Get started
Corona-Warning-App: Decentralized Approach for More Data Protection

Corona-Warning-App: Decentralized Approach for More Data Protection

Florian Scheuer
6/16/20 11:22 AM
As announced by Health Minister Jens Spahn, the new corona warning app is to be presented today. He stressed that high demands were placed on data protection and also energy efficiency during development. He also hoped for a high level of acceptance among the population, as every user would contribute to containing the pandemic.
The basic aim of the Corona-Warning-App (or Exposure-Tracing-App) is to improve the tracking of infection chains and to prevent a further sharp increase in the number of cases within the framework of a far-reaching relaxation of public life. If, for example, a user is infected with the corona virus and this is reported via the app, other users are informed about their - direct or indirect - contact with this infected person and possibly immediately requested to undergo a Covid19 test. In principle, the aim is to inform potentially infected people about the possible risk so that they can be tested and quarantined more quickly before they become infected and infect others. This can be a great relief for public health authorities, which have been taking over the task of contact tracing up to now and are dependent on conventional procedures.
In recent months there have been misunderstandings about how many citizens would need to use the app to make it effective. Again and again, the figure of 60 percent, which was mentioned in April in a study by Oxford University, fell. However, this figure was misinterpreted, as the authors made clear. According to the study, the effect of tracing apps has an impact on all levels of acceptance and 60 percent merely represents the number with which the spread could be completely stopped. In fact, even a much lower acceptance level is still of crucial importance in the fight against Covid-19.
At the technological level, the German-Swiss led initiative PEPP-PT (Pan-European Privacy-Preserving Proximity Tracing) provides the basic technology for development. A large number of recognised research institutions and companies are members of this initiative. Within the association, there have been repeated discussions as to whether the corona warning apps of various countries should function according to the principle of decentralised or centralised data storage. In the end, after a clear positioning of the country's IT community and a joint push by Apple and Google, Germany opted for the decentralized variant known as DP-3T (Decentralized Privacy-Preserving Proximity Tracing).
This step is to be welcomed for several reasons. The approach offers important advantages, particularly in terms of data protection. With the centralised storage of information, users must be confident that only coronavirus-related contact tracing is really carried out and that personal data is not unnecessarily collected or supplemented in a central service. Such an attack on data protection is not possible from the outset with the decentralised variant. This is because with this method, the tracing itself takes place in the smartphone, which means that no "social graph" - i.e. no model of the social relationships of users - is created at a central location. In addition, no central account is used and no identifying information is collected outside the own device. Another point is that large-scale abuse and attempts to deceive within the app are made very difficult here. This is because a decisive advantage of the decentralized version is that contact tracking, which protects individual users, only takes place on their own device. The tracing, which in turn protects other users, also only takes place on their smartphones. An attack with the help of falsified position information is therefore much more difficult to implement and also has a much smaller impact on the data protection of the entire system.
All in all, Corona-Warn-App is therefore well designed from a data protection perspective and could enable a more secure opening of public life. In addition, the open development as an open source project makes it possible to have a look at the code at any time and to convince oneself of the correct implementation. Here, too, the community makes a decisive contribution to creating trust.
It is important to emphasise that use must always be voluntary - where there is a possible obligation to participate, or where privileges are created as a result, such as attending events or certain places, users would be given incentives to trick the system. For example, they could eliminate tracing by temporarily disabling Bluetooth, which is used for tracking. It is also conceivable to use a second smartphone in order to always be able to show an app without warnings.
Of course, the search for contact persons has so far been carried out by the health authorities anyway. However, the use of a user-friendly and also data protection-compliant app will speed up the process and could be a valuable building block in combating the Covid pandemic. Some things will not work in the beginning and others will have to be fine-tuned to work properly. Nevertheless, we should conduct this experiment together, which could also be an important technology for future pandemics.

Get started – free forever!

10 Users – 10 GB and it's free forever:

Get your Free-DRACOON

Get informed when new blog posts are released!