Wednesday Diversion: Mac Screen Problem; Contact Tracing Realities; Who Reads Terms & Conditions?

By Graham K. Rogers

I started the week with a broken Mac screen and picked up a replacement MacBook Air. Contact tracing came to the fore in Bangkok with speculation, misinformation and a relatively painless execution. In the discussions, Terms & Conditions were brought up.

I had an absolute disaster moving to a new apartment last weekend. I had been covering the camera lens for security and privacy reasons, and when I made the move forgot to remove the covering, then put the MacBook Pro in a bag which I put inside a case. The case went inside the trunk of a taxi and we made the journey of some 25 km. After unpacking and putting some boxes away, I had a look at the equipment. When I turned on the Mac there was a jagged line across the screen.

A couple of reboots did allow me to log in but each time the screen went blank (apart from the tell-tale line) after 5 minutes. It was obvious that during the journey the screen had broken and that was my fault for not making sure. Whether it came on during the journey with the screen opening slightly, or whether there was another reason, what went into the bag working perfectly came out dead. I needed a repair and a replacement. I took it in for repair (Bang Khae), but the store had no MacBook Air computers available.

The next day I was in iStudio, Siam Paragon where there were MacBook Air computers all lined up in a row. I asked an assistant if they had these in stock: "What colour do you want". I guess the lesson there is that if the stock is not there, you can't make a sale.

In an editorial the Bangkok Post made some comment on reports that a new app could compromise users' security. I could not find the app, Thai Chana, on the App Store here. This was the second time I had looked as an earlier report had me looking for the app, but it was also suggested (on Twitter) that the specific app was named MorChana, which I downloaded. However, this has no English and seems to be aimed at specific health activities, with no apparent ability to snap QR codes that shops might be displaying. From first reports, anyone with a modern phone needs to scan a QR code at a store entrance. This prompts a browser page to open on which telephone number is entered. Those with no phones (or older models) have to complete a form.

That had been done at the Bangkok Bank in Siam Paragon for a couple of weeks, although they now seem to have abandoned that; and I was also asked to provide my phone number and name when I had a haircut recently. That was quite a sensible approach from a small operation and I saw no reason to decline. I had been using the shop for years anyway and it was just done in the middle of a chat.

In practice the tracking software was not so bad, but a bit of an effort at times. I tried first at The Mall, Bang Khae and, after scanning the QR code (prominently displayed outside), although the web app it accessed was only in Thai, there were plenty of staff available to help. The next day in Siam was a little less easy as the QR code did not appear to work at Siam Center, although a staff helper was ready with QR stickers (they thought of that).

When it worked at Paragon, I realised the previous problem may have been because I had missed the small top of screen display announcement. After that it was just getting into the swing of scanning before going in to a store (overkill when already inside a mall) and coming out. Because there was no English it made me a little slower, but the staff were all ready to help and well-prepared.

It makes sense to have some record of close contacts if someone becomes ill with the virus, as that would assist tracking and subsequent testing, so I am all for that. Tests find negatives as well as positives, so there could be reassurance (safety) as well as quicker access to treatment. It is what the authorities do with the data that concerns people, which is one of the points addressed by the Bangkok Post editorial. The Thai authorities have a poor track record when it comes to collecting data on all manner of things, with some of the Immigration rules harking back to the 1960s and the fear of communist insurgents.

For those with legitimate visas, the documentation required is phenomenal and the subsequent checks (90 days reporting, notification within 24 hours of change of address) are more data recording exercises than investigative. Those who are here illegally don't bother and may be the ones responsible for other illegal activities, while those who are just here to work (teach in my case) are put through the wringer every time.

The Thai app I looked at - vague as the information was initially - may not be connected with contact tracing but initial reports (including the Post editorial) implied that it followed the intentions of the contact-tracing apps that the UK authorities tried to put out. The QR system may use a similar approach but it is web-based and does not use an app. However, just a telephone number (particularly here) allows the authorities access to significant amounts of data.

