Discover and read the best of Twitter Threads about #DP3T

Most recents (24)

The Swiss government released its SwissCovid contact tracing app yesterday. swissinfo.ch/eng/switzerlan… As many of our users have noted, the app’s use of Bluetooth makes you vulnerable to Google location tracking. Here's our perspective, as Switzerland's largest privacy company: 1/8
Switzerland’s app lets people infected with COVID-19 anonymously notify people they’ve been in contact with that they may also have contracted the virus. These people can then quarantine themselves, preventing further transmission of the disease. 2/8
SwissCovid uses the #DP3T protocol, which keeps all sensitive data stored locally on the users' device. Overall, the protocol is not too bad as we have explained here: protonmail.com/blog/privacy-c… However, it doesn't mitigate the privacy issues inherent to Android and Google. 3/8
Read 8 tweets
El Gobierno aprueba el desarrollo del piloto de la app de alerta de contactos por #COVID19 en La Gomera

🗓️ Arrancará a partir del 29 de junio
⏱️ Se probará durante 15 días
💭 Con los resultados se decidirá si se implanta a nivel nacional

🔗 bit.ly/mineco_app_Gom…
Los objetivos del piloto:

📏 Calibrar el funcionamiento del sistema de notificaciones

👍🏻 Comprobar su utilidad

📄 Evaluar la usabilidad del diseño

👌🏻 Garantizar un desarrollo escalable al resto del territorio nacional
La privacidad está garantizada:

✅ Usa bluetooth, nunca GPS

✅ Modelo descentralizado basado en el protocolo #DP3T, el más garantista

✅ Todo se ejecuta en el móvil, no sale ningún dato

✅ Uso voluntario

✅ El ciudadano decide si quiere alertar si es diagnosticado positivo
Read 5 tweets
@MiaD A4: The dichotomy between privacy and patient protection is a false one! The goal should be to achieve better public health by making data privacy a leading principle on the development of technical responses to #Covid_19 (1/5) #HearTheGermanTalking #GDPR
#AIEthics #TwitterChat
@MiaD The use of tracking tools must always be voluntary. Therefore, to succeed, contact tracing programs require that people trust the technology and the institutions building them. #Privacybydesign is needed to build this trust. (2/5)
#AIEthics #TwitterChat
@MiaD In Germany we now have an agreement against a central database with identities & location data and for voluntary use. + a very active public debate on the pros and cons of a centralized versus a decentralized storage of data. (3/5) #AIEthics #TwitterChat
Read 6 tweets
@MiaD @CummingsRenee A1: Like @CummingsRenee said, countries around the globe are developing a wide array of digital tools to combat #COVID__19. I'd like to start by categorizing the different approaches as a basis for our discussion: (1/5)
#AIEthics #Twitterchat
@MiaD @CummingsRenee Digital technologies are used to...
1) better understand #COVID__19 and speed up the development of medical treatments and immunization
2) track the (global) spread of the virus (i.e. the German Corona Data Donation App by @rki_de)
(2/5)
#AIEthics #TwitterChat
@MiaD @CummingsRenee @rki_de 3) limit the spread of infection by tracking movements, informing people about contacts with infected people (in Europe known as: #PeppPT #DP3T)
4) monitoring people in quarantine
(3/5)
#AIEThics #TwitterChat
Read 5 tweets
¿Es posible parar el #COVIDー19 sin comprometer la privacidad de los ciudadanos? ¡Sí, gracias a los estándares abiertos y al software libre!

Este cómic nos lo cuenta: ¡dentro hilo!

