European efforts to define a protocol for contact tracing aimed at facilitating the detection of COVID-19 cases by the authorities seem to have a fairly sharp disagreement.
One of the efforts is the Pan-European confidentiality and proximity monitoring (PEPP-PT) , an effort based in Germany to develop a protocol for contact tracing. The other is the Decentralized proximity tracking protocol preserving confidentiality, DP-3T, an effort based in Switzerland.
The register received correspondence from a DP-3T developer describing PEPP-PT as “a horrible invasive solution to privacy”.
At least two PEPP-PT participants are sufficiently concerned about this to have withdrawn from the effort.
The DP-3T alphas are public for tests and comments.https://t.co/TCyUfa9b0i
– Cremers case (@CasCremers) April 18, 2020
I personally dissociate myself from PEPP-PT. Although I firmly believe in basic ideas (international, privacy-friendly), I can’t support something that I don’t know what it represents. Currently, PEPP-PT is not sufficiently open and it is not sufficiently transparent. 1/3
– Marcel Salathé (@marcelsalathe) April 17, 2020
Possible reasons for the discomfort, such as describes by cryptography researcher Nadim Kobeissi, are that the PEPP-PT has not yet revealed the substantive details of its proposed scheme, does not appear to have many really active participants, and advocates centralized access to certain data.
But partner of PEPP-PT, the French National Institute for Research in Digital Science and Technology Inria arose a brief paper [PDF] this means that the whole decentralized distribution of information about who has COVID-19 has more disadvantages than centralized control of this data in the hands of health authorities. Inria even gave its plans a new acronym to remember: the ROBUST proximity tracking protocol and preserving confidentiality – alias ROBERT.
As The register report last week the European Commission has published a toolkit to inform the development of contact tracking applications across the block. This document [PDF] considers PEPP-PT as a possible model.
Which makes the European struggle for this sort of thing quite enjoyable in some ways! ®
Webcast: Build the Next Generation of Your Business in the Public Cloud