It is designed to track down chains of infection while protecting data – and is dependent on the goodwill of US companies: The most important answers to the planned corona tracing app.
In the night of Sunday, a bitter dispute over the direction ended. The federal government is now opting for a decentralized solution for the planned anti-corona app after having stubbornly stuck to a model with a central server. Opposition politicians, network activists and scientists praise the change of course. However, questions remain unanswered. The most important answers at a glance.
How should the app work?
While countries like China, South Korea or Israel use excessive tracking, the German app is based on tracing. One letter makes a decisive difference: instead of monitoring people by the state, tracing apps only save which devices come within two meters of each other for at least 15 minutes. This contact diary initially remains locally on the smartphone. Those who test positive for Covid-19 can release the data. Then contact persons automatically receive a push message asking them to be tested. The app does not save personal data, but is based on randomly generated, pseudonymous IDs. This is intended to protect privacy and ensure the greatest possible anonymity.
How do they differ Approaches?
With the decentralized model, users only transfer the key of their own smartphone to a server. Other devices regularly check this list and check whether one of the IDs appears in their contact diary. The central solution stores the contact person’s IDs in a database. The advantage: epidemiologists can use the information to gain knowledge about the virus. The disadvantage: users must trust the operator of the server to protect the data from possible attacks and not to misuse it.
Why was the central solution so controversial?
Critics see this as a threat to privacy. Last week, 300 scientists warned of “unprecedented surveillance”. In another open letter, six network associations and associations joined. Supporters of the DP-3T initiative, which takes a decentralized approach, also accuse the competing Pepp-PT project of lacking transparency. “With an app that collects sensitive data from millions of people, development must not take place behind closed doors,” says Tibor Jager, professor for IT security at the University of Wuppertal.
The judge and fundamental rights activist Ulf Buermeyer fears that the public dispute has harmed the matter. “We are in front of a pile of broken glass,” he says. The heated discussion could have unsettled people, so they no longer install the app. “As a society, we have to ask ourselves whether we have won a Pyrrhic victory for data protection at the expense of public health.”
What made you decide?
In addition to the massive public criticism, Thorsten Holz sees a second important reason: “Apple has blocked a central solution,” says the professor, who heads the system security department at the Ruhr University in Bochum. “As long as they don’t give in, Pepp-PT has a problem.” Apple and Google develop the mobile operating systems iOS and Android and only support decentralized approaches. You do not want to open the necessary interfaces for models with a central server. Negotiations say that the blockade by Apple is largely responsible for Pepp-PT not being able to present a finished app for weeks.
“Regardless of the outcome, this type of decision-making is problematic,” says Buermeyer. Germany had placed itself in questionable dependence on US companies. “Apparently, Apple and Google trust a lot more than the Robert Koch Institute or the Federal Office for Information Security.” IT professor Holz believes that the two companies have to have a certain level of trust anyway: “If they want, they could tap completely different data,” he says. “In addition, security researchers will analyze the interfaces very carefully and make sure that Apple and Google don’t read anything that concerns them.”
How reliable does the app warn?
The developers want to determine the distance between two devices using the Bluetooth Low Energy (BLE) radio standard. The problem: BLE was not developed for this, so the distance is estimated rather than measured. The signal strength differs depending on the smartphone model; the cell phone works differently in the hand than in the pocket. In addition, panes of glass, walls and other obstacles can affect the result. If the app warns too rarely, it does nothing. If too many push messages arrive, users will no longer take them seriously at some point. “The research team at Pepp-PT did a lot with the Bluetooth calibration,” says Thorsten Holz. “We are at the forefront in Germany. I hope that these findings will be incorporated into the work on the decentralized solution.”
When can you expect an app?
In the course of April, appointments were mentioned several times and rejected. Forecasts are correspondingly difficult. Most researchers expect the app to be ready in mid-May. There are only two things clear: First, an app is not a panacea. Technology alone cannot stop the pandemic, it is at most one of many building blocks. Second, trust is required so that as many people as possible install the app – otherwise it is useless. “Now you need a culture of app installations,” says Buermeyer. “Just like we do with masks: those who wear one act in solidarity and protect from others.”
Corona virus in the US: Ask our US correspondent:Readers’ discussion