know this because the quote comes from very top of the company, not some regional sales manager.

But the striking part of the quote: “should server German companies” (not “people”, or “Germany, the country”) tells us clearly what the German government has in mind here, to whom it is directed: use data to bolster German companies in international competition.

While we all benefit from new rules such as the GDPR, and their enforcement in Europe as in the recent case of the Irish against Facebook, it’s clear we, individuals, are merely an accidental beneficiary.

It’s really about big company competition, supported by national governments. Let’s not forget that. If they were to accommodate each other somehow, I bet the push for privacy and GDPR-like things would evaporate in a heartbeat.

In the privacy-related communities I hang out, we often use the phrase “privacy and agency” as a label for the totality of what we want.

But what if those two cannot be had at the same time? What if more privacy, in practice, means I need third parties to take a larger role, thereby reducing my agency? Or what if I have more agency and can do more things in more ways that I solely determine, but only at the cost of less privacy?

Unbelievable?

If so, then look no further than the recent public discussion (dispute?) between the founders of the Signal and Matrix messaging systems, Moxie Marlinspike and Matthew Hodgson. The essence of their arguments, and I paraphrase:

• Moxie: you can’t build a private messaging system that’s competitive as a consumer app unless a single party, such as the Signal project, takes responsibility and ownership of the whole thing. Lots of privacy, but for the user it’s take it or leave it. Link to full post.
• Matthew: decentralization, on all levels including code forks and potentially insecure (non-private!) deployments, is an essential requirement to avoid single points of failure: critical people or components turning bad. Link to full post.

This is a high-quality conversation and we can all be very happy that it is conducted openly, and in a spirit of finding the truth. Go read both pieces, and ponder the arguments, it’s very much worth your while.

Who is right?

IMHO, both are. I don’t know whether all the the tradeoffs described are as unavoidable and unmitigatable as they are made out to be on those posts; maybe more innovation in technology and in particular governance could alleviate some of them.

However, the basic idea of a tradeoff between them, is valid. The Signal and Matrix projects make different choices on that spectrum, both for valid reasons.

If they need to do that, chances are, everybody else who cares about providing products and services with privacy and agency for the user, faces similar tradeoffs. It would serve us well to acknowledge that in every discussion on those points, and respect others who have the same goals as we do, but make different tradeoffs.

The most important point, however, is this: it shows how important it is to have both projects, or a plurality of projects addressing similar requirements but making different tradeoffs. Because that gives us, the users, you and me, the agency to make our own choices based on our own preferences. Including the choice to forego some agency in some aspects in favor of more privacy.

Which is the most important aspect of agency of them all.