Let's do an English thread on the French (and EU) Health Pass.

It launches tomorrow (mandatory for large events), and is very similar to the EU Digital COVID Certificate. However the implementation is a privacy nightmare: a central server gets a live view of who uses their pass!
The digital pass follows the structure of a dumb paper certificate, with identity info, COVID data (vaccine or PCR), and a digital signature by an authority. The digital signature is more secure that paper, but we have to trust all the doctors who enter COVID data in the system.
The problem is that the official verification app uses a central server to validate the signature: the app sends the whole data, and the server answers whether the user is COVID-safe. This makes no sense cryptographically, but I guess it isn't written down explicitly in the spec.
The central server is run by a gouvernement-owned company that is not supposed to see the health data. In addition, they get metada: they know *who* uses their pass, *when*, and they can even infer infer the *location* from the IP of the verifier.
In addition they use a CDN with Akamai. So a third-party answering to US regulations likely has access to all this data. All the talk about about sovereignty and independence from GAFAM was clearly a red herring.
The normal way to verify the signature would be do it locally on the verification device. That's the whole point of using signatures, rather than making online COVID queries! With a local verification, only organisers and attendees known who was at the event.
This is a nice illustration of the privacy issues of a Health Pass. The 2D code contains plaintext health data (vaccine date, nb. of shots), and we don't know what the verifier will do with it. In France, the shot date allows to infer more data, such as comorbidity or pregnancy.
The system is not privacy-preserving, but alternative were possible. For instance, we could distribute daily codes (3 for a negative PCR, hundreds for a vaccine), with only a single bit health info "COVID-safe". This scheme is cumbersome on paper, but easy in a digital wallet.
We can regulate the offical app, and EU rules take this particular problem into account. But there is no guarantee that the verifier is not using a third-party app. And this French example shows that even the official app can get it very wrong.
Given this example, I now believe that the EU Digital COVID Certificate will do more harm than good. Fraud on paper certificates is probably not very high, and the risk of tracking is much lower if the data is read by a human.
The bug was found by reverse engineering (the app is closed source) while the privacy policy claims no data is sent, and the minister was praising its privacy. Privacy watchdog CNIL had very little time to evaluate the proposal, and probably few details.
The ministry has now acknowledged the issue and says that the app will be fixed soon. They say that the central server does not store anything, but the whole point of data minimization is that you don't have to trust such unverifiable statements.
Addendum: the EU Digital COVID Certificate specifications explain how to import a certificate in a wallet app with online queries. This makes no sense: the digital pass should be the same QR-code as the paper one, so the wallet should copy just the data.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Gaëtan Leurent

Gaëtan Leurent Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @cryptosaurus6

3 Jun
StopCovid (aujourd'hui @TousAntiCovid) a été lancé il y a un an, avec des promesses de transparence, un débat parlementaire, un protocole développé par des chercheurs Inria, et la caution scientifique d'Inria et Inserm. Ou en est-on aujourd'hui? ⤵️
Coté efficacité, on a aucune info concrète, seulement des simulations et des modélisations. C'est dommage car d'autres pays font des études, et l'architecture centralisée de @TousAntiCovid mettait la France dans une position privilégiée pour évaluer le traçage Bluetooth!
Pendant ce temps, on a changé plusieurs fois les critères de temps/distance, mais sans évaluation de la pertinence des alertes, c'est du pilotage en aveugle...
Read 8 tweets
13 Oct 20
Comme le gouvernement cherche des idées pour relancer StopCovid, je voudrais proposer un nouveau modèle d'appli. Au lieu d'être centralisé ou décentralisé, LotoCovid est offline, et ne collecte aucune donnée personnelle. C'est plus sûr que StopCovid, et tout aussi efficace!
1⃣ Sécurité. Il y a deux types d'attaques contre les applis de traçage Bluetooth:
•Attaque paparazzi pour savoir si quelqu'un est malade
•Injection de fausse alerte pour mettre quelqu'un en quarantaine
☑️ Avec LotoCovid, zéro données perso, zéro attaque!
2⃣ Efficacité. Il y a deux mesures importantes:
🅰️Nombre d'alertes envoyées
🅱️Proportion des alertes correspondant à des cas positifs
Le gouvernement communique seulement sur 🅰️: StopCovid a envoyé 472 alertes.
☑️ LotoCovid peut envoyer des millions d'alertes par mois!
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!