Purpose af account deactivation

[Matioupi]

ROBERT specification 1.0 : p5

If this score is larger than a
given threshold, the bit \1" (\at risk of exposure") is sent back to the App and her account is deactivated,
otherwise the bit \0" is sent back. Upon reception of this message, a notication is displayed to the user
that indicates the instructions to follow (e.g., go the hospital for a test, call a specic phone number, stay
in quarantine, etc.).

What is the purpose of deactivating the account on an infection suspicion ?

[kaythxbye]

This is also the topic of issue #16

[ArchanaaSK]

One use of deactivation(or no more Exposure Status Request query) is mentioned in Section 8.A - preventing 'one entry' attack.

As described in previous work [2, 6], all proximity-tracking schemes are vulnerable to the "one entry" attack. In this attack, the adversary has only one entry, corresponding to UserT , in her LocalProximityList16. When the adversary is notified "at risk", she learns that UserT was diagnosed COVID-positive. The ROBERT scheme, however, mitigates this attack by:
• (1) Requiring to all users to register (anonymously) to the server.
• (2) Not allowing a user that receives an ESR_REPLY message set to 1 to query the server anymore.
As a result, a registered user can only perform the attack once and then will be blocked by the system. She is therefore limited to one victim.

This does not address the questions in issue #16 though.