Más info: github.com/DP-3T/documents
#dp3t @OSLUGR @CanalUGR @ETSIIT_UGR @fcienciasugr
Read 7 tweets
Let’s go through Matt Hancock’s letter to @HarrietHarman @HumanRightsCtte on the NHSX app and take a closer look at some of these statements 1/
While any data collected *by* the user’s smartphone will not be shared, in centralised systems, other people share your identifiable data. All your broadcasts look like the same single device ID to the Gov. Other people upload their contacts with you, without consent.
In decentralised system, data observed abt others NEVER leaves ANYONE’S phone, ever. The reason Hancock can say data never leaves your device without your consent is because it doesn’t need to — it leaves the phone of people who have seen you, without your consent instead!
Read 11 tweets
this thread is about digital data ethics, an emerging field of a consulting practise, partly academic, partly journalistic, and in urgent need for a close critical reading.
at first we have a division of labour: a) the IT sector, the developers, project managers, UI designers etc. vs b) the ethical boards, the IT journalists, sociologists, experts claiming to represent the public interests. only a very small percentage has overlapping skillsets.
while developers and designers often lack the scope and skillset fuzzily described as "social awareness", ignoring entire areas of real word problems, and the full social impact and side effects of their products, their methods are called "agile" today, incremental, step by step.
Read 33 tweets
Our opinion on tech responses to #COVIDー19 is released today. Myself, @mryderqc and Eddie Craven of @matrixchambers and @gsarathy1 of @BlackstoneChbrs considered the human rights impacts of UK's gov proposals.

Opinion is here: awo.agency/covid-19-legal…

Thread on our findings:
1. Contact tracing - centralised system would require significantly greater justification to be lawful. That justification has not yet been forthcoming. In contrast, a decentralised system like #DP3T would be likely to comply with both human rights and data protection laws.
2. The UK Government’s proposals for sharing health data between the private and public sector appear to be flawed and likely unlawful. Further information needs to be provided to ensure legal compliance, inc responding to @Foxglovelegal's FOIA
Read 4 tweets
French digitisation minister doubles down on centralisation (claiming #DP3T poses risk of users learning test status while playing down that this also trivial to do in French proposal)

However, we agree on one thing which the UK does not: triggering a risk should require a test. Image
#DP3T has many safeguards, with our v3 not sending 'lists of positive identifiers' out (using cuckoo filters) and using secret sharing stopping drive-by/distance nabbing.

Centralised systems conversely much more vulnerable to targeting someone to send to quarantine (unmentioned)
Furthermore, centralised systems just a small code change away from creating registration, persistant identifiers, traffic light risk certificates: as the server, not your phone, creates your identifiers. Function creep beyond proximity tracing awaits, we are trying to warn you
Read 3 tweets
#DP3T has been working with @idestavocats to produce a model Data Protection Impact Assessment to inform the work of anyone implementing the decentralised contact tracing protocol. At 18k words and 52 pages, it's no quick read, but we hope it is useful. github.com/DP-3T/document… Image
Please note this is a model DPIA to help the community, not a DPIA of an actual processing operation. As such, parts of it are deliberately open-ended, particularly because national law will matter in many contexts, and different lawful bases can be chosen.
It is also published under a Creative Commons license.
Read 3 tweets
We're just about to kick off our webinar on the data governance of #ContactTracingApp. Discussing centralised/decentralised approaches and what they mean for the present and future of health and privacy.
We'll tweet some key points in this thread

adalovelaceinstitute.org/contact-tracin…

#COVID
We have three key questions to discuss on #ContactTracingApp, they focus on:
1- Efficacy of the Apps
2-Legal and Technical safeguards, policy instruments
3-Public Trust, you can't have public trust without guaranteed efficacy and safeguards
First up, @rossjanderson underlines that it is key to know what will happen to all the data after the emergency, also the data collected through conventional manual methods and it is concerning that we do not have the right legal safeguards in place.
Read 11 tweets
Was surprised by @ChristoPhraser in @CommonsSTC stating decentralised contact tracing systems cannot be tuned. #DP3T developed closely w epidemiologists, data on proximity/duration provided w/ consent to epis when someone tests +ve to indicate if alert was over/under sensitive. Image
All of the data Fraser suggests in that passage to estimate such proportions can be provided anonynously with consent for research in #DP3T without centralising the social graph. Parliamentary session: parliamentlive.tv/Event/Index/2b…
We can also update the local matching risk algorithm extremely easily and with agility — even daily, with the daily download of identifiers.
Read 3 tweets
1/ #StopCovid "Y'a un tel enjeu sanitaire que je ne vois pas Apple & Google, qui prennent en otage les États, opposer aux autorités sanitaires que non, pas question de toucher au Bluetooth à cause de la batterie. Mais si demain c'est mort-né, ben c'est pas grave", dixit @Aymeril
2/ Sauf que...:
. il n'y a pas qu'Apple à bloquer le Bluetooth en tâche de fond, tout plein d'Android le font aussi : dontkillmyapp.com
. ce n'est pas que pour épargner la batterie, c'est aussi pour éviter que d'autres app' utilisent le Bluetooth pour surveiller les gens.
3/ #StopCovid ne servira donc à rien avec les iPhone et Android qui bloquent le Bluetooth en arrière-plan, et @Aymeril le reconnaît dans l'itw; la question est : pourquoi ne pas l'avoir intégré dès le début dans le cahier des charges, alors qu'on le savait grâce à TraceTogether ?
Read 13 tweets
COMPARE AND CONTRAST

