[ad_1]
We carry our smartphones with us at all times. These devices now help prevent further uncontrolled spread of the corona virus. How is that compatible with the protection of our privacy?
A coronavirus vaccine is not yet in sight. A full lock by then is also impractical. Technology is now there to remedy the situation: Smartphones must help identify people who have been in contact with an infected person so that they can be quarantined before infecting others. Especially in Asia, solutions were developed that access GPS and smartphone connection data. In Europe, however, there are concerns about how such applications can be reconciled with protecting the privacy of citizens. A pan-European working group of researchers and industry representatives formed surprisingly quickly. Under the name PEPP-PT, they planned to develop a solution that took these concerns into account, until the group split into two fields, each with different approaches: a central, decentralized solution for data storage.
Central and decentralized protocols should not differ in their operation: in both cases, smartphones emit encrypted IDs at regular intervals via Bluetooth. Other smartphones that have the same compatible tracking application installed or listen to these messages at the same time and keep all the identifications that they could receive.
Contact tracking apps: how they work
The decentralized and central versions work similarly.
Since Bluetooth transmissions only work at close range, this automatically generates a list of other devices that you have been close to for a long time.
As a user, there is no need to do anything – just carry your smartphone with the app activated. If you stay close to another person for a long time with the app also activated, the two smartphones should have the opportunity to exchange IDs. Thus, an epidemiologically relevant contact is registered. Contacts that are older than two weeks are automatically removed from the contact list.
The differences between the two approaches can be seen when installing the application and in the case of an infection.
Central model: installation
The central server knows each download.
In this case, the central server provides the published IDs via Bluetooth during operation. If a device has used all these IDs, a list must be requested again from the central server.
Central model: infection
The server receives a list of all contacts for the past two weeks.
By contrast, the decentralized DP-3T approach, developed by EPFL scientists in Lausanne, tries to keep communication with a central server to a minimum and keep as much data as possible on the smartphone.
Decentralized model: installation
When the application is downloaded, it does not communicate with a central server.
The server in the decentralized model is only used to exchange the keys in case of an infection. Information about which devices have found which other devices remains on the smartphones themselves.
Decentralized model: infection
Only keys are exchanged. The contact lists remain local on the respective devices.
In the case of the decentralized approach, the contact list never leaves the user’s device. This makes it impossible to use these lists to reconstruct movement patterns and relationship networks.
Proponents of the central approach argue that it is faster to respond to new epidemiological findings. If, for example, it turns out that viruses spread more than two meters above, the algorithm that calculates who should be notified could be adapted accordingly on the server.
Additionally, the contact information collected would be a valuable source of research that could be used to track how the virus spreads from person to person.
Critics criticize that any accumulation of data in one place increases the risk that it falls into the wrong hands and is used for purposes for which it was not intended.
Proponents of the decentralized model are in the lead, as they have received support from a possibly decisive side: both Google and Apple want to install interfaces on their smartphone operating systems with which tracking applications can access the Bluetooth function, and so far The two tech companies only support the decentralized version. This could have been the deciding factor that, after Switzerland, Germany also decided to develop applications using the decentralized protocol.
