Can bluetooth preserve our privacy while helping to defeat Covid?

Contact tracing could be a key weapon in the fight against Covid-19, but can bluetooth preserve our privacy at the same time?

If an app on our telephone contained a number and all the information related to that number was details on other numbers we have been near and an ability to contact us without knowing who we are, then maybe we can defeat Covid-19 without compromising our privacy. As fears over surveillance capitalism grows such a system may be essential.

In Germany, which has a long sad history of surveillance, via Stasi in East Germany and before that the Gestapo, bluetooth as a way to preserve privacy is grabbing headlines.

A group called the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) has been developing an app for providing Singapore style contact tracing while simultaneously being GDPR compliant.

The PEPP-PT technology uses bluetooth to preserve privacy via a system in which every phone with the app emits “an authenticated and anonymous identifier (ID) that cannot be connected to a user.”

The resulting proximity history has two modes. In the first mode, proximity history is anonymous, and deleted as soon as it is no longer relevant.

If a user then tests positive for Covid-19, mode 2 applies. The user is sent a code known as a TAN code, which enables them to voluntarily contact authorities. These authorities can then investigate the anonymous proximity history and contact users of phones with the app (without knowing their identity) that have been in close contact with the infected person, during the period when the virus was contagious.

The system is designed to operate internationally.

PEPP-PT says: “Experience in some Asian countries has shown that widespread testing, combined with isolation of confirmed cases and quarantine of their contacts, is an important part of a successful control strategy. The current bottlenecks in testing capacity are likely to be eliminated in the coming weeks. The challenge then will be to isolate confirmed cases and their contacts in a way that is compatible with our shared understanding of privacy in European democracies.”

Germany’s Healthy Together, a startup initiative, have been developing an app based on the PETT-PT initiative that the German government is planning to roll out.

German chancellor Angela Merkel said that the government has had to “ensure that none of its components has any vulnerabilities”.

In short, Germany is taking the privacy and cyber dimension of tracing very seriously.

As a tool to for protecting privacy bluetooth is not perfect.

As is well known among privacy experts, it is possible to tell an awful lot about individuals from anonymised data. Anonymised data could, for example, be used to identify the location of someone’s home, and from that their likely identity. It is better than alternative forms of tracing however, and providing the data is deleted once it is no longer relevant for fighting Covid-19, such technology, using bluetooth as a way to preserve privacy, maybe the best option we have got.

Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.