1 — The headline and spin: “Surveillance a price worth paying to beat coronavirus, says Blair thinktank”

theguardian.com/world/2020/apr…
2 — The detail from the report

institute.global/policy/price-w…

“Getting most people who have a smartphone to use an app will be much more viable if it is easy to use and if people understand what data is being used and how it will be protected.” Image
It’s almost as if Tone can’t bring himself to say that privacy matters.

But the @InstituteGC report spells out that it really does.

Fill in your own explanation for this disjunct.
Read 4 tweets
Despite this evidence, will the UK push ahead with an app that will not work on iPhones — which has devastated adoption in Singapore — when working decentralised ones, which allow all types of risk scoring and statistical learning over time, are available open source like #DP3T?
For those that remember, this strategy was also happened (and failed) when the Home Office attempted unsuccessfully to mount a charge against Apple over the Settled Status app accessing NFC, only to have to wait until mid-late 2019 until every developer got NFC access.
If there are particular evidence-based reasons why a centralised app is needed, they should be published for academic scrutiny, as we at #DP3T do not know any, and can very, very likely implement them in a truly privacy by design way.
Read 3 tweets
Considerable coverage of the open letter from 300+ scientists regarding the problems with centralised Bluetooth tracking such as PEPP-PT, given alternatives such as #DP3T. German media in particular: this from Welt with commentary by @privacy__ninja welt.de/politik/deutsc…
This in Tagesspiegel with @marcelsalathe noting that a whole social graph is of little rigorous use to epidemiologists. tagesspiegel.de/wissen/welche-…
Read 10 tweets
Irritierend:

Die Gesellschaft für Freiheitsrechte (@freiheitsrechte, deren Fördermitglied ich noch bin) scheint #PeppPt unbeirrt weiter zu unterstützen und hält damit ein Corona Tracking Framework für "vielversprechend", das...
(Thread)
freiheitsrechte.org/corona-und-gru… Image
a) nach allem, was aktuell bekannt ist, den Betreibern der zentralen Server erhebliche Überwachungsmacht anvertraut, indem es nachvollziehbar macht, wer wen wann getroffen hat. Für rechtsstaatsferne Mitgliedsstaaten der EU ein feuchter Kontrolltraum.
b) das trotz (oder gerade wegen?) dieser Schwäche das Risiko von Missbrauch der Infrastruktur durch "rogue states" schlicht als "out of scope" in ihrem "data protection assessment" ignorieren:

