Cupertino, mountain view Google and Apple have responded to criticism of the planned Corona warning apps. On Friday, they presented further details on opening interfaces in their operating systems. With new data protection measures, it should now be even more difficult to monitor individual users using the tracing apps.
The US technology giants want to enable authorities to trace the contacts of people infected with corona. According to the companies, this access could already be available from mid-May. But there is still great distrust of the apps.
Various governments and authorities had asked Google and Apple for help. Due to the widespread use of their Android and iOS operating systems, those technical tools could help to contain the virus.
The apps are seen as one of the prerequisites to loosen general contact restrictions. They should record when smartphones come close to each other. If one of the users later reports in the app as a Covid 19 patient, his contacts should be able to be informed.
The reworks presented include further encryption. Among other things, information about the signal strength of the Bluetooth radio is to be encrypted. In addition, the keys are created for every day from each device. According to experts from the companies, it is impossible to recognize individual devices or their users by such features.
Google and Apple emphasize that the use of the apps is voluntary. Users of Google’s Android operating system and Apple’s IOS system could decide at any time whether to activate the program on their smartphone.
If users decide to participate, their data are shared with the health authorities in two scenarios: when users report a Covid 19 disease in the app or when they have had contact with a reported sick person. In both cases, only anonymized data is transmitted.
The authorities in the respective country are to decide for themselves how close two users must have been and how long they have met for the data transmission to start, according to the companies. All other data should only be saved on the device of the user.
The companies did not want to comment on whether the method presented here excludes the controversial solutions based on central data storage in Germany. But they are in discussion with all interested authorities and tried to find common solutions, it said.
DP-3T vs. PEPP-PT
In Germany, a fierce controversy about the appropriate structure of an app for tracking infection chains has flared up. All experts emphasized that they wanted to build an approach that protects privacy and prevents state control.
All approaches want to develop a smartphone app that uses Bluetooth to determine which other devices are nearby. Both approaches also require servers on which information is stored. However, it is controversial how much information can be stored on the servers.
On the one hand, there is the DP-3T (Decentralized Privacy-Preserving Proximity Tracing) approach behind which, among other things, the Helmholtz Center for Information Security CISPA is based. The model is also described as a decentralized model. The idea behind it: The servers may only store the absolutely necessary information.
In essence, this would be an anonymized code from infected people. All other information is only stored on the end devices. This works out from the current documentation of the group forth. She has already released a first version of the app.
This is contrasted by the PEPP-PT (Pan-European Privacy-Preserving Proximity Tracing) project. In the concept paper of this approach the central servers get a significantly more extensive function. They should not only store information about confirmed infections, but also information about all devices on which the app is installed.
Data protection and network organizations warn that this collection of data can be misused. Many groups, including more than 300 scientists, have therefore spoken out against PEPP-PT and for DP-3T.
In a warning letter, the influential organization Chaos Computer Club (CCC), along with other groups, argues that the central approach offers little privacy and the information could be misused. “A corona tracing app should, if at all, only be built and programmed on the basis of a decentralized approach (…)”, demanded the groups.
More: Federal Office raises alarm due to security holes in Apple’s mail app
The Chancellor is in top form in times of corona crisis. Angela Merkel explains complicated population doubling rates and reproductive numbers. But she also knows everyday things. “They have to be washed or ironed regularly, put in the oven or in the microwave,” Merkel explains how to care for respiratory masks. “Even if that sounds a bit housewife, so to speak.”
The omniscient state – embodied in the chancellor. The subjects are explained life down to the smallest detail. With this self-image, Merkel takes “measures that have never existed in our country before”. Fundamental rights are restricted, the economy is pushed to the brink and then supported with unprecedented aid.
One of Merkel’s closest confidants, Peter Altmaier, is more than enthusiastic. “An uncle who brings something is better than an aunt who plays the piano”, the Federal Minister of Economics remembers of his childhood.
And what is brought along! If you add up everything the federal government now wants to offer to combat the corona crisis, you get a gigantic sum of at least 1.2 trillion euros. No other country in the world has raised so much money in relation to its economic strength.
Germany has a full 35 percent, far more than the EU average or the USA. Federal finance minister Olaf Scholz did not understate what he promised a few weeks ago: “It is not spilled, but padding.”
