Head of information security systems at Cybernetica, privacy and security adviser to the Estonian coronavirus app development team Dan Bogdanov says in an interview why coronavirus apps being developed in Europe and Estonia are not a threat to privacy.
First of all, I saw that you are not on Facebook. Why is that?
I made the decision after the entry into force of the GDPR in Europe when Facebook was forced to change its user agreement. It caused them to ask for basically unlimited rights to my data and I decided I was no longer okay with that. Now, Facebook will not let me in unless I agree to these new conditions. I cannot even read my private messages. I continue to use other services, such as Twitter. I give out a lot less information about myself there.
Does that mean fears of corporations’ use of data are justified?
There are a lot of fears about mobile applications’ use of personal data and a lot of it is justified. It is not normal for a mobile game to constantly keep track of your location. The worst aspect of it is that for a long time, ordinary users didn’t even know what apps were doing. Luckily, over the past few years, Apple, Google and other companies have made phones periodically ask users whether they are sure various applications can continue using location data etc.
Coming now to Apple and Google’s contact tracing technology unveiled last week, why should we trust it?
Everyone will have to make the decision of whether to trust it for themselves. Based on what I know today, I believe in Apple and Google’s solution for two reasons. Firstly, because its description is public and the principles based on which it is built are from independent researchers. Secondly, if the technology and its limitations are built into the phone’s operating system, it is more difficult to develop applications that violate privacy. Several countries have already developed mass surveillance systems. It is ironic that Apple and Google are the ones to come up with a system to prevent it.
Please explain in simple terms how a “surveillance” application can ensure privacy?
The most important aspect of it is that the Estonian application will not know the user’s location. It will not be positioning the phone either using GPS or cell towers. You can even switch off GPS in your phone and the app will keep working.
The Estonian app creates a new random code every now and again and broadcasts it using Bluetooth. Other phones listen for these codes and save them but only if the signal strength is strong enough, in other words, if the two phones are in close proximity. Neither other phones nor the state will know who is behind the code as that information is stored only in your device.
If a person is diagnosed with the coronavirus, they press a button in the app. The application will then ask the person to confirm the diagnosis by allowing it to contact the patient portal and identify the user. This means that healthy people cannot register as having the disease. Once the diagnosis has been confirmed, the app will broadcast an equation created by the state than can be used to calculate codes associated with the device.
The application will download equations from the phones of users who have been diagnosed with the virus every day and if any of the codes the device has received in the past two weeks, for example, match any of the equations, it means the user might have been in contact with an infected person. The app will then recommend appropriate action.
The state already knows who is infected and will therefore not be given additional information. The information also does not reach device manufacturers. The user will not be told who the possible contact could have been.
How would you describe the consortium in Lausanne that developed the DP-3T protocol that has been used to develop the Estonian app and those of Google and Apple?
While the DP-3T project is headed by the Swiss Federal Institute of Technology Lausanne (EPFL), its team is multinational and the applications have been programmed by professional engineers. Apple and Google operating system solutions were also developed in cooperation with DP-3T scientists.
They set out to not only develop a solution for Switzerland but to work with everyone who values privacy and supports international cooperation. Their team also includes epidemiologists and lawyers, meaning that every technological choice is married to public health considerations.
They are generally people who are paranoid about privacy and trust neither countries nor corporations, which value is also reflected in the protocol they developed.
What does the global coronavirus app market look like from the point of view of privacy today?
A paper published in the journal of the American Medical Association in April suggests that South Korea has created an extremely invasive system for keeping tabs on infected persons that ties together card payments, location, public transport, CCTV and immigration data. Local governments made that data public that caused damage to both individuals and cafes they had visited. It is clear that every country chooses its own measures. We have had more time to learn from others’ experience in Europe and to create more private solutions.
Systems sporting a stronger aspect of state control have also been developed that use similar Bluetooth technology but where the codes are generated by the state that allows for surveillance. Several such countries are about to switch to more private alternatives, largely following announcements by Apple and Google.
Why aren’t all European countries keen on this technology?
Several European countries have wanted to create their own solutions from scratch. There is nothing wrong with that. It would be good if these solutions were compatible to allow for cross-border functionality. The interesting thing here is that solutions that keep privacy intact work together well, with the European Commission already working to facilitate it, while they are more difficult to marry to systems that collect more data as solutions like Estonia’s simply wouldn’t generate any. (France and the U.K. have not come along with the new system and prefer to develop surveillance platforms with a central information system – K. M.)
I hope that timely efforts by scientists will eventually provide us with a solution to match our values in Estonia and Europe. Public health and privacy do not have to be mutually exclusive if we go about it wisely.