Apple, a coalition of EU scientists and technologists who are developing what is touted as a “privacy” standard for Bluetooth-based proximity tracking, as a proxy for the risk of COVID-19 infection, wants apple and Google to make changes to an API that they’re developing for the same overall purpose.
The Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) was unveiled on April 1, calling on developers of contact tracking applications to adopt a standardized approach to processing smartphone user data to coordinate digital responses to across borders and reduce the risk of too many intrusive localization tools gaining ground following the pandemic.
The PEPP-PT said today that seven governments have signed up to apply its approach to national applications, with a pipeline claimed by 40 others in the accession talks.
“We now have a lot of governments interacting,” said Hans-Christian Boos of PEPP-PT during a webinar for journalists. “Some governments publicly declare that their local applications will be built in addition to the principles of PEPP-PT and also the various protocols provided as part of this initiative.
“We know of seven countries that have already committed to doing so – and we are currently in conversation with 40 countries that are in different states of integration. “
Boos said a list of governments would be shared with journalists, although at the time of writing, we hadn’t seen it. But we have requested information from the public relations firm of PEPP-PT and we will update this report when we get it.
“The pan-European approach has worked,” he added. “Governments have decided at a speed previously unknown. But with 40 other countries in the integration queue, we have definitely passed the European course – and for us, this shows that privacy as a model and as a point of discussion… is a declaration and it is something that we can export because we are credible on it. “
Paolo de Rosa, the technical director of the Italian government’s Ministry of Innovation, Technology and Digital Transformation, was also present on the webinar – and confirmed that his national application will be built on top of PEPP-PT .
“We will soon have an application and it will obviously be based on this model,” he said, without giving further details.
PEPP-PT’s main claim to “preserving privacy” is based on the use of system architectures that do not require the collection of location data. Rather, the closer devices would share pseudonymized identifiers – which could later be used to send notifications to an individual if the system calculates that a risk of infection has occurred. The contacts of an infected person would be downloaded at the time of diagnosis, which would allow notifications to be sent to other devices with which they had come into contact.
Boos, a spokesperson and coordinator of the PEPP-PT, told TechCrunch earlier this month that the project will support centralized and decentralized approaches. Old signifying IDs are uploaded to a trusted server, such as the one monitored by a health authority; the latter means that IDs are kept locally on devices, where the risk of infection is also calculated – a main server is only in the loop to relay information to the devices.
It’s such a decentralized contact tracking system that Apple and Google collaborate in the support of PEPP-PT with rapid tracking last week by announcing a plan for monitoring COVID-19 multiplatform contacts via an upcoming API, then a system (opt-in) for proximity monitoring based on Bluetooth .
This intervention, by the only two smartphone platforms that matter when ambition is general adoption, is a major development – giving impetus to the decentralized search for contacts to respond digitally to the coronavirus crisis in the Western world. , certainly at the platform level.
In a resolution adopted today, the European Parliament also called for a decentralized approach to COVID-19 proximity monitoring.
MEPs urge Commission and Member States to be ‘completely transparent about how contact tracing apps work, so people can check both the underlying security and privacy protocol and check the code – even to see if the application works as the authorities are. asserting. (The Commission has also signaled a preference for decentralization.)
However, proponents of the PEPP-PT, which include at least seven governments (and the claim of many others), do not give up the option of a centralized “privacy” option – only some on their side nicknamed “pseudo-decentralized” – Boos today claiming that discussions are underway with Apple and Google to make changes to their approach.
As it stands, contacts tracking apps that don’t use a decentralized infrastructure won’t be able to track Bluetooth in the background on Android or iOS – as platforms limit how general apps can access Bluetooth. This means that users of these apps should have the app open and active all the time for proximity tracking to work, with associated (negative) impacts on battery life and usability of the device.
There are also (intentional) restrictions on how contact tracking data could be centralized, due to the deployment of the relay server model in the joint Apple-Google model.
“We very much appreciate that Google and Apple are stepping up their efforts to make the operating system layer available – or to put what should be the actual operating system out there, namely Bluetooth measurement and cryptography management and performing these tasks in the background which must continue to work resiliently all the time – if you look at their protocols and if you look at who they are provided by the two dominant players in the mobile ecosystem, then I think from a government perspective in particular, or from a lot of government perspectives, there are a lot of open points to discuss, “said Boos today.
“From the point of view of PEPP-PT, there are a few points to discuss because we want the choice and implementation of the choice in terms of model – decentralized or centralized above their protocol to actually create the worst of both worlds – so there are a lot of points to discuss. But contrary to the behavior that many of us who work with technology companies are used to Google and Apple are very open in these discussions and it is useless to stand up for the moment because these discussions are in progress and it seems that an agreement can be concluded with their. “
The specific changes PEPP-PT wants from Apple and Google were unclear – we asked for more details during the webinar, but we received no response. But the group and its government supporters may be hoping to dilute the position of tech giants to facilitate the creation of centralized Bluetooth contact charts to fuel national responses to coronaviruses.
As it stands, the Apple-Google API is designed to block contact matching on a server – although there may still be ways for governments (and other) to partially circumvent the restrictions and centralize certain data.
We contacted Apple and Google with questions about the claimed discussions with PEPP-PT. At the time of this writing, none had responded.
In addition to Italy, the German and French governments are among those who have indicated that they support the PEPP-PT for national applications – suggesting that powerful EU member states may be fighting for a struggle with tech giants, in the style of Apple compared to the FBI, if pressure to change the API fails.
Another key element in this story is that the PEPP-PT continues to face harsh criticism from privacy and security experts in its own backyard – including after removing the reference to a protocol decentralized for tracking COVID-19 contacts which is being developed by another European coalition, made up of privacy and security experts, called DP-3T.