The increase in importance and power is unique. Never in the history of the Federal Republic has a government intervened so quickly and deeply in public life and thus in the economy. After the financial crisis, German government debt rose by 315 billion euros in one year. The value of the federal, state and local governments will be far exceeded in this crisis. “I am worried whether we will be able to return to normal economic policy,” says Lars Feld, Germany’s top economy.
The measures to protect health are understandable. But the question increasingly arises: what side effects do the multi-billion dollar rescue programs have? The free market is disturbed, competition is distorted, prices lose their signal strength.
“As much market as possible, as much state as necessary”, the famous words of former Federal Minister of Economics Karl Schiller lose their meaning every day.
There is a risk of higher prices, inefficient companies and loss of wealth. It is significant that more and more companies are turning to the Bundeskartellamt during the corona crisis in order to be exempted from cooperating with competitors. The new spirit of state economy speaks.
Spend as much as you can. The year 2020 will be disastrous. Kristalina Georgiewa (IMF chief)
Certainly, help for companies with no fault of their own must be provided. But with the flood of support funds, the risk of misallocation is high. Capital and labor are tied up in companies with below-average productivity, less investment and innovative strength.
A few weeks ago, after a parliamentary request from the FDP for possible support from zombie companies, the Federal Ministry of Finance had to admit that “necessary market processes of creative destruction are hindered”.
The concern is justified that the state is eating itself too deeply into the economy, throwing privacy and data protection partially overboard and that the influence on the market will not be reversed after the end of the crisis.
A look at history suggests little good. The federal government is still 25 years after the IPO Deutsche Telekom still the largest single shareholder.
Fundamentally, there is a problem that is known in the economy as moral hazard: companies and citizens behave irresponsibly or carelessly due to existing false incentives. The news of fraudsters sneaking up subsidies is increasing.
“The state is a lousy entrepreneur”
The appearances of Altmaier and Scholz are characterized by superlatives. At the federal press conference, they will be presenting the rescue packages worth billions to the public with great regularity. “This is the most comprehensive and effective guarantee that there has ever been in a crisis,” said Altmaier in mid-March. “This is the bazooka, we’ll look for small arms later,” the Federal Minister of Finance said at the appearance.
The small arms that have now been added are quite large-caliber. Scholz announced a debt-financed supplementary budget of 156 billion euros. This includes an emergency fund with a volume of 50 billion euros, which is aimed at the self-employed and small businesses with up to ten employees.
The federal guarantee for the state bank KfW is increased by up to 450 billion euros. And then there is an Economic Stabilization Fund (WSF) with a volume of 600 billion euros. The majority is earmarked for government guarantees to keep companies liquid.
100 billion euros are reserved for possible investments, i.e. partial nationalization of companies. The battered Lufthansa is already holding talks about state participation.
You can still hear Altmaier’s words: “The state is a lousy entrepreneur.” The Federal Minister of Economics at least dedicated the most beautiful hall in the ministry to Ludwig Erhard. But he is currently just as far away from Erhard’s mantra as the Germans are from summer leaves in Mallorca.
Minister of Economics Peter Altmaier (standing) and Minister of Finance Olaf Scholz (front)
The father of the “German economic miracle” throbbed to measure, he remembered sentences, the state should not be a player, but an arbitrator in the economy. Now the state is preparing to take over the entire football club.
No other industrial country is helping its economy with such large sums as the Federal Republic. This shows a new evaluation by the International Monetary Fund (IMF). He does not criticize Germany, on the contrary. “Spend as much as you can,” advises IMF chief Kristalina Georgiewa. The economic situation is too depressing.
The Council of Experts is now assuming that the economy will decline by more than 5.5 percent this year. This is the case that was previously treated as a worst-case scenario. The economic downturn would be worse than in the global financial crisis. 725,000 companies have registered financial difficulties and short-time work.
Including: hospitals. Health Minister Jens Spahn ordered them at the beginning of March to postpone all planned operations. For the hospital operator, this means severe revenue losses. More than a third of the intensive care beds are not occupied. With the Hospital Relief Act, the federal government created a regulation to compensate the clinics for the failures. But that’s far from enough.
This is the bazooka, we’ll look at small arms later. Olaf Scholz (Federal Minister of Finance)
Some private organizations have registered short-time work, including the Schön-Klinik group. The head of the German Hospital Society, Gerald Gaß, sees the time for a “careful, gradual resumption of regular care”.
