Dr. Berndt Pilgram (Infineon Technologies) and Dr. Stefan Ried (Cloudflight) in an interview on the opportunities and risks of the new application
The development of a corona app for infection chain tracing during the crisis is currently on everyone’s lips. Google and Apple are working on incorporating a suitable interface into their smartphone operating systems Android and iOS. As part of the Digital Leader Weekly webinar series launched by Cloudflight, Jan Mentel, who plans and moderates the weekly expert round, has sought the discussion of two experts. Dr. Berndt Pilgram, Senior Manager Advanced Analytics at Infineon Technologies, and Dr. Stefan Ried, Principal Analyst and IoT Practice Lead at Cloudflight, will discuss opportunities and risks regarding technology, distribution and security.
JM: Which apps are there in the first place?
SR: Basically, there are three types of corona apps: the “tracing app”, which tracks infection chains, the “data donation app”, which analyzes statistics about people’s state of health – completely anonymously – and so-called “quarantine apps”, which help people to cope with quarantine. In this interview, we will focus on the tracing app as is the most active way to avoid infection and the most sensitive in terms of data protection.
JM: That sounds like it might be difficult for users to find out which app is right for them. Doesn’t it make sense to consolidate all functions in one app?
SR: At first glance that would be convenient, of course. However, I wouldn’t recommend it right now, because the three types of apps mentioned above do very different things. While many citizens would like to “donate” their body temperature to the Robert Koch Institute on a daily basis, the lack of traceability would contradict the purpose of a tracing app.
BP: I can only agree with Stefan and would like to add that with a tracing app it is very important to guarantee anonymity and data security for the citizens. The tracing app does not donate any data at all to central places, which makes it extremely secure. There will be exactly one official tracing app for each country. For Germany, the official site is www.coronawarn.app and there you will find the links to the app stores.
JM: Berndt, you took a closer look at the different technical approaches to prepare Infineon for this. Can you explain to us what the terminology PEPP-PT and DP-3T are all about?
BP: PEPP-PT stands for “Pan-European Privacy-Preserving Proximity Tracing” and was created to develop a European software architecture for corona contact tracing apps. In contrast to the DP-3T, the open “Decentralised Privacy-Preserving Proximity Tracing” with decentralised data storage directly on the smartphone, with PEPP-PT the tracing contacts are stored centrally. The architecture of the German corona app only processes keys or TANs centrally. The entire tracing information (with which other persons or keys the user was in close proximity) is only stored on the smartphone. Geo positions are neither needed nor stored.
JM: Why are these standards only coming now? Couldn’t one have foreseen that?
SR: First of all, I am very glad that we also had a technical discussion in the Ministry of Health and that the Federal Minister of Health Jens Spahn completely abandoned the central approaches, which initially even provided GPS tracking of persons known by name. That would never have found widespread acceptance. Unfortunately, we lost a lot of time. We could have listened to experts years ago, for example from Singapore, after the SARS virus in 2003, or to the Bill & Melinda Gates Foundation, which predicted a global pandemic as one of the greatest threats to humanity. Then the tracing app would have been in the drawer a long time ago. In 2012, there was even a model calculation for an imaginary Mode SARS virus already made by the German government with the support of the RKI. Unfortunately, nobody had drawn a digital conclusion from this either. Hopefully, the whole society will leave the Corona pandemic with a completely different understanding of the digital transformation.
JM: Will the app run immediately on every smartphone?
SR: No, at the moment the corona app will not run directly because Bluetooth functions are suppressed in the background. First of all, an OS update for Android or iOS is required. The beta version of iOS 13.5 suggests the scope of the tracing interface. Older smartphones which do not support the current operating systems will not be able to run the corona app. However, the operating system updates that companies can automatically force on “managed smartphones” will not automatically install the app. This would be a second step.
JM: So Google and Apple are introducing new APIs in their operating systems. Will there then be many different apps to trace?
