(By Gianluca Liva, contributing scientists listed at the end of the article) – European countries are adopting progressive measures to loosen the lockdown imposed by the Covid-19 pandemic. We are entering a “new normalcy”, the age of living with risk and social reorganization. Digital tracing is considered a promising tool to enable a return to normal social life by helping to monitor and reduce the spread of contagion. Will such an application prove effective? Could such an application ‘compromise’ the concept of privacy?
Technology against a pandemic – In the wake of earlier developments in some Asian countries, the idea of adopting contact tracing technology to curb the spread of the coronavirus in Europe became known to the public. At the end of March, the model-based study of a research group led by Professor Christophe Fraser at the Big Data Institute at Oxford University, contributed to strengthen this possibility. Researchers came to the conclusion that “the epidemic can be stopped if contact tracing is sufficiently fast, sufficiently efficient and happens at scale”. In particular, Christophe Fraser stated that “our models show we can stop the epidemic if approximately 60% of the population use the app, and even with lower numbers of app users, we still estimate a reduction in the number of coronavirus cases and deaths.”
In the European context – where privacy has to be guaranteed and protected by default – after an initial focus on data location, the attention converged on Bluetooth. A technology suitable to exchange information between different devices via a low range radio frequency, Bluetooth is used to emit and detect unidirectional signals (beacons) that could be used to determine close proximity between users carrying mobile devices (smartphones). This system does not require the use of GPS and, in principle, it can protect people’s privacy by relying on anonymous tracing of contacts. It seemed a quite good choice. At stake was the key outstanding issue to choose between two technical architectures for data storage and matching: a centralized system and a decentralized one. What is the difference, in a nutshell? In the centralized approach, data is collected into a single national “centre”, while in the decentralized approach each device stores data within it. Also, where does the matching between data from different users take place? Both systems use a backend server to exchange information. A debate involving developers, governments, privacy experts and epidemiologists heated up.
At the beginning of April, the European Commission officially took the floor on the topic and in Press Release called for a common coordinated approach among all Member States for the development of a useful technology to counter the spread of the virus, in full respect of the EU data protection standards.
In the same days, the first European cross-border initiative in the scenario of ‘tracing applications’ development was officially launched, the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT). Created to assist national initiatives by supplying “ready-to-use”, well-tested, and properly assessed mechanisms and standards, as well as support for interoperability, outreach, and operation when needed, the PEPP-PT consortium initially involved 8 European countries and about 130 researchers.
Very quickly, a team of researchers led by Professor Carmela Troncoso published the Decentralized Privacy-Preserving Proximity Tracing protocol proposal (DP-3T), involving a decentralized data collection, based on a close collaboration between computer scientists and epidemiologists. The reference to the DP-3T approach quickly disappeared from the PEPP-PT website, undermining the initiative.
As Google and Apple entered the scene and announced a new collaboration in adopting, on their respective mobile operating systems, a solution similar to the one proposed by DP-3T, the debate about centralized or decentralized model got hotter and hotter. It soon became clear that centralized protocol-based apps would not be able to run continuously on many devices, making them ineffective.
Privacy and technical issues – The arguments put forward by the promoters of the PEPP-PT consortium revealed unconvincing and insurmountable technical problems, widespread lack of transparency with partners and criticisms from the cryptographers community quickly pulled the initiative out of the scene. This turning point helped to bring attention back to some key points of using tracing technology: the real reasons why it should be used and the possible consequences for the future of European privacy. There are so many unknowns about the virus and its spread in the near future that we can only speculate that tracing technology might be useful. Carmela Troncoso, (EPFL) said during a webinar: «The app has two goals: one of them is a notification that you have been in contact with a positive person, the other one is to give information to the epidemiologists to gather more information about the disease. Mainly in this case directed to modify policy. The DP-3T has purpose limitation by design. The most aggregated data we can provide is for each at risk person how long they were around people that are infected and how long they were around people that were not infected and what is the distance. That allows epidemiologists to actually understand whether these “two meters 15 centimeters” is actually arbitrary or not. If actually the disease is spreading because of contact or close proximity or not. Because we really don’t know».
