The controversy lies behind the question of how the data collected by the apps should be stored: centrally or decentrally?
Everyone agrees on the architecture of the apps. Your goal is tracing. The apps should collect as little data as possible. Instead of determining the exact location of the people on whose smartphones they are installed, they use Bluetooth technology to record which other devices are in the immediate vicinity.
The apps create a constantly changing identification number. This is stored in encrypted form on other users’ apps and is not initially sent in either approach. This is to prevent real names or telephone numbers from being saved and from falling into the wrong hands.
The debate begins at the point of what happens when a user tests positive for the corona virus. All potentially infected people must be informed. There are two ways to do this: central or decentral.
Chris Boos supports both solutions. He is the founder of the company Arago and co-developer of the “Pan-European Privacy-Preserving Proximity Tracing” (PEPP-PT) technology for corona tracing apps.
He says: “Either the data is compared from a server with possible contacts or directly in the users’ apps.” Initially, Boos worked with many other experts on PEPP-PT. Some of his former partners have now abandoned, criticizing that PEPP-PT had focused too much on the central approach.
Competitive project DP-3T
In an open letter on Monday, almost 300 international scientists, especially data protection and encryption experts, spoke out against PEPP-PT and the central approach to data storage. You support a competing project under the name DP-3T.
The difference: With the central concept, the information is loaded onto a server, which then informs all potentially infected people. With DP-3T, the analysis takes place on the smartphone of the user.
The app of the positive test sends the information to all apps in the region. The data is not managed by a central point, but by every smartphone. The scientists explain that this is the best way to prevent monitoring by corona apps. They warn that a central database could be attacked.
Criticism comes especially from IT security experts, data protection experts and encryption experts. They worry that hackers, companies or authoritarian states could have access to this centrally collected data. Even if these were stored in encrypted form, it would be possible to derive movement patterns that would indicate which people a user of the app met.
The US technology companies Apple and Google announced a few days ago that they would develop an interface that would make it easier to use Bluetooth for decentralized apps. A cryptographic specification of the two companies describes that each participant is given a unique identifier, called a tracing key, but is saved locally.
Only pseudonymized information should leave the device. The providers of corona apps and the operators of the technical infrastructure should therefore not be able to find out which smartphone – and therefore which user – is hidden behind it.
“Decentralized approach to data protection friendliness”
The authors of the open letter expressly welcome this initiative: It accelerates the development of apps and allows contact tracking in a privacy-friendly way.
Hamburg data protection officer Johannes Caspar also intervened in the directional dispute. “The decentralized approach is generally more privacy-friendly,” said Caspar. A centralized approach could enable government agencies and their contractors to generate contact information and so-called “social graphs”.
According to Caspar, a centralized approach can also meet data protection requirements. “However, this requires maximum transparency and, in particular, the principle of data minimization must be observed,” he emphasized. “The purpose of data processing is to be specified in a special way.”
In a paper from the digital policy working group of the parliamentary group in the Bundestag, the Greens demand that the federal government prevent access to the authorities. The aim must be to “legally exclude access by security authorities,” the paper says.
The federal and state governments in Germany had already agreed on the centralized approach. In the middle of last week, the federal government said it supported the architectural concept of PEPP-PT, an initiative made up of more than 130 experts, because it “follows a pan-European approach, provides for compliance with European and German data protection rules and only anonymizes epidemiologically relevant contacts of the past three weeks on the user’s mobile phone without recording the movement profile ”.
From the environment of the Federal Ministry of Health, it is said that the app should not only work together in Germany, but throughout Europe. That is why there has to be a technological architecture that is supported as widely as possible at European level.
A group of experts is said to have already developed an architectural concept for GDPR-compliant tracing with the support of the RKI, but the concept is still being examined by the Robert Koch Institute (RKI) and the Federal Data Protection Officer before it can be decided by the Federal Cabinet. It remains unclear when this could be so far.
Worry about DP-3T
Gerhard Fettweis, professor of communications engineering at the TU Dresden, said: “The PEPP-PT managers for the German app agree that there must be a central server for storing the anonymized and encrypted data, which is in German ownership . “
The federal government would commission a German company for hosting, government agencies such as the Robert Koch Institute would not have the necessary IT infrastructure for this. He does not want the providers of the operating systems of the smartphones to be able to acquire the data and the US government should never have access to it.
Developer Boos explains that a central system has the advantage “that the data that is processed anonymously there can be better analyzed and thus also targeted people can be warned and thus can be taken to preventive quarantine. Many epidemiologists also support this. ”
An initiative by tech start-ups, GesundZusammen, supported Boos’ central approach. It includes the smartphone bank N26 and the travel agent GetYourGuide. DP-3T protects health data from government surveillance bodies, a group paper said.
PEPP-PT does not protect against access by Google and Apple, which provide almost 100 percent of the mobile operating system. The initiative does not allow providers to guarantee that they will not save any health data on their own servers: the possibility of misuse alone is already too great a risk. They offer a competitor app.
While the central app for tracking infection chains has not yet appeared, the RKI is under pressure due to another app. With the “Data Donation” program, the institute asked citizens to transmit their health data from smartwatches or fitness wristbands. After an analysis by the Chaos Computer Club (CCC), the app has several weak points and violates its own data protection requirements.
More: Read here about the status of Corona app projects worldwide.