Official PEPP-PT severance notice from ETH Zürich, following PEPP-PT's failure to publish *any* documents or protocol, as they promised yesterday to governments and the press. Is this a Theranos moment? 1/n
A group of MEPs, including @SophieintVeld @karmel80, yesterday in a letter demanded Hans Christian Boos explain to whom he has circulated private protocols, why they are not public for scrutiny, what the organisation's statute is, and if he has trademarked the PEPP-PT name. 
The UK's Information Commissioner's office released a report noting that #DP3T represented a high standard of data protection by design. Regulators are of course unable to release reports on PEPP-PT, as no protocol is available for academics to examine.
The European Parliament this week passed, by overwhelming majority of 395 against 171, a motion which demands decentralisation of COVID-19 tracking apps, publishing of code and revealing of all corporate interests. europarl.europa.eu/doceo/document…
The European Data Protection Board 'underlined' (a strong word for an org reluctant to take policy stances) that the decentralised approach to COVID tracking is the one in line with data minimisation, arguably the core principle of the entire GDPR edpb.europa.eu/our-work-tools…
In the PEPP-PT press conference organised by crisis PR company Hering Schuppener, Thomas Wiegand claimed that 'open discussion' was a 'side show' which might 'destroy our ability to get European out of this'. techcrunch.com/2020/04/17/eur…
After this, Hans Christian Boos issued what sounded like a threat to Apple, that if they did not let PEPP-PT reduce iPhones' privacy features to create an (unnecessary) centralised databases, they would ensure 'government ministers' would 'blow up [in the company's] face'.
PEPP-PT also produced inflated names and numbers of countries that had signed up to their vapourware protocol, as several of those listed the DP3T team know are actually busy building the DP3T system, in part because, unlike PEPP-PT, they know it will work for those with iPhones.
Indeed, Spiegel in Germany reports that PEPP-PT has not even tested on iPhones. spiegel.de/netzwelt/apps/…
In various media, PEPP-PT spokespeople have misrepresented decentralised systems, claiming they cannot provide analysis to epidemiologists, which is simply untrue — #DP3T was closely designed with epidemioloigists to also provide them with the analysis and data they need.
PEPP-PT then uploaded a 7 page document, only 5 of which had content, with 6 sentences about privacy, which called itself a high level description of its (People/PEPP-PT) "Need to Know" Protocol (PNTK). They deleted it immediately. It is mirrored here. nadim.computer/posts/2020-04-…
No documents and protocol have been released. Some excuses have been made that releasing insecure code would be bad (although open source community could of course improve). But protocols do not improve in a dark cupboard. They become more secure only with sunlight.
A core rule of cryptography is that security by obscurity does not work. Assume attackers know you protocol. It's called Kerckhoff's Principle. Boos and PEPP-PT's principles seem to work very differently. en.wikipedia.org/wiki/Kerckhoff…
Meanwhile, on a happier note, #DP3T has working apps, totally open sourced, and is several versions of its protocol in. Come help us scrutinise and improve! github.com/DP-3T/documents
