Profile picture
, 8 tweets, 4 min read
My Authors
Read all threads
We have published a #DP3T paper analysing the document PEPP-PT released yesterday on its NTK protocol, following the events of the last few days. We are very concerned by the potential for misuse of this system. Our conclusion, and a thread. 1/n github.com/DP-3T/document…
The protocol allows the server to track both uninfected and infected people across time. If the same person walks past two different Bluetooth recievers, the server knows. Install one at passport control? CCTV? Or just put a registration form in the app.
Users might think their IDs are random, but hidden tags can be introduced into them which make individuals emit a characteristic. These tags can be demographic (eg profiling) or can be individualised to allow long term tracking by third parties w/o access to the back-end server.
We emphasise the fundamental attack on ALL such contract tracing systems, where a determined tech-savvy, pre-motivated user can identify if someone was infected or not. Centralisation does not prevent this. In DP-3T however, secret sharing means you need 10-15 mins with them.
If you capture a famous person's broadcast identifier (or download it from an online list!) you can force their phone to tell them they are at risk. In DP-3T, you never upload anyone else's identifiers, so this attack does not work.
PEPP-PT do not discuss that iPhones will need to be unlocked, screen on to use the app. The number of phone users that have their phone stolen in a year is between 1-2%, from our research. It will now be stolen unlocked. Law enforcement will also receive it unlocked.
Critically, the centralised approach, by design, leaks the social graph of uninfected and infected people, revealing clusters of friends, family, employees, political, social and trade union gatherings, and more. This is the fabric of our societies. In DP-3T, this cannot be done.
These possibilities for function creep concern me greatly. In #DP3T, we sought to design them out. Your phone generates the random ID, you're not given it. You never upload what you see. The server never learns the graph. All this is not necessary. Why is PEPP-PT pushing it?
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Michael Veale

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#DP3T

More from @mikarv see all

Profile picture
Michael Veale
@mikarv
Official PEPP-PT severance notice from ETH Zürich, following PEPP-PT's failure to publish *any* documents or protocol, as they promised yesterday to governments and the press. Is this a Theranos moment? 1/n
A group of MEPs, including @SophieintVeld @karmel80, yesterday in a letter demanded Hans Christian Boos explain to whom he has circulated private protocols, why they are not public for scrutiny, what the organisation's statute is, and if he has trademarked the PEPP-PT name.
The UK's Information Commissioner's office released a report noting that #DP3T represented a high standard of data protection by design. Regulators are of course unable to release reports on PEPP-PT, as no protocol is available for academics to examine.
Read 14 tweets
Profile picture
Michael Veale
@mikarv
Remember this? PEPP-PT has (without notice) removed #DP3T's decentralised, privacy-preserving approach from its site. PEPP-PT stands now ONLY for an intransparent, unpublished centralised database of Bluetooth social graph data, prone to leakage and function creep.
PEPP-PT now represents closed industrial interests.
PEPP-PT now represents an attempt to get Apple to lower its device-level privacy protections.
PEPP-PT now represents an attempt to deliberately blur #DP3T with a centralised database to enhance its credibility.
Reports that PEPP-PT now stand #DP3T up at meetings are true. Reports that PEPP-PT do not include #DP3T partners in communications are true.

PEPP-PT is now only a centralised protocol, internally called PNTK, which ppl will not trust. Perhaps it stands for "People Need To Know".
Read 7 tweets
Profile picture
Michael Veale
@mikarv
You wanted open source privacy-preserving Bluetooth contact tracing code? #DP3T software development kits/calibration apps for iOS and Android, and backend server, now on GitHub. iOS/Android apps with nice interface to follow. github.com/DP-3T
How it works (comic version)
How it works (srs bsns version) github.com/DP-3T/documents
Read 5 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!