Spahn also said last week that clinics could “gradually return to normal”. “We do not want to keep 40 percent of the intensive care ventilation beds in Germany permanently”, said the minister.
The pressure on the companies is huge, the need for help is great. This year alone, the federal government is raising 156 billion euros in new debt. The federal states are also preparing an extensive flood of money for pumps.
According to a survey by the Handelsblatt newspaper among the 16 state finance ministries, they are currently planning 65 billion euros in new debt to fight the crisis. In addition to the federal government’s huge € 1.2 trillion rescue package, the federal states are also helping their companies and the self-employed. Bavaria alone has launched a fund with 60 billion euros.
The IMF chief not only welcomes the gigantic aid package in Germany, the monetary fund also calls for thorough control. “Keep the bills,” said Georgiewa. Transparency and accountability should not be put off in the face of the crisis. Whether Germany is world champion in this discipline, doubts are increasing.
Risk zombie company
The financial crisis shaped a saying by the former head of central bank in Europe, Mario Draghi: “What ever it takes”. In this crisis, it becomes a “Whatever, take it!” Aid is mostly spent without checking, the money cannot be distributed quickly enough.
According to an overview by the Ministry of Finance and the Ministry of Economics, over 26 billion euros were applied for by KfW Hilfen. Almost 13,000 of the more than 13,200 applications were approved. In other words, almost anyone who wants help gets it, most likely companies that didn’t have a working business model before the pandemic.
This easily creates zombie companies that are only alive because of generous state aid. After all: With the large sums, the KfW steering committee seems to be examining it more closely. So far, around 8.5 billion euros have been approved. So it takes a little longer for the large-volume applications.
In contrast, the self-employed and small businesses with up to ten employees are suspiciously fast. So far, according to the overview of 1.65 million applications, around 1.1 million have been approved and more than nine billion euros paid out. These are not loans, but aid that does not have to be repaid.
“Speed and thoroughness go hand in hand: it is carefully checked who receives the money,” Finance Minister Scholz promised. But is that true? North Rhine-Westphalia and Berlin were even recently forced to suspend immediate payments because large-scale fraudsters wanted to get to the pots.
There are also problems with honest entrepreneurs. In North Rhine-Westphalia, for example, the self-employed and small businesses are always granted the maximum amounts of EUR 9,000 and EUR 15,000 – regardless of need. This practice is not well understood in the Federal Ministry of Economics. Because a flat-rate payment of maximum amounts was actually not intended.
The aid should amount to up to 9,000 euros for companies with up to five employees and up to 15,000 euros for up to ten employees. The emphasis here is on the “up to”. According to the Ministry of Economic Affairs, the actual amount should be based on sales and operating expenses for the next three months. An entrepreneur with zero euros turnover and 1000 euros costs would be entitled to 3000 euros in emergency aid.
But these details were lost somewhere in the confusion between the federal states and the federal states. The up to 50 billion euros are provided by the federal government. Although federal money is at stake, it is up to the federal states how much they scrutinize companies. In Hamburg, for example, a liquidity check is required. Other countries are significantly less strict so that aid can flow as quickly as possible.
In Berlin, more than a billion euros were paid out to solo and small entrepreneurs within days. And the Berlin Senate also admits behind the scenes that surely there are also deadweight effects. Since no examination was carried out, almost everyone received 14,000 euros in a combination of federal and state funds. These include the self-employed, who normally have annual sales that are significantly lower, they say.
Some recipients are now voluntarily repaying the aid for fear of sanctions. But whether a subsequent thorough examination is possible to convince fraudsters is skeptical in financial management.
Dangerous false incentives
The economic nonsense, which is operated partly in the name of Corona, is great. Governments in the federal and state governments are increasingly creating the illusion that they can regulate everything with state trillions. And more and more, government intervention and expansion is creating false incentives in all areas of the economy, which can be revenged bitterly.
Take the housing market as an example: the Federal Minister of Justice, a woman from the SPD, wanted to protect the tenants. The result is a half-baked law that gets small landlords into trouble. The law was so badly made that solvent companies like Adidas or Deichmann used the gaps and simply suspended the rent payments. Only after a storm of indignation did Adidas row back.
Take the example of KfW loans: After the institutes hesitated to pass on the subsidized loans from the Staatsbank KfW to companies because they still had to bear ten percent of the default risk, the state assumed full liability. With the danger that house banks will now be able to provide loans to companies that have long been bankrupt.
