The people behind ProtonMail, a secure email service provider, have analysed the apps being used around the world to try to combat Covid-19 bu identifying personal contact information.
Commenting on the technology behind the app used in Australia, they say that is based on a centralised server which can access more data than needed.
“The Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) and BlueTrace protocols rely on Bluetooth to send and receive temporary ID codes to log encounters between individuals.
“They also are open source, minimize the amount of data collected, and do not collect geo-location data.
“However, PEPP-PT and BlueTrace rely on a centralized server to generate the temporary ID codes, which an analysis from the DP-3T developers claims could let the server identify the individual behind any temporary code and trace their movements.
“PEPP-PT and BlueTrace also rely on centralized report processing. If you test positive for COVID-19 and you are using one of these apps, you must upload your entire contact log to a central server. The central server then matches your log to the contact details of everyone you encountered and sends out a warning.”
“While this does allow health professionals to verify encounters, which can reduce the number of false positives, this creates a massive database that can be exploited or abused.
“Moreover, whoever operates this database has access to far more data than is needed to prevent the spread of the virus..” ProtonMail says.
Countries that have adopted or support apps that use PEPP-PT or BlueTrace (or a similar protocol that uses centralized report processing) include:
- New Zealand
“While apps built on protocols that use centralized report processing are not ideal from a privacy standpoint, they could still prove useful in slowing the spread of the virus,” the company says.
“It is possible, if there are strong data protection policies and good governance in place, for a contact tracing program to respect privacy and use these apps.”
Read the full article: https://tinyurl.com/y9djqmbs
The post Security firm questions Covid app used in Australia appeared first on Civil Liberties Australia.