Germany appears to have undertaken a volte-face in the approach it takes to combine privacy and contact tracing, supporting an approach which also has support from Apple and Google.
Germany has good reasons to be anxious about privacy, some might say such anxiety borders on paranoia but given its history, both during the Second World War and in East Germany after the war, it is not difficult to understand why. That is why the issue of privacy and contact tracing has created such consternation in Germany.
The race has been on to create a way that enables the tracing of people who have been in the close proximity of an individual who had tested positive for Covid-19, while preserving privacy. The solution lies with anonymity, using bluetooth connectivity with smart phones.
The idea is that the contract tracing is conducted anonymously, by phone, assigning a number to each phone that can not be traced back to an individual. The owner of the phone then gets a message asking them to self-isolate without the sender of the message knowing who that person is.
The stumbling block has concerned the practicality of creating truly anonymous data.
Two approaches have emerged, each backed by a group of academics. One approach, known as PEPP-PT, favours a method of centralised control of anonymous contact tracing. Until very recently, it seemed as if Germany, and following its lead, maybe the UK and France, would promote apps to support privacy while applying contact tracing using the PEPP—PT approach.
There is a snag with using this centralised approach. From the data generated on the movement of anonymous phone users, it may be possible to actually ascertain their identity.
To the rescue comes DP-3T, a decentralised system of contact tracing in which data is held on each individual’s phone. To de-anonymise such data you would need to simultaneously track data from thousands, maybe millions of phones. Quantum computers might be able to do that one day, but for the time being that would be a big ask for current state of the art in technology.
Apple and Google have already been developing a form of privacy related contact tracing using a dencentralised system not dissimilar to the DP-3T standard.
Then, yesterday, Germany announced it was applying the decentralised approach. In a statement, Chancellery Minister Helge Braun and Health Minister Jens Spahn said they were going to opt for an app that applied a “strongly decentralised” standard.
They said: “This app should be voluntary, meet data protection standards and guarantee a high level of IT security…The main epidemiological goal is to recognise and break chains of infection as soon as possible.”
It was also suggested that Germany was left with little choice, that by adopting a decentralised system Google and Apple had given little scope for an alternative approach.
It was also reported recently that while DT-3T think that the approach taken by Apple and Google is promising they consider their standard to be superior. They said: “DP-3T appreciates the endorsement of these two companies for our solution and is happy to work with both of them to implement our app on both platforms.
“But, we also strongly believe that Apple and Google should adopt our subsequent enhancements, detailed in later versions of our white paper, which increase user privacy. We also strongly encourage both companies to allow an external audit of their code to ensure its functionality corresponds to its specification.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.