The banks don’t care, they are released from any liability, but of course they still make good money from their business. The fool is the taxpayer who has to answer for the defaults.
Example of short-time work: Short-time work allowance is a tried and tested crisis instrument. The state replaces up to 67 percent of net wages. However, the SPD was not enough. In the coalition committee on Wednesday, she pushed for an increase to 80 percent.
It is the most comprehensive and effective guarantee that there has ever been in a crisis. Peter Altmaier (Federal Minister of Economics)
However, a general increase would have significant deadweight effects: Many companies are already increasing short-time benefits from their own resources. Apart from that, the short-time work allowance is not meant to secure the standard of living, but rather to ensure the survival of companies and thus avoid unemployment.
In other areas, the federal corona strategy is rather arbitrary. The craft complained that the vehicle registration offices were closed. There is also much discussion about opening shops up to the limit of 800 square meters. This border was communicated at least improperly and caused confusion and indignation among the shopkeepers.
Now a Hamburg administrative court has declared the 800 square meter rule to be illegal. The court could not understand why opening larger sales areas alone should attract more people to the city center. Necessary infection protection measures could be followed at least as well in larger stores as in smaller facilities.
Whimsical and impractical was initially the requirement that repair shops were allowed to remain open, but the sales rooms had to be closed. Many craftsmen wondered if they could lead the customers through the sales room into the workshop. Another detail from this series of undesirable side effects of the rescue policy.
The border closures, for example with the Czech Republic, mean that the bricklayers are missing in the construction industry and the harvest workers in agriculture from Romania. The state decides a lot, but the consequences are borne by the entrepreneurs and their employees.
The argument for the state’s rapid generosity in the crisis is: rather spend more now to prevent the economy from crashing and millions of jobs be lost than have to finance mass unemployment for a long time. This approach is absolutely correct. But it also remains true: somehow the state rescue billions have to be financed at least in the medium term if the next generations are not to be overwhelmed.
Currently this is done through the use of reserves and debts. Germany certainly has scope. The Federal Republic had just pushed the debt level to below 60 percent, thereby meeting the Maastricht criteria for the first time in many years in 2019. But that will be the last time for a long time.
As a result of the corona crisis, the federal government expects a general government deficit of 7.25 percent of gross domestic product (GDP) this year. The debt ratio as a share of all debts in GDP is estimated at 75.25 percent, as can be seen from the German Stability Program 2020.
“The projection is currently subject to very high levels of uncertainty,” says the current report. In other words, the debt level could be even higher. This mainly depends on how high the losses are that the federal government will incur from its guarantees and sureties.
Given the huge commitments, some in the grand coalition are trying to put the brakes on. “I don’t like the fact that we almost always get new suggestions every hour, what else can you do,” said Union leader Ralph Brinkhaus. “All of this must also be paid for.”
In a crisis, the state’s money is loose. Some sense their chance to finally implement long-held plans.
The controversy lies behind the question of how the data collected by the apps should be stored: centrally or decentrally?
Everyone agrees on the architecture of the apps. Your goal is tracing. The apps should collect as little data as possible. Instead of determining the exact location of the people on whose smartphones they are installed, they use Bluetooth technology to record which other devices are in the immediate vicinity.
The apps create a constantly changing identification number. This is stored in encrypted form on other users’ apps and is not initially sent in either approach. This is to prevent real names or telephone numbers from being saved and from falling into the wrong hands.
The debate begins at the point of what happens when a user tests positive for the corona virus. All potentially infected people must be informed. There are two ways to do this: central or decentral.
Chris Boos supports both solutions. He is the founder of the company Arago and co-developer of the “Pan-European Privacy-Preserving Proximity Tracing” (PEPP-PT) technology for corona tracing apps.
He says: “Either the data is compared from a server with possible contacts or directly in the users’ apps.” Initially, Boos worked with many other experts on PEPP-PT. Some of his former partners have now abandoned, criticizing that PEPP-PT had focused too much on the central approach.
Competitive project DP-3T
In an open letter on Monday, almost 300 international scientists, especially data protection and encryption experts, spoke out against PEPP-PT and the central approach to data storage. You support a competing project under the name DP-3T.
The difference: With the central concept, the information is loaded onto a server, which then informs all potentially infected people. With DP-3T, the analysis takes place on the smartphone of the user.
