Decentralized protocol removed from EU contact tracking website without notice

Decentralized protocol removed from EU contact tracking website without notice - 6a0120a5580826970c025d9b468083200cThe Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) consortium, which has the task of helping to develop protocols for a privacy-focused EU contact tracking system, removed any mention of the proposed protocol from its website. decentralized Decentralized Privacy-Preserving Proximity Tracing (DP3T).

An unpleasant surprise

Contact tracking is the process by which health authorities monitor the spread of viruses, identifying who has been in contact with infected people and should therefore be placed in quarantine.

The DP3T team, which is handling it, was not notified of the consortium's decision nor was it invited to attend a PEPP-PT meeting to clarify what happened.

“There are also other changes that know about centralization, and we don't know what the German government means when it says it intends to implement the" PEPP-PT architecture "since it does not currently exist. All of this seems very worrying because they could implement something that hasn't been publicly reviewed, "said someone close to the DP3T negotiations.

The privacy of EU citizens is at risk

It is not clear what a PEPP-PT protocol could be, since the consortium website, while listing the general guidelines, does not offer concrete proposals. A centralized approach presents greater privacy risks, as well as the potential for re-appropriation of data for other purposes, such as state surveillance.

The difference between decentralized and centralized systems is not benign in this context. In Germany, the government has stated that they will publish an app in a matter of weeks, according to the Financial Times, but which app will be exactly unclear.

Supporters of Healthy Together, one of the German options of the app, focused on the app's data protection measures, based on the PEPP-PT framework. This app does not involve geolocation data, but the monitoring of Bluetooth proximity, which would be processed locally on users' phones.

But Linus Neumann of the Chaos Computer Club, the largest hacker network in Europe, told the Financial Times that the anonymity of the app could be compromised even with minimal changes.

What are we going to meet?

Kenneth Paterson, who is a professor at the cryptography group applied to the ETH Zurich Computer Science Department and is working on the DP3T proposal, said he could not be sure what PEPP-PT is building now.

"Their system is closed and cannot be reviewed by outside experts," said Paterson. “We can't look at the code. So the system may be full of bugs. It may have a back door for security services. Nobody outside of their closed project can tell. "

"This opens the door to hell of privacy: this could give governments the opportunity to create a" social chart "for all those who download the app, or they will be able to understand who is in the immediate vicinity of whom.

To be useful in tracking Covid-19, apps should be downloaded by at least 60% of the population, according to an article published in Science. All of this then becomes the forbidden dream for security services. " This story is still developing, we will keep you updated!