In a previous post, I brainstormed about details of handling IDs in the context of a concept proposed by the Pan-European Privacy-Preserving Proximity Tracing initiative, PEPP-PT. I was also pretty vocal on Twitter about media outlets in Germany suggesting the imminent launch of “Corona Apps” as early as this Easter weekend – which I still believe to be a bad idea.
Last year, I sold my company to Vodafone. Vodafone is a member of the organization behind and supports PEPP-PT. Naturally, I am discussing whether and how we can probably help.
While I generally support the concept, my primary concern so far was the lack of technical information available to the community at large while at the same time promoting the release of tracing apps which might – in part – become mandatory. The one thing you don’t want in a situation like this is rushing out potentially immature software.
It turns out, there might actually be more information available as I assumed. Three days ago a GitHub repository named DP-3T was created, describing in much more detail the implementation of Decentralized Privacy-Preserving Proximity Tracing. Unfortunately, there seems to be no link or any mention to the repository anywhere on PEPP-PT’s website.
As of this writing, the repository contains a Simplified Three Stage Brief, a primer about Data Protection and Security and a White Paper drilling down in parts into the cryptographic aspects of a potential solution. Professor Thomas Wiegand (TU Berlin, Fraunhofer HHI), one of PEPP-PT’s founders, is mentioned as a contributor in all three of these papers.
The provided material looks promising, though it does not cover aspects related to the decentralization of the backend. Linus Neumann, spokesperson of the German Chaos Computer Club (CCC), has compiled a list of essential criteria for Contact Tracing apps. In Section II, 5 he states:
No central entity that needs to be trusted
A completely anonymous “contact tracing” without omniscient central servers is technically possible. It is not technically necessary to rely solely on the trustworthiness and competence of the operator of a central infrastructure, and to sufficiently protect users’ privacy. We therefore reject concepts based on this from the outset as questionable.(Translated via Google Translate)
I completely agree.
Any solution rolled out to potentially millions of people needs to come with a federated backend from day one. One might feel tempted to argue that “starting with a server run just by Robert Koch Institute” would be okay. It is not. Not putting data like this into the hands of a single authority must be part of the promise in the initiatives name: privacy-preserving.
So far I assumed Chaos Computer Club to be a member of the PEPP-PT initiative and hence taking charge of enforcing a reasonable degree of backend decentralization. However, as of this writing, CCC is not on the public member list.
At grandcentrix, we are planning to take a more in-depth look into the material provided by Professor Carmela Troncoso (lead author) and make our feedback available publicly as it develops.
P.S.: Yes, I’ve heard “permissioned blockchain” in this context. Right now, I’m not yet sure whether those would contribute anything to a solution for this concrete problem, but it’s worth exploring.