The app of the positive test sends the information to all apps in the region. The data is not managed by a central point, but by every smartphone. The scientists explain that this is the best way to prevent monitoring by corona apps. They warn that a central database could be attacked.
Criticism comes especially from IT security experts, data protection experts and encryption experts. They worry that hackers, companies or authoritarian states could have access to this centrally collected data. Even if these were stored in encrypted form, it would be possible to derive movement patterns that would indicate which people a user of the app met.
The US technology companies Apple and Google announced a few days ago that they would develop an interface that would make it easier to use Bluetooth for decentralized apps. A cryptographic specification of the two companies describes that each participant is given a unique identifier, called a tracing key, but is saved locally.
Only pseudonymized information should leave the device. The providers of corona apps and the operators of the technical infrastructure should therefore not be able to find out which smartphone – and therefore which user – is hidden behind it.
“Decentralized approach to data protection friendliness”
The authors of the open letter expressly welcome this initiative: It accelerates the development of apps and allows contact tracking in a privacy-friendly way.
Hamburg data protection officer Johannes Caspar also intervened in the directional dispute. “The decentralized approach is generally more privacy-friendly,” said Caspar. A centralized approach could enable government agencies and their contractors to generate contact information and so-called “social graphs”.
According to Caspar, a centralized approach can also meet data protection requirements. “However, this requires maximum transparency and, in particular, the principle of data minimization must be observed,” he emphasized. “The purpose of data processing is to be specified in a special way.”
In a paper from the digital policy working group of the parliamentary group in the Bundestag, the Greens demand that the federal government prevent access to the authorities. The aim must be to “legally exclude access by security authorities,” the paper says.
The federal and state governments in Germany had already agreed on the centralized approach. In the middle of last week, the federal government said it supported the architectural concept of PEPP-PT, an initiative made up of more than 130 experts, because it “follows a pan-European approach, provides for compliance with European and German data protection rules and only anonymizes epidemiologically relevant contacts of the past three weeks on the user’s mobile phone without recording the movement profile ”.
From the environment of the Federal Ministry of Health, it is said that the app should not only work together in Germany, but throughout Europe. That is why there has to be a technological architecture that is supported as widely as possible at European level.
A group of experts is said to have already developed an architectural concept for GDPR-compliant tracing with the support of the RKI, but the concept is still being examined by the Robert Koch Institute (RKI) and the Federal Data Protection Officer before it can be decided by the Federal Cabinet. It remains unclear when this could be so far.
Worry about DP-3T
Gerhard Fettweis, professor of communications engineering at the TU Dresden, said: “The PEPP-PT managers for the German app agree that there must be a central server for storing the anonymized and encrypted data, which is in German ownership . “
The federal government would commission a German company for hosting, government agencies such as the Robert Koch Institute would not have the necessary IT infrastructure for this. He does not want the providers of the operating systems of the smartphones to be able to acquire the data and the US government should never have access to it.
Developer Boos explains that a central system has the advantage “that the data that is processed anonymously there can be better analyzed and thus also targeted people can be warned and thus can be taken to preventive quarantine. Many epidemiologists also support this. ”
An initiative by tech start-ups, GesundZusammen, supported Boos’ central approach. It includes the smartphone bank N26 and the travel agent GetYourGuide. DP-3T protects health data from government surveillance bodies, a group paper said.
PEPP-PT does not protect against access by Google and Apple, which provide almost 100 percent of the mobile operating system. The initiative does not allow providers to guarantee that they will not save any health data on their own servers: the possibility of misuse alone is already too great a risk. They offer a competitor app.
While the central app for tracking infection chains has not yet appeared, the RKI is under pressure due to another app. With the “Data Donation” program, the institute asked citizens to transmit their health data from smartwatches or fitness wristbands. After an analysis by the Chaos Computer Club (CCC), the app has several weak points and violates its own data protection requirements.
More: Read here about the status of Corona app projects worldwide.
Berlin The Robert Koch Institute (RKI) wants to gain new insights into the spread of coronavirus infections in Germany with the help of fitness wristbands and computer watches.
To this end, the RKI presented the “Corona Data Donation” app on Tuesday, which can access data from the devices. The use of the app is voluntary, emphasized the RKI.
The RKI wants to take advantage of the fact that smartwatches and fitness wristbands can record, among other things, the resting heart rate as well as information about the sleep and the level of activity of their users.
