Translated Article: Ten EU Countries already rely on decentralized Corona Virus Apps

Sanna/ May 12, 2020/ Security, Stories

Schon zehn EU-Staaten setzen auf dezentrale Coronavirus-Apps by Erich Moechel for

Apple and Google also support the privacy-friendly, decentralized protocol DP-3T. Without technical support in the operating systems of these two groups, no app with Bluetooth tracing can deliver useful results.

The decision by Austria and Switzerland to use a corona virus app with decentralized data storage (DP-3T) triggered a chain reaction. By Friday, ten EU countries had already left the large-scale “Pan-European Project for Data Protection-Compliant Person Tracing” (PEPP-PT). The centralized data collection of PEPP-PT leaves all possibilities for data mining open, a deanonymisation of the data is also included.

Apple and Google, which support the DP-3T standard, are constantly publishing new specifications for the necessary app interfaces in Android and IOS. Without the support of these two companies, whose operating systems control the global smartphone market, not a single corona virus app can deliver useful results through Bluetooth tracing.

The current status in Europe

Already when the third country, after Austria and Switzerland, announced the switch to DP-3T, the alarm bells should have rung for the competing PEPP-PT project. Because this country was Estonia, which is seen in the EU as a digitized model country. As a result, things started to happen, the Netherlands announced that it would discard its already developed apps and start from scratch with DP-3T.

With Italy and, after fierce internal discussions, Germany, two EU heavyweights joined the ranks. Ireland turned around on Friday, and now there are already ten EU countries that have rejected their original big data plans and are now opting for a solution that actually complies with data protection regulations. Of the other European countries, only France and England are currently aggressively advocating the centralized approach.

Clarification on terms

Because the technical issues and terms have been mixed up in the media recently, here is a little clarification. DP-3T does not become a corona virus app; rather, it is the generic term for the protocols used for Bluetooth tracing and for communication with an external server. Google and Apple also do not code a corona virus app, rather they install interfaces (APIs) in Android and IOS, to which the apps can dock on to.

In addition, additional functions are set up in both operating systems so that the apps can run in the background but still send out Bluetooth beacons. For security reasons (danger of stalking), such hidden functions for apps have so far been blocked by Apple at the operating system level. Google released the first additional functions for Android on Friday, which can also be used by all docked apps.

Bluetooth problems that only Google can solve

The most important function, namely the successful exchange of Bluetooth IDs, on which all concepts are based, has so far been the only criterion for possible close contact with an infected person. Of course this is not yet an exact measurement of the distance between two smartphones, but at best a rough estimate. Google has therefore introduced the received signal strength and the duration of contact of the smartphones as additional criteria, which makes the assessment somewhat more precise.

The telephones must have been in constant contact via Bluetooth for at least five minutes, which also helps to further reduce false hits. The spread of microwave radio in the range of 2.4 GHZ – Bluetooth – depends largely on environmental factors. If there are smooth, reflective surfaces, the range can occasionally increase enormously due to reflections. If the smartphone is held to the ear for phone calls, the Bluetooth range also increases. Another factor is the positioning of the Bluetooth antenna, which is embedded in the housing, because these spiral or quad antennas have a significant directional effect.

Using the example of a train journey

Here is an example from everyday life. A half-hour train journey in a sparsely populated open-top wagon can produce completely different results. Anyone who spends most of the time on the phone, possibly even standing, will end up collecting the Bluetooth identifiers of almost all smartphones in the wagon, although only one or two people actually came into critical proximity.

If the smartphone stays in your jacket pocket, that’s not just far fewer contacts, but, what’s more, the Bluetooth IDS of the two people who were in critical proximity could be missing. If these people have keychains or other metallic objects in their jacket pocket next to their smartphone, this can block Bluetooth contacts.

Preliminary conclusion and a mystery

It won’t stop with these ten countries, that’s pretty clear now. Any centralized solution, perhaps combined with obligations and coercive measures, will fail in two ways. First, technically on the smartphone operating systems, since Google and Apple have now decided on a decentralized solution. The second factor is smartphone owners, who will not entrust information about their health and their private tracks to any technical solution, who will run big data analyzes on it and who may have it carried out by private companies.

It still remains a mystery why a prototypical “data octopus” like Google is working for a solution in which there is practically no metadata for the corporations to gain. The reason for this can only be hinted at at this point in time, it has to do with corporate interests and strategies that are far above the daily business of collecting data. The outbreak of the corona virus has turned many things upside down, in this case the corporations were suddenly given a trump card against the EU Commission.

Share this Post