EU data protection experts are pushing for a decentralized approach to tracing COVID-19 contacts – TechCrunch
A group of European data protection experts have proposed a decentralized system for tracking Bluetooth-based COVID-19 contacts, which they believe offers better protection against misuse and misuse of personal data than apps that pull data into centralized pots.
The protocol – the so-called decentralized data protection law proximity tracing (DP-PPT) – was developed by around 25 scientists from at least seven research institutions across Europe, including the Swiss Federal Institute of Technology, ETH Zurich and the KU Leuven in the Netherlands [19659002] You have published a white paper detailing your approach here.
The key element is that the design involves local processing of contact tracking and risk on the user’s device based on devices that generate and share short-lived Bluetooth identifiers (see) (as EphIDs in the publication).
A back-end server is used to transfer data to devices ̵
1; that is, if an infected person is diagnosed with COVID-1. 9 A health agency would approve the upload of a compact representation of EphIDs from the person’s device over the infection period to the other devices would be sent so that they can calculate locally whether there is a risk and notify the user accordingly.
Below design pseudonymized IDs do not have to be centralized, since the pooled data would pose a data protection risk. This, in turn, should make it easier to convince EU citizens to trust the system – and to voluntarily download the contact tracking app using this protocol – because it is designed not to be used for government surveillance at the individual level can.
The group discusses some other potential threats – such as those from tech-savvy users who could eavesdrop on locally exchanged data and decompile / recompile the app to change elements – but the overarching claim is that such risks are minor and are more manageable than the creation of central data pools that could pave the way for “surveillance crawls”, ie when states use a public health crisis as an opportunity to build and maintain a persecution infrastructure at the citizen level.
The DP-PPT was designed with its own dedicated dismantling in mind once the public does. The health crisis is over.
“Our protocol shows that privacy-preserving approaches to approach tracking are possible and that co-attempts or organizations don’t have to accept methods that support risk and abuse,” writes Professor Carmela Troncoso from EPFL. “If the law requires strict necessity and proportionality and the tracing of closeness to social support is supported, this decentralized design offers an abuse-resistant way of doing this.”
Over the past few weeks, governments across Europe have relied on data controllers to hand over data User data for a variety of corona virus tracking purposes. Apps are also being launched by the private sector – including symptom reporting apps that are said to help researchers fight the disease. However, while technology giants are spying out PR opportunities to repackage the persistent persecution of Internet users for an alleged public health purpose, the real benefits are vague.
The next big tech push for corona viruses is likely to be contact tracking apps: Aka apps, the proximity tracking of Bluetooth technology to map contacts between infected people and other people.
This is because, without any form of tracing contacts, there is a risk that hard-won profits to reduce the infection rate will be reversed by restricting the movements of people, ie if it is economically and economically social activity will be reopened. However, whether the tracking of apps by contacts can help curb COVID-19 as effectively as policy makers and technologists hope remains an open question.
What is currently crystal clear, however, is that there is no well-designed protocol that protects privacy by nature. Contact tracking apps pose a real risk to privacy – and where they exist, to hard-won human rights .
Burning rights in the name of fighting COVID-19 is neither good nor necessary, the message from the group that supports the DP-PPT protocol is.
“One of the main problems with centralization is that the system can be expanded, that states can reconstruct a social graph of who was close to whom, and then expand profiling and other provisions on that basis. The data can be co-opted and used by law enforcement agencies and intelligence agencies for non-public health purposes, ”explains Dr. Michael Veale from University College London, another supporter of decentralized design.
“Some countries may be able to do this. Establishing a centralized protocol in Europe will force neighboring countries to work with it and use centralized rather than decentralized systems by establishing a centralized protocol. The opposite is the case: A decentralized system limits surveillance abuses through COVID-19 Bluetooth tracking worldwide, by ensuring that other countries use data protection approaches. “
” It’s just not necessary, “he adds, centralizing proximity data. “Data protection by design commits the minimization of data to what is necessary for the purpose. Collecting and centralizing data is simply not technically necessary for Bluetooth contact tracking. “
Last week we reported on further EU efforts – by another coalition of technologists and scientists under the leadership of the German Fraunhofer Heinrich Hertz Institute for Telecommunications (HHI) – The company is working on a” data protection “standard for tracing Covid-19 contacts, which they called “PEPP-PT” (Pan-European Privacy Preserving Proximity Tracing).
At this point it was not clear whether or not the approach was tied to a central model for dealing with the pseudo-anonymized IDs. Hans-Christian Boos, one of the co-initiators of the PEPP-PT project, spoke to TechCrunch today to confirm that standardization efforts will support both centralized and decentralized approaches to dealing with contact tracking.
Efforts have been criticized by some data protection community in the EU for appearing to prefer a centralized rather than a decentralized approach – so their critics claim that this undermines the core claim to protecting user privacy. However, according to Boos, it will actually support both approaches – to maximize global acceptance.