“In the case of acute respiratory disease, these vital signs change significantly in most cases. This means that typical Covid 19 symptoms such as fever can be recognized using the app, ”explained the institute.
The RKI therefore calls on users to share data from their smartwatches and fitness trackers. The most important questions and answers about the new Corona data donation app:
What is the purpose of the RKI with the app?
The data is intended to provide the Robert Koch Institute with additional information on the spread of the coronavirus so that scientists can better predict and contain the spread of infections. Algorithms can use this data to identify various symptoms that are also associated with a coronavirus infection, such as respiratory rate or pulse.
These are processed in model calculations that reflect their change over time. They are prepared geographically and should provide information about possible future hotspots before they can be reflected in positive test results.
How do scientists rate the benefits of the app?
The data can help “to drastically reduce the number of infected people,” says RKI expert and Professor Dirk Brockmann from Berlin’s Humboldt University. All this information “is incredibly valuable for epidemiologists and helps to derive better measures”. In the past, a similar app in the United States helped a lot to better understand the course of flu epidemics, said RKI boss Lothar Wieler when introducing the application.
Can infection chains be tracked with the app?
No. The app does not warn of detected corona symptoms. It does not give users feedback on the data collected. The data donation app is also not used to track contact persons. However, the RKI emphasizes that it should help to better understand the focus of infection.
Another app is under discussion in Germany and other European countries, which is supposed to trace the distribution of coronaviruses. The aim is to register who was near infected people and who could have been infected. According to previous plans, Bluetooth radio signals are to be used for this.
How does the data donation app work, how do you install it?
“Help with just a few clicks!”, The RKI advertises the application. In fact, users can transmit or “donate” their data with little effort, as the institute puts it. The installation takes place via the app stores of the various providers.
Who can use the app?
All people who either have a smartphone and a fitness bracelet or a smartwatch.
The end devices are available from different manufacturers. Does the app work on all platforms?
There are currently restrictions that are related to the infrastructure of manufacturers and suppliers of fitness wristbands and smartwatches. In order to share their data, users have to connect their fitness bracelet and smartwatch accounts to the Corona data donation app. With some providers – among others Google Fit – this is currently not possible.
The RKI is in discussion with the manufacturers to resolve the problem as soon as possible and asks for patience. All devices connected via Google Fit and Apple Health as well as Fitbit devices, Garmin, Polar and Withings / Nokia supported. The integration of other manufacturers is in progress.
What data does the app collect?
The app automatically and manually records activities of the fitness armband, such as cycling or running, sleeping and sleeping phases, activities such as walking and rest periods. Vital data such as pulse, heart rate variability, stress, temperature, weight and blood pressure are used.
In addition, there are socio-demographic data such as age, height, weight and gender, insofar as the user has entered them. The postal code is also required so that the regional spread of the virus can be mapped.
What happens to the data?
The technological service provider for the app is Thryve (mHealth Pioneers GmbH), a company specializing in digital health. This provides the anonymous data that the experts at RKI and HU Berlin process in their model calculations.
Does the app meet data protection requirements?
From the RKI’s point of view, yes. The data protection officer at the Robert Koch Institute has checked and approved the Corona data donation app. The app is not anonymous, but pseudonymous, explains the institute. Nevertheless, “at no time” you have knowledge of personal information such as the address or the name of the user. Otherwise, the pseudonymized data would only be transmitted via secure TLS / SSL-encrypted interfaces.
What does the Federal Data Protection Commissioner say about the app?
The Federal Commissioner for Data Protection and Freedom of Information (BfDI), Ulrich Kelber, acted as an advisor. His authority has not yet received a completed version of the app. Basically, as he says, Kelber believes that the application can be implemented in compliance with data protection regulations.
To do this, users must be “clearly and contradictively informed about which data the app collects for what purpose”. In addition, the RKI still has to specify how long the data will be stored. “I also expect that the app will be evaluated regularly to see whether it is working,” emphasizes Kelber. “If it does not, processing must be ended.”
How should fitness bracelets and smartwatches be classified under data protection law?
The data protection officer Kelber points out that the level of data protection for fitness trackers and smartwatches varies greatly depending on the manufacturer. “This interface is probably the biggest problem from a data protection perspective,” he says.
Why are IT security experts warning about the RKI app?
