Today, Germany’s government officially dropped the centralized design for its upcoming contact tracing app, advocated for pretty vocally by PEPP-PT. With this, they finally end a passionate debate about the value of privacy in times of a global crisis and PEPP-PT’s failure to communicate transparently and consistently.
These are good news, however, I start hearing some common misconceptions about the role of Apple and Google in this. Some folks try to paint this as a victory of Corporate America over Germany’s best interests.
Make no mistake: The failure for Europe to deliver any successful mobile operating system platform has in deed created a very strong dependency. However, this is not new and civil society organizations have been criticizing it since forever. It has nothing to do specifically with Apple and Google enabling contact tracing on mobile devices.
Here are the top arguments I keep hearing:
- Apple and Google want to own your data and will run the contact tracing servers. –
No, they don’t. They leave the server side to authorized governmental institutions, e.g. health organizations.
- Apple and Google gain access to your entire contact history. –
Wrong. Nobody will. They designed the system in a way, that the proximity history will never actually leave your phone. That’s the entire point of enforcing a decentralized design.
- Apple and Google should not be trusted. –
Well, all of us already trust the two to a certain degree, since they own the Operating Systems which power our smartphones.
Folks who see this as an alarming victory of Apple and Google have yet to provide a non-political, technical analysis of why – regarding the collection of data – this might be worse than what PEPP-PT was trying to push through.
The core contact tracing feature can now hopefully be built within weeks. We’ve lost enough valuable time for a debate mainly driven by lobbyists with an at least questionable agenda.
Jens Spahn and Helge Braun hopefully learned a lesson about proactive and open communication from the PEPP-PT disaster and will provide an update, soon.
- Who has been tasked with developing the apps?
- What’s the current status?
- When will the code be published as open source for independent reviews and audits?
- What are the plans for developing, hosting and operating the server systems?
In parallel, I’d love to see experts in Differential Privacy to gather and start thinking about features which would allow users to voluntarily and optionally provide epidemiologists with additional information that would facilitate better research.