The debate over the data storage model of a coronavirus tracing app shows how the German government’s search for digital infection control tools became caught up between public health officials, privacy experts and the US tech industry.
Germany seems in a good position to experiment with opening its economy after the spread of the coronavirus has slowed down. Outside of Asia, it has been one of few countries to receive high marks for deploying widespread testing for the virus early on. When it comes to the use of digital tools to supplement the physical infection-control infrastructure, Germany does not lead the pack.
The German government has now tasked Deutsche Telekom and SAP with developing a digital contact-tracing tool – but only after an intense battle over its preferred architecture, in which a lot of public confidence and support has been lost. The question of how an app should be designed to be effective and protect its users’ privacy deserves thorough consideration. Yet the German debate has suffered from lack of transparency and confusing signals by the Merkel administration, which found itself pulled in different directions between public health officials, privacy experts and the US tech industry.
Berlin has toyed with just about every possible digital solution to detect infections and protect the population. A vast number of apps and e-health applications have been developed at rapid speed over the past few weeks – several of them triggering intense debates over their potentials and privacy concerns.
In mid-March, German Federal Health Minister Jens Spahn had to withdraw his proposal to use personal cell phone location data to track the pandemic after it was criticized as a disproportionate infringement of civil rights. Germany’s mobile phone providers had so far only agreed to share aggregated and anonymized location data with the government. A month later, he announced the development of yet another corona app, the ‘quarantine app’, that aims to support health authorities to oversee quarantine – again raising concerns over surveillance. The image of an app introduced by Germany’s public health institute, the Robert Koch Institute (RKI), which uses voluntarily provided fitness data to find undetected sources of infection, has suffered after a report by the Chaos Computer Club pointed out delays in the pseudonymization of personal data.
Contact tracing: centralized or decentralized?
Among all these disputes, the German and European dispute over the design of a “contact tracing app” stands out. Contact or proximity tracing differs from tracking apps that are being used in China, South Korea or Israel: tracing apps only register encounters between smartphones while neglecting information about their geographic location. When the devices come within the range of a few meters, they exchange randomly generated and constantly changing identification numbers via Bluetooth. If a user tests positive for the Coronavirus, his or her phone’s identification number is sent to the smartphone of each person he or she encountered over the past 14 days.
The German government supported the work of a consortium of European scientific institutions and private companies, which presented the so-called PEPP-PT (Pan-European Privacy-Preserving Proximity Tracing Initiative) software architecture that would enable tracing of infection chains by using Bluetooth Low Energy technology. By mid-April, an open dispute broke out within the PEPP-PT team over the question whether the anonymous IDs of individual app users should be stored on a central server (central solution) or only on the respective smartphones (decentralized solution). It turned out that a few European governments, including Germany, France and the UK, favoured a central solution supposing a central data storage would be necessary to facilitate the tracing of the pandemic’s spread.
On the other side, more than 300 scientists and several civil society organizations as well as a sizeable group of European policy-makers supported the decentralized version DP3T (Decentralized Privacy-Preserving Proximity Tracing) by a Swiss-led team, fearing the central solution could transform the apps into surveillance tools. Support for the central solution was further undermined in Germany when the German Federal Office for Information Security (BSI) found 49 errors in the centralized version of the Android app of PEPP-PT. On April 26, the German government gave up its previous preference for a centralized architecture and decided to implement the decentralized solution (possibly switching to the DP3T concept). In a joint statement Health Minister Spahn and Head of Chancellery and Minister for Special Affairs Helge Braun stated that their “goal is for the tracing app to be ready for use very soon and with strong acceptance from the public and civil society”.
A win for Big Tech or civil society?
Critics argue that the main reason for the about-face had not been pressure from civil society, but from Google and Apple, revealing an alarming dependence on Big Tech by a government. The two leading technology companies, which have a market share of 99 percent in Germany, are developing an application programming interface (API) for corona apps based on the decentralized standard. A failed attempt by states such as France to urge Google and Apple to provide a centralized standard illustrated once again the power of the two tech giants to set global standards.
The success of the German app, whose development is expected to take several weeks, will depend on its quality and its acceptance among citizens. In a survey from mid-April, 56 per cent of Germans polled said they would use the tracing app – slightly under the 60 per cent adoption threshold for such apps to be effective. The German government now aims to win trust by ensuring transparency about its data collection efforts. Whereas data from the contact-tracing app will only be stored on individual devices, users can decide whether they would like to provide additional information (pseudonymized data) for health research purposes.
The controversial discussion about the tracing apps, the failed attempt to transfer personal cell phone data, and privacy issues may have had a value in raising public awareness of the trade-offs at stake. Germany’s Health Minister Spahn, however, is walking a fine line with his proposal to introduce yet another app to oversee quarantine. The technical details of this plan have not been communicated – creating a new transparency gap and setting the stage for another gamble with public trust.