The software collects highly sensitive data on the state of health of the users – which is why the Chaos Computer Club (CCC) requires that computer experts can check the source code: “The complete source code for the app and infrastructure must be available free and without access restrictions in order to be able to conduct audits by all interested parties enable”, demands the association in a list with “test stones”.
This corresponds to the open source principle: Anyone who is familiar with it can understand how software works and can check both how it handles data and its security mechanisms. In the best case, this serves quality and creates trust. However, the source code of the data donation app, which the start-up Thryve wrote on behalf of the RKI, is not disclosed. According to the criteria of the CCC, users are therefore advised not to use the software.
More: “Not expedient” – Read here why health experts criticize the German government’s Corona course.
Dusseldorf Doorknobs of public spaces or the keypad of ATMs: There is a risk of being infected with the corona virus everywhere. The Robert Koch Institute (RKI) therefore recommends frequent hand washing.
In order to be able to better assess one’s own hygiene behavior, Tobias Gantner started the data analysis platform “Fasterthancorona”, as Handelsblatt Inside learned in advance. The app has been available since today. Gantner is the managing director of the start-up healthcare futurist who is involved in the project.
The app asks users about their postcode, how often they wash their hands during the day and whether they feel well informed about the corona virus. Artificial intelligence (AI) enables a comparison with third parties in the same residential area.
The evaluation is communicated directly to participants, which should enable them to better assess their risk of infection. “We want to make those affected involved in our project. We ask for data, but we also deliver results directly, ”explains Gantner.
A total of ten people are involved in the project, including pharmacists, doctors, software developers, an epidemiologist and an internist. “With our platform, we do not want to replace a doctor’s visit, we want to understand how the virus works,” says Gantner.
This post is an extract from our new newsletter “Handelsblatt Inside Digital Health”. We analyze the latest developments in digital health twice a week.
Sick people should also be able to voluntarily document disease courses. “With the data, we may be able to work out what medical care an infected patient will need in the future,” says Gantner. An AI should recognize whether, for example, fever on the first day and diarrhea on the third day are a typical case of illness or an unusual situation, which should be used to calculate the individual health risk.
To make valid statements, the AI needs as much data as possible. The resulting database is said to be shared with universities, authorities and other data scientists.
Privacy advocates are skeptical
Data protectors are critical of the application. “Linking the course of illnesses with a postcode simplifies the identification of the sick person, even retrospectively,” explains Martin Tschirsich, IT security expert and member of the Chaos Computer Club.
Such information would be subject to a high level of protection, which would have to be guaranteed, for example, by two-factor authentication, which has not yet been provided for the app. Tschirsich’s concerns are also borne out by the results of one U.S. study Documented: Accordingly, a postcode and two other data points such as gender or age are sufficient to be able to clearly identify people.
Gantner emphasizes that only the postal code is queried in the entire process and draws attention to the fact that one is currently in a special situation in which one has to weigh up medical benefits and data protection: “We have to have this discussion anyway, only that it is the corona crisis is no longer an abstract problem. Our application is voluntary, I think the users are responsible for making their own decisions. “
Track movement data of sick people
The start-ups Ubilabs and Geohealth are starting another option to interrupt the infection chain of the coronavirus: They want to prevent users from encountering sick patients in the first place and are developing the Geohealth app in cooperation with the Hannover Medical School (MHH).
Users should be able to compare their movement profiles with those of those infected with corona. The movement profile should result from the tracking of the movement data through the use of Google derive on the smartphone. This tracking can be set voluntarily. Infected people should also be able to voluntarily feed their data into the app. In addition, data released by the authorities are to be introduced.
The launch of the app is planned in two weeks. There, users should then be shown their individual risk of infection in the form of a traffic light: If this turns yellow, the path of an infected participant has been crossed. When there is a long contact, the traffic light turns red. “The more data donors participate, the more precisely we can create a map that shows areas with a high risk of infection,” explains Gernot Beutel, doctor for stem cell transplantation at the MHH. Ubilabs managing director Wille rejects data protection concerns: “Since the location data does not leave the phone, no conclusions can be drawn about the user.” The development of the app has so far been financed from its own resources. “The current platform cannot handle more than 40,000 inquiries a day,” says Maxime Gleser, founder of Geohealth. The project partners are therefore looking for an investor for further expansion and are planning a crowdfunding campaign.
More: Corona virus increases demand for telemedicine