Today, the French National Institute for Research in Digital Science and Technology (Inria) published a PDF document titled “Proximity Tracing Applications: The misleading debate about centralised versus decentralised approaches”.
Inria is one of the few academic partners left in PEPP-PT, after growing concerns by former PEPP-PT members about the initiative’s take on transparency, openness and commitment towards open source.
In the three page document, Inria favors a centralized approach.
In short, Inria wants the matching between diagnosed users and their contact graph to happen on the server.
This would very likely be in direct violation of Apple’s take on privacy. The preliminary Cryptographic Specification published by Apple earlier this week is very clear:
“The server must not retain metadata from clients uploading Diagnosis Keys after including them into the aggregated list of Diagnosis Keys per day.”Apple Contact Tracing Cryptographic Specification, Page 6
Since the approach Inria suggests would require the server to actively send out notifications, a direct consequence would be for the server to hold at least additional meta data to facilitate a notification infrastructure. Which Apple rules out for very good reasons.
The rest of Inria’s document primarily tries to downplay privacy risks by making broad assumptions like these:
“In particular, it does not pave the way to mass surveillance […], unless malicious authorities massively deploy Bluetooth receivers.”
“This back-end system must nevertheless be secured,Inria Proximity Tracing Applications: The
and regularly audited and controlled by trusted independent authorities”
misleading debate about centralised
versus decentralised approaches
This is as much as saying: As long as nobody tries to exploit our solution, it is secure and therefore not exploitable.
Obviously, the entire debate is about creating a solution which is privacy-preserving knowing that there is potential for attacks. Inria’s underlying assumption that all entities involved in building Contact Tracing solutions can be blindly trusted now and in the future is a bad argument for an approach, which should be ruled out from the beginning.
Luckily, Apple has made this very clear.
What this means for PEPP-PT remains to be seen. Right now, the most promising and open solution seems to be DP-3T.