Data protection advocates prevail: Germany builds a Covid-19 tracing app with decentralized storage.

Covid-19 apps are being built to track the spread of the coronavirus. While others commission Palantir to build such an app, Germany listens to privacy advocates to ensure acceptance.

2020-04-29
The original plan of the German government was to build a corona tracing app that should store data centrally. Due to heavy criticism, the German government changed course: The tracing app that will warn people about having been in contact with an infected person will only store contact data on mobile phones, just like data protectionists demanded.
SIGN UP

Decentralized corona tracing app

On Wednesday last week, the German government published their plan to build a Covid-19 tracing app with a central storage of data at the Robert Koch-Institut - the German institution to manage public health and monitor the spread of the coronavirus. The Covid-19 tracking app should be based on PEPP-PT - a project that was first praised for its privacy-friendly approach, but later criticized due to sticking to the central data storage approach despite security and privacy threats.

Even though the Robert Koch-Institut is a highly respected institution in Germany, data protectionists managed to raise the public attention against such a centralized storage of highly sensitive health data.

The German Chaos Computer Club as well as other associations fighting for privacy rights issued a very clear statement:

"This week, around 300 international scientists and scholars have signed an open letter in which they criticize the data protection concept of PEPP-PT based on the central data storage approach and strongly advise against it. ... Any approach of a potential misuse of health data must be firmly opposed."

"A corona tracing app should, if at all, only be based on a decentralized approach - such as for example, the DP-3T (Decentralized Privacy Preserving Proximity Tracing) concept. Otherwise, it is to be feared that the low data protection of a centralized approach and the absence of technical restrictions against misappropriation will lead to the erosion of confidence in the use of such an app and thus the acceptance for later digital solutions."

Successful protest of data protectionists

The protest of data protectionists was successful: The planned coronavirus tracing app is now to store contact data on personal mobile phones instead of on a central server. The German government changed course and published a statement on Sunday - only five days after publishing the original plan - saying that they will "promote a decentralized architecture that stores contacts details only on the devices, thus creating trust".

While the German Federal Health Minister Jens Spahn (CDU) had recently stated that he preferred a central storage of user data, the government took into account that not just the technical side is important, but also a wide acceptance within the general public.

In developing a tracing app, the German government is pursuing an approach that is based on "voluntariness, complies with data protection regulations and guarantees a high level of IT security". From an epidemiological point of view, the main goal is to detect and interrupt chains of infection as early as possible - and for that a widespread acceptance is absolutely necessary.

In contrast to this privacy-friendly approach in Germany, it has recently been published that the Trump administration is commissioning Palantir, the so-called surveillance company wiht building a coronavirus tracking app.

Voluntary approach must have widespread support

Germany depends on as many citizens as possible to voluntarily install the app. According to estimates, at least 60 percent of all people in Germany must use the app in order to effectively trace coronavirus infection chains. By also testing contact persons of infected people, the goal is to prevent a second wave of infection when the contact restrictions are further being relaxed.

The authorities are currently in talks with Google and Apple about corresponding functionalities. The Covid-19 tracing app is intended to record which smartphones have come close to each other - and warn users if it later turns out that they were being close to an infected person. Such an app would be installed on the smartphone, which would then communicate with the same app on other smartphones via Bluetooth.

Google's and Apple's involvement

Google and Apple also favor a decentralized model for a Covid-19 tracing app. They plan to offer a common interface in their market-dominant mobile operating systems by May, and a little later all the necessary functionalities that will make an additional app superfluous.

But the role of the platform giants Google and Apple is problematic in regards to protecting ones privacy. Particularly Google is known for its surveillance capitalism. Enabling Google and Apple to now also track our social behavior as well as sensitive health data will substantially add to this severe privacy issue.

Although the Silicon Valley companies emphasize that the decentralized design alone means that no link can be made between the cell phone IDs and the user profiles stored on them, data protectionists fear that this claim cannot be trusted due to the fact that the data giants use closed source code.

Plus, it is already known that Google has long been particularly interested in the health data of its users. In consequence, relying on Google and Apple for effective Covid-19 tracking might backfire in the future.

Nevertheless, developers around the world must keep working on privacy-friendly Covid-19 tracing apps so that in the near future we can

  • trace the spread of coronavirus
  • and at the same time protect everyone's right to privacy.

In these difficult times, it is essential to fight the coronavirus without giving up our Human Right to privacy.

SIGN UP
Author
Black and white picture of Hanna being shocked a bit.
Hanna is part of the Tuta team since the launch of the secure email client Tutanota in 2014. Over the years she has become an expert in explaining cryptography to the average internet user, making sure that everyone understands why privacy matters and how encryption helps to protect ones data on the web.
Top posts
Threat Modeling In 2024: Your Guide For Better Security
10 Best Private Email Services in 2024
Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US
Why Use A Password Manager - And Our Top 3!
Anonymous email: Create an email address without a phone number.
The Illusion Of "Swiss Privacy" Being The Best
10 best free email accounts in 2024
Latest posts
The Russian Hacker Group Sandworm is Back: New Kapeka Malware Secretly Infecting Systems Since 2022
Google Search Is A Problem: How Google Is Crushing Tuta.
20 years ago Gmail revolutionized email. It’s time for a new revolution!
If You Want Privacy, the US Congress Is Saying You Are A Criminal
Terminate subscription
Company
Community
Team
Jobs
Terms
Privacy
Legal notice
Development
Changelog
Roadmap
Security
Encryption
Open Source
GitHub
Features
Secure Email
Encrypted Calendar
Business
Support
Forum
Press
Support
Language
English
Translate