We’re quite interested at that use case. Our CIO Dr. Chiueh helped us to transition to a passwordless, always-verify, assume-breach architecture, which means on all levels of services configuration, I can use Linux 100% of the time collaborating with other colleagues. I think all of this is part of our ...
The moda, our ministry, is something of a ministry-sized sandbox, so we try new things here first. For example, we asked specifically for Entra’s decentralized-identifier capability, and Microsoft Taiwan said nobody ever asked for that capability before.
Yes, we have studied the works of the Дія team.
For the record, I use Linux as my main work environment.
But what’s the goal here? Do you want to say it’s as good as data localization?
Do you have any success in approaching other jurisdictions on this “cloud for sovereignty” approach?
Because you know, around the world we have seen many jurisdictions that have this data residency or localization requirements. Not just the infrastructure, but also on who operates those infrastructures.
It is general-purpose then?
Or you just the data kept in your applications such as OneDrive?
This is applied to… like arbitrary container code that I run in Azure?
So the double key encryption is over there, yeah, and I’m quite familiar actually with confidential computing, general-purpose confidential virtual machines and containers…
We will use speech-to-text through Azure Cognitive Services. I trust that you trust Azure?
Now, cybersecurity is usually about confidentiality and integrity, but maximum availability through multiple channels is becoming very important now.
We were just having a conversation before this meeting, with Dr. Herming Chieuh and we talked about red team assessments. While other governments and companies have to pay people for such service, we get such service for free, like from actual red teams. This is one of the areas that ...
Welcome. When I first entered the governments as a minister at-large in 2016, one of my first projects was on emergency response with the EMIC and NCDR system which formed the backbone of the Civil IoT system. And I thank Microsoft for helping popularize these ideas.
Yes.
That apparently has some constitutional controversies, watching from afar. I did not have any conversations, nor do I know anyone who did have direct conversations with your prime minister.
Hmm, I personally did not have calls with people in Israel. We understand our, for example, Department of Cyber Security and so on did do briefings on many countries with similar values. I don’t know whether it includes Israel or not. We do know that your prime minister cited us ...
Yes. There’s a lot of publications as well, and journals. A lot of focus that we’re putting on now is on useful knowledge sharing between bilaterals because every municipality, to be precise every outbreak epicenter, is very different. We think it’s very useful to work bilaterally instead of a universal ...
Yes. We were not prepared during SARS. We decided 37 people died is 37 people too many. There was a whole recap of not just the medical procedures, but as I mentioned, also the constitutional rulings and things like that.
I think it has a lot to do with hospitals’ preparedness. If the hospital has – in computer science, it’s called redundancy or high-availability plans – then you can afford to do that. If you don’t, then the hospital itself needs to undergo reconfiguration. Certainly it cannot overwhelm itself during ...
If you’re from a mild place, and you show no symptoms, then you’re put into the digital fence and you’re at your home doing the 14-day quarantine. Everybody is quarantined.
Right. The difference is between if you show symptoms, then you go to a hospital for a quarantine. If you’re coming from a highly dangerous area, highly risky area, then the entire airplane goes into a quarantine center. Well not the airplane itself, all the passengers.
If they’re showing symptoms, they’re going to a hospital. They’re not going into home quarantine.
Yeah, or maybe with which everybody switches to telepresence and immersive reality, and methodically cut down carbon emission.
Our citizens can return any time. Currently we’re banning all foreigners arriving to Taiwan, unless for a specific purpose. They need to be reviewed on a case-by-case basis. In this time period, the problem you raise does not present itself. Eventually, of course, we need to solve that.
The volume went beyond the original expectations, but now, we’ve been expanding such accommodation places, and so on. It’s a daily-improving system, so what we are describing now may well change tomorrow, but the constitutional and algorithm’s principles stays the same.
There’s also the challenge of people simply going into the quarantine not expecting to pay for the accommodation, but actually, the conversation comes after getting them the accommodation. If people come to Taiwan but with no cash and so on, the local government need to find them somewhere, and so ...
Or we can switch to the LINE system, which has a verified account. It’s like WhatsApp. A chatbot can then automate most of the daily checking, so that we free up some chores from the local managers.
There will be, for example, spammers that masquerade as the SMS checkers, and it’s solved using crowdsourcing, it’s called Whoscall, it’s another technology.
Of course. Every person under quarantine, as I said, other than their temperature and their symptoms, we collect their feedback to the system. It’s continuously being updated by people’s feedback. There’s a lot of challenges, of course.
Their whereabouts, yes.
Yes. Or between Google and you, but yes.
Putting on a mask, protecting others, going to a clinic to get a check is the logical thing to do if you know that you’re going to be protected and you’re not going to cost a fortune.
Because people don’t want to be sick, and we have a single-payer health system. They are not going to pay much for the treatment, and the surgical masks are plentily available.
Well, I guess that’s like asking how do we enforce washing your hands with soap? We do not enforce that, but people do that.
Right, so they wear a mask and get a check from the local clinic.
No, the information, with this tool, because this tool is general-purpose, it’s for people not under home quarantine. We do not have the constitutional right to force them to share anything.
It doesn’t tell you what to do. It just shows how the contact worked. In this way, your location history is not shared. It doesn’t really leave your phone. It’s between you and the nav sources.
Then you get the Google Maps timeline. The basic idea of this simple tool, which is a web-based tool, is that it automatically ask you to download the last period of your Google history as well as any API-compatible service, and also downloads the available data of specific cases so ...
Of course. Something like that. This application layer, that is the location history tool, it’s developed by civil society here in Taiwan. It’s also been incorporating data from Korea as well as from Israel. It relies on an application-level feature of Google called Location History, which is for a phone ...
I don’t think we use signals other than the ones provided by the telecoms. It’s mostly base station data. This system is developed in Taiwan. It’s one of the major telecoms, the Chunghwa Telecom developing it. The other four telecoms voluntarily participated. They settle on an API so that even ...
Exactly.
Of course, we then use the digital fence checking to make sure that if they significantly overlap with other people’s phones, then they may be also at risk. That is only if you escape quarantine.
Yeah. If they break out of the quarantine, of course, the automated system, as you see on the picture, notifies the county governments, the neighborhood managers, the police dispatch if they went too far from the quarantine, if necessary.
It’s a large amount of people, like 50K, but yes.
For people under the home quarantine, they’re clearly informed of it, although there is no consent process because constitutionally, there is no requirement for a consent process.
The amount of data collected is minimal, for people under home quarantine for 14 days. We’re just sending them instant messages where they reply, with their temperature, whether they show symptoms, and any suggestions they have to the quarantine experience. That’s the only data that we collect. It’s minimal, and ...
When we say outside of purpose, we mean that we don’t actually touch the data collection phase. It is mostly the data processing and application face that we’re touching. The telecoms are already collecting the signal strength.
Digital fence in its worst form is exactly the same as a barricade. It’s almost always better than the physical barricades, from the constitutional human right viewpoint. The legality of this is not disputed this time.