The U.K. app had so much data collection linked that its real intentions were suspect from Day One. They initially refused to consider the Apple-Google joint approach, but with early testing problems and some negative reports (such as a Note from Dr. Michael Veale that outlines some serious privacy problems), appear now to have begun adjusting the stance.

Similarly, the app that is being developed in France has a data of everything approach and they refuse to look at the Apple-Google solution. A similar approach had been tried in The Netherlands but after problems with its operation and considerable negative press, they switched the approach to comply with the Apple-Google limitations on just what data can be used.

It is worth noting the comments by Bennett Cyphers and Gennie Gebhardt in an EFF article on the differences between data collection methods of the various contact-tracing solutions. The article notes that despite stated intentions regarding data collection, governments do not have a good record with this overall [my italics]. I guess it is just too tempting to go and have the occasional little dip into the data pot to see what comes up.

Some users on Twitter were complaining that True and AIS appear to have changed the way "unlimited data" is defined in prepaid accounts, but that is what they do. And what they can do. I did once have an unlimited postpaid account with DTAC but when the iPhones started using amounts of data that had never been anticipated, because the plan had a time limit (these usually run for a year or so), that was adjusted and I now have 50GB a month I think. I never use it all and it is just continued to the next month.

When Apple changed settings on some iPhones a couple of years back to help with performance from chemically aged batteries, the way this slowed down devices was upsetting. Many claimed that this was Apple's way of pushing users to update. This was denied but the lawyers were activated anyway. This week there has been a settlement of sorts, with Apple agreeing to pay $310M-$500M. Affected iPhone users in the class could receive $25 each if the settlement is approved (Seeking Alpha).

In those notes there is a comment that Apple admits to changing the software but says it did nothing legally wrong. There may, however, be a moral aspect: although the case could be fought for years in the courts, Apple loses more through its public face. Like Distillers Company found years ago when fighting against responsibility for the birth defects caused by its thalidomide, legality means little in the face of widespread public condemnation. Those images of limbless babies would haunt the company forever. In a smaller way, $500m is not going to break the bank at Cupertino and those $25 checks will put a smile on the faces of some.

In my mind I linked the point of Apple denying legal responsibility with the changes in telco services here with the point that in the T&C the users probably had agreed to this. I teach some of this stuff in a class of Ethics & Morals for computer engineers whose own livelihoods will depend on contracts and legal agreements with regard to the code they write and the applications they use.

I initially brought this up years ago in relation to Adobe Photoshop which most used at that time, but none paid for. I called them out on their hypocrisy, particularly as most wore expensive clothes and watches, and some drove expensive cars. None however was willing to pay for software, yet would expect people to pay for their work. As far as ethics and morals are concerned this hit home.

When I pushed this further I found, unsurprisingly, that none had read the T&C or end user license agreements (EULA). I have, particularly with regard to Facebook and Twitter, and this week, in preparation for the next class, LINE. Condition number 3, for example, allows LINE to change whatever they want and users of course have all accepted that. In practice this would perhaps be related to an unforeseen change in the way the service is being used, and in the same way as other like systems, such changes would be publicized before they came into effect; but the T&C do not actually require that.

Among the other little gems I found was provision of services. Of course, force majeure, war and other unusual conditions would preclude continuation of services: in my these are understood. However, in a catch-all at the end of Condition 6, there is "When LINE reasonably determines it to be necessary, other than those set forth in items (1) through (4)" (force majeure, et al).

The sorts of things I have seen in the agreements we click Yes to (otherwise the service, application or device cannot be activated), include permission to send our data to law enforcement agencies, allowing sharing of our content with 3rd parties, and accepting instant change whether we agree or not.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. After 3 years writing a column in the Life supplement, he is now no longer associated with the Bangkok Post. He can be followed on Twitter (@extensions_th)