He also said that it will be interoperable regardless of whether data is centralized or decentralized. (In the centralized scenario, he said the hope was that the nonprofit set up to monitor PEPP-PT would be able to manage the centralized servers until proper funding was obtained – a move that is expected to further reduce the risk Data centralization in regions where, for example, there are no human rights frameworks.)
“We will have both options – centralized and decentralized,” Boos told TechCrunch. “We will offer both solutions, depending on who wants to use what, and make them functional. But I tell you that both solutions have their merits. I know that there are many people in the crypto community who want decentralization – and I can tell you that there are many people in the health community who hate decentralization because they fear that too many people have information about have infected people. “
” In a decentralized system, the simple problem is that you would send the anonymous IDs of infected people to everyone – so some countries’ health legislation will absolutely prohibit this. Even though you have a cryptographic method, send the IDs everywhere – this is the only way your local phone can determine whether I have been in contact or not, ”Boos continued.
“That is the disadvantage of a decentralized solution. That being said, it’s a very good thing. The disadvantage of a centralized solution is that there is a single operator that you can trust or that you cannot trust. He has access to anonymized IDs, just as if they were sent. So the question is whether you can have a party with access to anonymized IDs or whether you can all have access to anonymized IDs because you ultimately send them over the network [because]. “
” If you think someone could hack the centralized service … then you have to assume that someone could hack a router, which is what goes through, “he added. “Same problem.
” That is why we offer both solutions. We are not religious. Both solutions offer good privacy. Your question is who would you trust more and who would you not trust more? Would you trust more users to send something to, or would you trust more someone running a server? Or would you trust more that someone can hack a router or that someone can hack the server? Both are possible, right. Both options are absolutely valid options – and it’s a religious discussion between crypto people … but we have to weigh them up between what crypto wants and what healthcare wants. And because we cannot make this decision, in the end we will offer both solutions.
“I think there has to be a choice because when we try to build an international standard we should try not to be part of a religious war. “
Boos also said that the project aims to examine the respective protocols (centralized or decentralized) in order to compare and carry out risk assessments based on the access to the respective data.
” From a data protection perspective, it is this data is completely anonymized to data, since there is no attachment to the location, no attachment at the time, no attachment to the phone number, MAC address, SIM number etc. The only thing you know is a contact – a relevant contact between two anonymous IDs. That is the only thing you have, ”he said. “The question we asked the computer scientists and hackers is whether we give you this list – or whether we give you this graphic, what could you deduce from it? The figures are only related numbers. The question is how you can derive something from it. You try it – let’s see what comes out. “
” There are many people who try to be right with this discussion. It’s not about being right. It is about doing the right thing – and we will provide all good options from the initiative. And if each of them has drawbacks, we will make those drawbacks public and try to get as much confirmation and research as possible. And we will bring this out so that people can make their choice of what type of system they want in their geography, ”he added.
“If it turns out that one is feasible and one is totally not feasible, we will drop one – but so far both look feasible in terms of privacy, so we’ll both offer it. If it turns out that this is not feasible because it is hackable or you could derive meta information with an unacceptable risk, we would delete it completely and no longer offer the option. “
With regard to the interoperability point, Boos described it as a“ challenge ”. What he said boils down to how the systems compute their respective IDs – but he emphasized that it is being worked on and is an essential piece.
“Without that, the whole thing makes no sense,” he told us. “It is a challenge why the option is not yet available, but we are solving this challenge and it will definitely work … There are several ideas on how this works.”
“If every country does this for itself, we will win.” I have no open borders anymore, ”he added. “And if there are multiple applications in a country that don’t share data, there won’t be enough people who can actually track infections – and if there isn’t a single place where we can discuss what happens Proper to protect privacy well, everyone will probably do something different and half of them will use phone numbers and location information. “
The PEPP-PT coalition has not yet published their protocol or code. This means that external experts who wanted to get sound feedback on certain design decisions related to the proposed standard were unable to get their hands on the data necessary for a review.
Boos intended to use open source code this week under a Mozilla license. He also said the project was ready to include “all good suggestions” as contributions.
“Only beta members currently have access to it because they have committed to us to update to the latest version,” he said. “We want to make sure that the privacy and security review went through when the first code version was released. So we are as certain as possible that there are no significant changes that someone could skip on an open source system. ”
The lack of transparency of the protocol had raised concerns among data protection professionals – and had prompted developers to withhold support until further details were known. And even to speculation that European governments could intervene to drive efforts towards a centralized model – and away from the main EU principles of data protection through design and standard.
The EU’s longstanding data protection law is based on principles such as minimizing data. Transparency is another basic requirement. And just last week, the block’s leading data protection officer, the EDPS, informed us that he was monitoring developments related to COVID-19 contact tracking apps.
“The EDPS supports and monitors the development of technologies and digital applications to combat the coronavirus pandemic. These developments work closely with other national data protection supervisory authorities. It firmly believes that the GDPR is not an obstacle to the processing of personal data that health authorities consider necessary to combat the pandemic, ”a spokesman told us.
