Contact research or contact sport? Defects and accusations emerge among the efforts of the European application to prosecute COVIDs


European efforts to define a protocol for contact tracing aimed at facilitating the detection of COVID-19 cases by the authorities seem to have a fairly sharp disagreement.

One of the efforts is the Pan-European confidentiality and proximity monitoring (PEPP-PT) , an effort based in Germany to develop a protocol for contact tracing. The other is the Decentralized proximity tracking protocol preserving confidentiality, DP-3T, an effort based in Switzerland.

The register received correspondence from a DP-3T developer describing PEPP-PT as “a horrible invasive solution to privacy”.

At least two PEPP-PT participants are sufficiently concerned about this to have withdrawn from the effort.

Possible reasons for the discomfort, such as describes by cryptography researcher Nadim Kobeissi, are that the PEPP-PT has not yet revealed the substantive details of its proposed scheme, does not appear to have many really active participants, and advocates centralized access to certain data.

But partner of PEPP-PT, the French National Institute for Research in Digital Science and Technology Inria arose a brief paper [PDF] this means that the whole decentralized distribution of information about who has COVID-19 has more disadvantages than centralized control of this data in the hands of health authorities. Inria even gave its plans a new acronym to remember: the ROBUST proximity tracking protocol and preserving confidentiality – alias ROBERT.

As The register report last week the European Commission has published a toolkit to inform the development of contact tracking applications across the block. This document [PDF] considers PEPP-PT as a possible model.

A little perspective too: The register read the privacy policy for the Indian national contact search application “Aarogya Setu”. This document indicates that the application collects the age, gender, phone number, profession and name of the users. It tracks users with GPS and Bluetooth. And although this information will not be uploaded to the government before a positive COVID test, “all personal information collected from you … at the time of registration will be kept as long as your account exists and for a later period, as required by everything currently in effect. ”

Which makes the European struggle for this sort of thing quite enjoyable in some ways! ®

Webcast: Build the Next Generation of Your Business in the Public Cloud


Notify of
Inline Feedbacks
View all comments