Nexo

We’re Giving out 10 BTC in Rewards until the Bitcoin Halving

Learn More
Home » Technology » Researchers in Europe Condemn Centralized COVID-19 Tracking Approach

Researchers in Europe Condemn Centralized COVID-19 Tracking Approach

by

Two camps have emerged within the open-source COVID-19 tracking space in Europe. One solution, DP-3T, offers privacy-preserving benefits for citizens and is backed by over 300 scientists around the world. The other, PEPP-PT, is centralized and risks being repurposed for commercial uses or worse.

datawallet helps protect online privacy

Key Takeaways

  • Open-source researchers are working to create a privacy-preserving COVID-19 tracking protocol.
  • Two camps have emerged representing centralized and decentralized approaches to the same issue.
  • The centralized approach has been condemned by the research community after failing to provide credible documentation.

Share this article

As nations throughout Europe wrestle with how to contain the spread of COVID-19, several research units have been developing tracking solutions to help detect ill citizens. Not all of these solutions, however, offer equitable privacy measures for users. 

One offering could even spell the end of privacy rights for Europeans. 

Top Researchers Condemn PEPP-PT

The Pan-European Privacy-Preserving Proximity Tracing Initiative (PEPP-PT) was announced on Apr. 1, 2020. 

Researchers in Europe were assembled to develop software that would notify citizens if they had been in contact with someone who had tested positive for COVID-19. If detected, users would be advised that they should quarantine themselves.

Phone apps could then be built on top of this software and leverage devices’ Bluetooth signals. Researchers call it contact tracing and it is the same method that Google and Apple will use in their tracking solution. 

It is distinct from facial recognition software or so-called digital COVID-19 “immunity passports.” More importantly, it is much more challenging to repurpose certain Bluetooth-based contact tracing solutions for commercial purposes or mass surveillance. 

Concerns over repurposing such software are at the heart of an emerging controversy within the European open-source research community. 

One of the core tenets of the PEPP-PT had included mention of another protocol called DP-3T

In short, DP-3T offers many of the same tracking benefits plus decentralization. Data would be stored locally on the users’ device rather than in a central server or cloud. The Google and Apple COVID-19 tracking solution closely resembles DP-3T too.

This benefit is two-fold. 

In the first, a decentralized tracking protocol is far more secure from digital piracy. Though malicious agents could access some data, the prize would only be limited to a few users. A centralized server that stores a continent’s worth of citizen’s movements, for instance, is far more attractive for hackers. 

Secondly, a decentralized solution would have limited applications once COVID-19 has run its course, and tracking technologies are no longer needed. The primary threat of a centralized solution is that of repurposing valuable data for reasons beyond curbing a viral illness. 

It is for these two reasons that researchers have championed a decentralized approach. They claim that this method is safer and more ethical.

On Apr. 16, 2020, PEPP-PT had, however, removed any earlier mention of using DP-3T. 

A day later, Hans-Christian Boos, one of the primary organizers of PEPP-PT and founder of the AI firm Arago, told the German media that he recommends a centralized tracking solution for Germany. 

Meanwhile, PEPP-PT had already earned the attention of various governments and sizeable European research institutes, like Fraunhofer and Inria. Critically, there has been little in the way of transparency as to how PEPP-PT and relevant research groups are progressing.

Though discussions are actively populating DP-3T’s GitHub page and source code, PEPP-PT has done little to demonstrate a similar level of transparency. On Apr. 17, 2020, the project did publish a PDF document outlining its COVID-19 tracking solution on GitHub, only to remove it shortly after. 

Nadim Kobeissi, a cryptographer and former Inria researcher, mirrored a copy of the “hastily written” proposal on his blog. 

In an interview with Crypto Briefing, Kobeissi described the document as a “freshman-level attempt” at a safe tracking protocol. Further, the document does not appear to fall in line with Europe’s GDPR mandate. 

The concerns around PEPP-PT’s proposed COVID-19 solution, the opacity of the project thus far, and the high stakes have led many members of the initiative to drop support. Logos from the Swiss Federal Institute of Technology Lausanne (EPFL), KU LeuvenETH Zürich, and others have all been removed from the PEPP-PT site. 

Dr. Kenneth Paterson, a lead cryptographer at ETH Zürich, told Crypto Briefing that the institution “kindly withdrew” due to the centralization concerns. Paterson said: 

“The centralized solution poses two key problems. It neglects data minimization, which means that the only data collected would be that which is needed for the application. It also fails to acknowledge the potential for repurposing.” 

On Apr. 17., the European Parliament also voted in favor of a decentralized COVID-19 tracking approach that minimized data collection.

Today, Paterson followed this up with a joint statement from roughly 300 researchers across 25 countries that condemns protocols that fail to uphold user privacy and security.

Joint Statement from Researchers

The document concludes that all of the researchers represented will also be fully committed to developing ethical COVID-19 tracking services. 

This includes work on DP-3T, but also research within the TCN Coalition, the University of Washington’s CovidSafe program, and the Massachusetts Institute of Technology’s PACT initiative. 

Crypto Briefing has reached out to Hans-Christian Boos for commentary on PEPP-PT. He has not yet responded at the time of press. 

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.