“All technology developers are currently working on effective measures in the fight against the coronavirus pandemic, data protection should be guaranteed from the start, for example by applying data protection according to design principles. The EDPS and the data protection community are ready to assist technology developers in this shared effort. Information from data protection authorities can be found here: EDPB guidelines 4/2019 on Article 25 Data protection through design and standard; and EDPS preliminary opinion on data protection through design. “
We also know that the European Commission is paying attention to the sudden increase in corona virus apps and tools – with effectiveness and compliance with European data standards on its radar.
However, at the same time, the Commission pushed ahead with a big data agenda as part of a restart of the block’s industrial strategy, which focuses on digitization, data and AI. And only today did Euroactiv report on leaked documents from the EU Council, according to which the EU member states and the Commission “should thoroughly analyze the experiences from the COVID-19 pandemic” in order to inform future policy across the whole spectrum of the digital area. [19659002] Even in the EU, there is a high appetite for data that could conflict with the coronavirus crisis to drive developments in a direction that could undermine individual data protection rights. Hence the violent recoil from certain areas that work for data protection in order to decentralize the tracing of contacts – to protect themselves against government data transfers.
Boos, in turn argues that what matters is best practice “data minimization” is a view of who you trust more. “You could both argue [for] [deccentralized and centralized approaches] that you are minimizing data – just because there is data minimization at one point does not mean that you have overall data minimization in a decentralized system,” he suggests. 19659002] “It’s a question of whom you trust? Who would you trust more – that’s the real question. I don’t see the critical point of the data as the list of anonymized contacts – the critical data is the confirmed infected.
“Much of it is an old, religious discussion between centralization and decentralization,” he added. “In general, IT oscillates between these tools. Overall distribution, overall centralization … Because none of them is a perfect solution. But here in this case, I think they both have valid security options, and then they both have different effects on what you want to do with medical data or not. And then you have to make a decision.
“What we have to do is make sure that the options are available. And we have to make sure that there is sound research in heavyweight discussions, not just guesswork: how does what work, how do they compare and what are the risks?” [19659002] Regarding Who Participates in PEPP-PT Discussions Beyond direct project participants, Boos said that governments and health ministries are involved for the practical reason that they “need to include this in their health processes.” “Many countries are now creating theirs official tracing apps, and of course they should be connected to the PEPP-PT, “he said.
” We also talk to people in health care systems – whatever the health care system in the United States is. “respective countries – there ultimately this has to be connected to the health system, it has to be connected to tests … it should be related to the laws on infectious diseases communicating so people can get in touch with local CDCs without giving us their privacy or contact information. So for us, that’s the conversation we do. “
Developers with early (beta) access are already kicking the system’s tires. When asked when the first apps using PEPP-PT technologies could be in circulation, Boos suggested that this could be done in a few weeks.
“Most of them just have to put this into their tracing level, and we’ve got it. They’ve already given them enough information to help them know how to relate this to their health processes. I don’t think this will take long, ”he said, noting that the project also provides a tracing reference app to help countries that don’t have developer resources.
“For user engagement, you have to do more than just follow up – for example, you have to include the information from the CDC … but we will offer the skeletal implementation of an app to start this as a project [easier]”, he said.
“If everyone who emailed us since last week added it to their apps [we’ll get widespread uptake],” Boos added. “Let’s say 50% are off to a very good start in my opinion. I would say that the influx from countries and I would say that companies that want to have their workforce back are under particular pressure to develop a system international exchange and interoperability. “
In a broader sense, whether contacts track apps is a useful tool to control the spread of this novel coronavirus – which has been highly contagious, more so than the flu, for example.” Boos said : “I think there are not many arguments that isolating infections is important. The problem with this disease is that there are no symptoms while you are already contagious. This means that you are not simply measuring people’s temperature and okay. You actually need that look back in time. And I don’t think that without digital help exactly is possible.
“So if the theory that you need to isolate chains of infection is true at all, many diseases have shown that this is the case – but every disease is different. So there is no 100% guarantee, but all the data speak for it – then this is definitely something we have to do … The argument [boils down to] if we infected as many as we currently have makes no sense true? end up very quickly because the world is so interconnected, with the same kind of locking mechanism?
“Therefore it only makes sense to launch an app like this if you have broken these R0 values [i.e how many other people one infected person can infect] – As soon as you have it below 1 and have reduced the number of cases in your country to a good level. And I think that, in the language of a person with infectious diseases, means returning to the approach of containing the disease rather than alleviating the disease – which we are doing now. “
” The contact chain assessment approach allows you to set better priorities for testing – but right now people don’t have the actual priority question, but a resource question for testing, “he added. “Testing and tracking are independent of each other. You need both; Because if you track contacts and cannot be tested, what is that good for? So yes, you [also] definitely need the test infrastructure. “
Original Source