github.com/pepp-pt/pepp-p…
Read 5 tweets
We have published a #DP3T paper analysing the document PEPP-PT released yesterday on its NTK protocol, following the events of the last few days. We are very concerned by the potential for misuse of this system. Our conclusion, and a thread. 1/n github.com/DP-3T/document…
The protocol allows the server to track both uninfected and infected people across time. If the same person walks past two different Bluetooth recievers, the server knows. Install one at passport control? CCTV? Or just put a registration form in the app.
Users might think their IDs are random, but hidden tags can be introduced into them which make individuals emit a characteristic. These tags can be demographic (eg profiling) or can be individualised to allow long term tracking by third parties w/o access to the back-end server.
Read 8 tweets
Da mich die Entwicklung von @PeppPt für bedenklich halte hier ein Thread: @PeppPt ist gestartet worden um Experten zusammen zu bringen und eine Corona Tracing App zu entwickeln. Da dies datenschutzrechtlich heikel ist sollte Transparenz oberstes Gebot sein. #DP3T #pepppt
Leider hat #pepppt keine transparenten Prozess, der Code ist nicht einsehbar, das Team offensichtlich gespalten. Anfangs war #DP3T noch als dezentraler Ansatz gelistet, wurde diese Woche aber ohne Kommentar gelöscht. @marcelsalathe verließ gestern #pepppt
Aufgrund mangelnder Transparenz, und vor allem weil #pepppt einen ausschließlich zentralisierten Ansatz verfolgt, welcher technisch nicht nötig ist und Datenschutznachteile hat @boosc reagierte im Tagesspiegel: tagesspiegel.de/wirtschaft/ent…
Read 18 tweets
Official PEPP-PT severance notice from ETH Zürich, following PEPP-PT's failure to publish *any* documents or protocol, as they promised yesterday to governments and the press. Is this a Theranos moment? 1/n
A group of MEPs, including @SophieintVeld @karmel80, yesterday in a letter demanded Hans Christian Boos explain to whom he has circulated private protocols, why they are not public for scrutiny, what the organisation's statute is, and if he has trademarked the PEPP-PT name.
The UK's Information Commissioner's office released a report noting that #DP3T represented a high standard of data protection by design. Regulators are of course unable to release reports on PEPP-PT, as no protocol is available for academics to examine.
Read 14 tweets
It is midnight across Europe. PEPP-PT promised today to governments and the press that ‘all’ documents would be online now. Nothing is. A doc w/ 5 pages of content, 6 sentences on privacy was momentarily uploaded then deleted: mirrored here nadim.computer/posts/res/pdf/… by @kaepora.
Boos told German media that he is not releasing code until it is security checked. #DP3T also made sure we had solid code before releasing. But that logic *does not apply* to a protocol. Protocols are more secure by releasing them to peer review, and less secure through secrecy.
Furthermore, they claim to be doing tests with governments. On insecure code? Good enough for governments, but not for public scrutiny?
Read 4 tweets
To contact trace, or not to contact trace, that is the question many governments are asking themselves at the moment

But will #contact_tracing really work in our battle against #COVID19?

Let me tell you why contact tracing efforts are bound to fail ...

1/n
Recently there has been a lot of attention on contact tracing as an intervention to fight #COVID19

Various frameworks have been proposed with #DP3T, a decentralized approach looking to win out

2/n
The #DP3T approach has been adopted by tech behemoths Google & Apple and even the European Data Protection Board @EU_EDPB has said that this is a viable option

edpb.europa.eu/our-work-tools…

3/n
Read 18 tweets
In un momento in cui sarebbe necessaria la massima trasparenza, l’Italia sceglie la soluzione di #ContactTracing digitale più opaca, di cui non è disponibile un whitepaper e sul tavolo già prima della fast call. È legittimo chiedersi a cosa siano serviti bando e task force.
1/
Dell'app conosciamo troppe poche cose per poter fare una valutazione.
Dall'Ordinanza del Commissario Straordinario emerge "la conformità al modello europeo delineato dal Consorzio PEPP-PT e per le garanzie che offre per il rispetto della privacy".
governo.it/sites/new.gove…
2/
La cosa non è molto rassicurante, considerato il recente cambio di rotta del progetto PEPP-PT: a quanto pare è stato rimosso l'approccio decentralizzato #DP3T.
Le accuse di @mikarv sono molto forti, in due parole "un cavallo di troia".
h/t @Clodo76
3/

Read 5 tweets
More #DP3T open-source code for truly privacy-preserving, decentralised Bluetooth contact tracing. Today, our i'national consortium releases alpha Android/iOS apps on GitHub for the world to test & improve. Please do!

Android: github.com/DP-3T/dp3t-app…
iOS: github.com/DP-3T/dp3t-app… ImageImage
- 2 wks ago we released v1 of the protocol. Several versions since making improvements and responding to comments.
- Earlier this week we released SDKs, backend
- Today we release alpha open-source apps.

Even if centralised systems end up open source: where was/is the protocol?
PS: yes, from May this does work with your iPhone screen off. 🙃, your phone locked and safe from thieves.
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!