The uncertainty of the New Normalcy – While uncertainty has become part of our daily lives, discussions like the one still ongoing on contact tracing technologies are crucial to guide citizens in choosing their future. Across Europe we have seen computer scientists, cryptographers, journalists, philosophers and activists taking part in a debate that, at times, has been about what we want to be, the world we want to live in. While in mid-April it seemed obvious that many countries in Europe would choose to develop an application based on the protocols provided by the PEPP-PT consortium, today we are turning in a completely different direction. The long and complex discussion heating up throughout Europe have further slowed down the decision-making process, affecting society. By now, many of the governments that were initially inclined towards a centralized protocol turned their attention to a decentralized approach. However, the end of the story seems a long way off.
Interesting enough, in Italy, the company chosen by the government to develop the “Immuni” app – Bending Spoons– was already in contact with Christian Boos’ Arago even before the world knew of the existence of the PEPP-PT. But after a few weeks, it moved to the decentralized model proposed by Apple and Google. And now the use of ‘electronic bracelets for kids’ is even contemplated at schools or at the beach. At the end of April, the German government declared that it would adopt a decentralised approach to digital contact tracing.
In France, Apple has been accused of trying to influence technical standards for public health tools. The government insists on keeping contact data in a central database (for the authorities to track suspected coronavirus cases) while Apple and Google prefer data to be stored on the phones themselves, out of government reach, saying this would better protect the privacy of users. In Great Britain, after criticism of the first app based on a centralized protocol, there has been an intense speculation on the need to “move to a different model”, after piloting it in the Isle of Wight and learning lessons from other countries”.
The issue remains that of the app’s continuous operation on a system such as iOS. In early May, Apple and Google released the first version of the API on which developers can work on a functional contact tracing app. The two companies have created a framework base which provides a decentralized protocol for contact tracing. Therefore, the Apple/Google proposal appears to meet the requirements of the European Commission, but many believe that it is likely that the API will remain and not be dismantled in the future.
The willingness to deal with the spread of COVID-19 and to return to normal social life as soon as possible comes up against the uncertainty of something completely new. Researchers move with caution. Why have many European governments acted with great haste?
Bringing the debate back to its fundamentals seems to be a necessity. On the one hand, the possible usefulness (to be verified) of an unprecedented instrument. On the other hand, the risk of the scenarios to which a rash choice could lead.
The European Commission, after releasing the recommendations on the development of a tracing app, in a last-week statement said that “EU citizens must be able to receive alerts of a possible infection in a secure and protected way, wherever they are in the EU, and whatever app they are using”. It also reaffirmed the stance that Europeans shouldn’t be forced to install and use contract tracing applications. The EU Members States in the eHealth Network, with the support of the European Commission, adopted interoperability guidelines for approved contact tracing mobile applications in the EU, first follow-up action envisaged by the Union toolbox for the use of mobile apps to support contact tracing in response to the coronavirus pandemic presented in April.
On 17 April, the European Parliament adopted a resolution, stressing that any digital measures against the pandemic must be in full compliance with data protection and privacy legislation. It should be made clear how apps are expected to help minimise infection, how they are working and what commercial interests the developers have. Their use should not be obligatory and they should be dismissed once the pandemic is over. The potential risk of abuse should be clearly limited and the generated data – anonymised – should not be stored in centralised databases.
The use of contact tracing apps was discussed in the European Parliament on 14 May at the plenary session. The debate focused on the risks linked to possible misuses of tracing apps when implementing some measures meant to relax the lockdown (for instance the controversial ‘immunity passports’ to move around boarders) and easily falling into some kind of ‘surveillance’
After all these weeks, some issues are still to be clarified. The inventors of Bluetooth technology themselves – Jaap Haartsen and Sven Mattisson – warned about the effectiveness of a system based on it. The radio signal can be lost under certain conditions and has never been synonymous of accuracy. This brings us back to the starting point: an application cannot be considered just a panacea against the coronavirus. Digital contact tracing cannot yet effectively replace “human” contact tracing, quite the contrary.
This article was first published on the European Science Media Hub by Gianluca Liva, supported by the international scientists Hans-Christian Boos, Jürgen Geuter, Michael Veale and Paolo Attivissimo.