Coindesk reported yesterday on the silent modification of the PEPP-PT website.
Supporters of the DP-3T have also repeatedly asked why the PEPP-PT has not released any code or protocols to date – and has gone so far as to call the effort a “Trojan horse”.
Dr. Kenneth Paterson of ETH Zurich, part of the PEPP-PT effort and designer of the DP-3T, could not clarify the exact changes that the coalition hopes to extract from “Gapple” when we asked for it.
“They still haven’t said exactly how their system would work, so I can’t say what they would need [in terms of changes to Apple and Google’s system]”He told us in an email exchange.
Boos today called the deletion of the reference to DP-3T on the PEPP-PT website a fault – which he blamed on “miscommunication”. He also said that the coalition still wanted to include the old decentralized protocol in its set of standardized technologies. Thus, the lines that are sometimes blurred between the camps continue to be redrawn. (It’s also worth noting that press emails to Boos are now sorted by Hering Schuppener, a communications company that sells advertising services, including crisis PR.)
“We are very sorry,” said Boos of the DP-3T circumcision. “In fact, we just wanted to put the different options at the same level as the ones that exist. There are still all of these options and we really appreciate the work that our colleagues and others are doing.
“You know there is a discussion about this in the crypto community and we encourage this discussion as it is always good to improve the protocols. What we have to keep in mind is that we are not talking about crypto here, we are talking about pandemic management and as long as an underlying transport layer can guarantee good enough confidentiality as governments can choose what they want. “
Boos also said that the PEPP-PT would finally publish some technical documents this afternoon – choosing to publish information about three weeks after its public unveiling and on a Friday evening (a seven-page “high-level preview” has since been posted on their GitHub here [this link has since been deleted – Ed.] – but still far from the code to be revised) – while doing a simultaneous plea for journalists to focus on the “big picture” of the fight against the coronavirus rather than remaining obsessed with technical details.
At today’s webinar, some scientists supporting PEPP-PT explained how they are testing the effectiveness of Bluetooth as a proxy for tracking the risk of infection.
“The algorithm we have been working on examines the cumulative amount of time that individuals spend in close proximity to each other,” said Christophe Fraser, professor in the Nuffield Department of Medicine and lead group leader in Pathogen Dynamics at the Big. Data Institute. , University of Oxford, offering a general introduction to using Bluetooth proximity data to track viral transmission.
“The goal is to predict the probability of transmission from proximity data from the phone. The ideal system therefore reduces the quarantine requested to those most at risk of being infected and does not give notification – even if a proximity event has been recorded – to people who are not at risk of being infected. “
“Obviously, this will be an imperfect process,” he continued. “But the key point is that, in this innovative approach, we should be able to check how correct this information and notifications are – so we really need to see, among the people who received the notification, how many actually , they were infected. And among the people identified as contacts, how many were not.
“The audit can be done in different ways for each system, but this step is crucial.”
Evaluating the effectiveness of digital interventions will be vital, says Fraser – whose presentation could have been interpreted as arguing that public health authorities have more complete access to contact charts. But it is important to note that the decentralized protocol of DP-3T clearly provides that the users of the application choose to voluntarily share the data with the epidemiologists and the research groups to allow them to reconstruct the graph of interaction between the users. infected and at risk (alias to access a proximity graph).
“It is really important that if you are going to do an intervention that will affect millions of people – in terms of these requests to [quarantine] – that this information is the best science possible or the best possible representation of the evidence at the time you give the notice, “added Fraser. “And therefore, as we progress, this evidence – our understanding of how the virus is transmitted – will improve. And in fact, auditing the app can help improve that, so it seems critical that this information is fed back. “
None of Aligned PEPP-PT apps that are currently used for testing or referral connect to national health authority systems, according to Boos – although he cited a test in Italy that was connected to a company’s health system to run tests .
“We provided the application builders with the backend, we provided them with sample code, we provided them with protocols, we provided them with the science of measurement, and so on. We have an app that just doesn’t work in a country’s healthcare system – on Android and iOS, “he noted.
On its website, the PEPP-PT lists a number of “members” of companies which support the effort – including Vodafone – alongside several research institutes, in particular the German Telecommunications Institute Fraunhofer Heinrich Hertz (HHI ), who would have led this effort.
HHI Executive Director Thomas Wiegand was also in attendance today. In particular, his name originally appeared on the list of authors of the DP-3T white paper. However, on April 10, he was removed from the list of README and author files, according to the history of his GitHub document. No explanation for the change was given.
During today’s press conference, Wiegand made an intervention that does not seem likely to make him like the crypto community and digital rights at large – describing the debate around the cryptographic system to be used for the following COVID-19 contacts as a “parallel exhibition” and expressing concern that what he called “the open public debate” of Europe could “destroy our ability to get out of it as Europeans”.
“I just wanted to make everyone aware of the difficulty of this problem,” he also said. “Cryptography is just one of the 12 building blocks of the system. So I would like everyone to come back and reconsider the problem we find ourselves in here. We have to win against this virus… or we have another lock or we have a lot of big problems. I would like everyone to think about it and think about it because we have a chance if we act together and really win against the virus. “
The press conference got off to an even worse start after the Zoom call was disrupted by racist spam in the chat area. Just before that, Boos launched the call saying that he had heard “more technically savvy people that we shouldn’t be using Zoom because it’s not safe – and for an initiative that wants the security and privacy is not the right tool. “
“Unfortunately, we discovered that many of our international colleagues only had it on their corporate PCs. Over time, either Zoom needs to improve – or we need to improve the facilities. It is certainly not our intention to disclose the data from this Zoom, “he added.