Let's do an English thread on the French (and EU) Health Pass.
It launches tomorrow (mandatory for large events), and is very similar to the EU Digital COVID Certificate. However the implementation is a privacy nightmare: a central server gets a live view of who uses their pass!
The digital pass follows the structure of a dumb paper certificate, with identity info, COVID data (vaccine or PCR), and a digital signature by an authority. The digital signature is more secure that paper, but we have to trust all the doctors who enter COVID data in the system.
The problem is that the official verification app uses a central server to validate the signature: the app sends the whole data, and the server answers whether the user is COVID-safe. This makes no sense cryptographically, but I guess it isn't written down explicitly in the spec.
The central server is run by a gouvernement-owned company that is not supposed to see the health data. In addition, they get metada: they know *who* uses their pass, *when*, and they can even infer infer the *location* from the IP of the verifier.
In addition they use a CDN with Akamai. So a third-party answering to US regulations likely has access to all this data. All the talk about about sovereignty and independence from GAFAM was clearly a red herring.
The normal way to verify the signature would be do it locally on the verification device. That's the whole point of using signatures, rather than making online COVID queries! With a local verification, only organisers and attendees known who was at the event.
This is a nice illustration of the privacy issues of a Health Pass. The 2D code contains plaintext health data (vaccine date, nb. of shots), and we don't know what the verifier will do with it. In France, the shot date allows to infer more data, such as comorbidity or pregnancy.
The system is not privacy-preserving, but alternative were possible. For instance, we could distribute daily codes (3 for a negative PCR, hundreds for a vaccine), with only a single bit health info "COVID-safe". This scheme is cumbersome on paper, but easy in a digital wallet.
We can regulate the offical app, and EU rules take this particular problem into account. But there is no guarantee that the verifier is not using a third-party app. And this French example shows that even the official app can get it very wrong.
Given this example, I now believe that the EU Digital COVID Certificate will do more harm than good. Fraud on paper certificates is probably not very high, and the risk of tracking is much lower if the data is read by a human.
The bug was found by reverse engineering (the app is closed source) while the privacy policy claims no data is sent, and the minister was praising its privacy. Privacy watchdog CNIL had very little time to evaluate the proposal, and probably few details.
The ministry has now acknowledged the issue and says that the app will be fixed soon. They say that the central server does not store anything, but the whole point of data minimization is that you don't have to trust such unverifiable statements.
Addendum: the EU Digital COVID Certificate specifications explain how to import a certificate in a wallet app with online queries. This makes no sense: the digital pass should be the same QR-code as the paper one, so the wallet should copy just the data.
StopCovid (aujourd'hui @TousAntiCovid) a été lancé il y a un an, avec des promesses de transparence, un débat parlementaire, un protocole développé par des chercheurs Inria, et la caution scientifique d'Inria et Inserm. Ou en est-on aujourd'hui? ⤵️
Coté efficacité, on a aucune info concrète, seulement des simulations et des modélisations. C'est dommage car d'autres pays font des études, et l'architecture centralisée de @TousAntiCovid mettait la France dans une position privilégiée pour évaluer le traçage Bluetooth!
Pendant ce temps, on a changé plusieurs fois les critères de temps/distance, mais sans évaluation de la pertinence des alertes, c'est du pilotage en aveugle...
Comme le gouvernement cherche des idées pour relancer StopCovid, je voudrais proposer un nouveau modèle d'appli. Au lieu d'être centralisé ou décentralisé, LotoCovid est offline, et ne collecte aucune donnée personnelle. C'est plus sûr que StopCovid, et tout aussi efficace!
⬇️
1⃣ Sécurité. Il y a deux types d'attaques contre les applis de traçage Bluetooth:
•Attaque paparazzi pour savoir si quelqu'un est malade
•Injection de fausse alerte pour mettre quelqu'un en quarantaine
☑️ Avec LotoCovid, zéro données perso, zéro attaque! risques-tracage.fr
2⃣ Efficacité. Il y a deux mesures importantes:
🅰️Nombre d'alertes envoyées
🅱️Proportion des alertes correspondant à des cas positifs
Le gouvernement communique seulement sur 🅰️: StopCovid a envoyé 472 alertes.
☑️ LotoCovid peut envoyer des millions d'alertes par mois!