SR: No, each user can only give permission for COVID Bluetooth tracing to one official app per country. The two manufacturers assume that each country will build exactly one official tracing app. The German government has awarded the development of this corona tracing app to SAP and Deutsche Telekom. This decentralized app is currently being developed in a large open source project (https://github.com/corona-warn-app). Deutsche Telekom, as one of the world’s largest buyers of Apple and various Android smartphones, has a good connection to Google and Apple. However, SAP has experience mainly in B2B backend processes and not exactly in mobile consumer apps. However, SAP has now involved experienced mobile app developers corresponding to agile companies. Fortunately, great importance is attached to usability and clarification in the functional process in order to create broad acceptance.
JM: Usability is not exactly one of the strengths of the official corona app in Austria. Besides the decision of every single consumer to use the official tracing app or not, will a big company like Infineon actively recommend such an app to its employees or even make it mandatory during work?
BP: I agree with you regarding the lack of usability. Austria’s Stop Corona App, which also supports the decentralized DP-3T protocol, is, however, constantly being developed and improved. Version 1.1 has been released in the meantime, and two further releases will follow, in which important optimizations will be incorporated. In particular, the operating system updates of IOS and Android will be considered, which will guarantee a secure Bluetooth low-energy data connection for proximity tracing. Especially for this purpose, namely for exposure notifications, Google and Apple are currently defining an interface (API) in the respective operating systems IOS and Android. This will make the Stop Corona App really practical and can then, of course, be recommended to employees without hesitation with regard to data security, anonymity and data protection (GDPR).
JM: Will there be enterprise versions of the app?
SR: No, as is currently provided by Apple and Google, a user can run exactly one corona tracing app. The whole tracing only makes sense if all people in a country use exactly the same app. Therefore, companies should use their possibilities to automatically deploy this “consumer” app on corporate smartphones and to switch it on or configure it if necessary. The tracing app only contributes significantly to the interruption of infection chains to the same extent as masks and preventive quarantine if the app spreads much faster than the virus itself. Ideally, a user has the opportunity to personally recommend the app to those around him. Or shops can point to the app at the entrance with a QR code. Only if there is a major campaign – comparable to the anti AIDS campaign of former Bundestag President Rita Süssmuth in the 1990s – will there be a social imperative to use the app. Also, the recommendation of the app via social networks or other proximity services like Apple’s Airdrop should be supported soon. We will only win the battle against a second wave if the app spreads faster than the virus.
JM: Is all of it safe? Where do you see the risks?
BP: Even though data security, anonymity and privacy are guaranteed for the app user, there are of course other aspects that could make such an app completely useless. For example, false alarms, “false positives”, can give the user of a tracing app a warning even though there was no real contact with an infected person. Another aspect is the possibility of a “false negative”, where the tracing app cannot identify a contact with an infected person via Bluetooth. However, I am sure that in both cases, with the appropriate data situation over a longer period of use, optimization of the Bluetooth contact criteria “duration” and “distance” can be achieved, thus reducing “false positives” and avoiding “false negatives”. In addition, the open source approach allows us to gain insight into the implementation and, if necessary, to contribute improvements ourselves. The server side software is also completely transparent.
JM: And what comes after the pandemic? Do you have to be afraid that then all kinds of apps will use this feature, for example, to run “location-based advertisement”?
SR: Apple and Google already provide every app in their official app stores with a certificate. They have clearly agreed that only one official app provider per country will have technical access to the “Corona API”. It is, therefore, the responsibility of the Federal Government, as the commissioning party for the deployment, to discontinue this app after the pandemic and thus make the new Bluetooth API unusable again.
JM: Some companies from the digital leader community have agreed to evaluate a nationwide deployment and, if necessary, to implement it quickly. Should companies talk to their employee representatives now?
SR: Yes, definitely. Every day gained can save lives and help companies to survive economically by avoiding large quarantine groups among employees. Depending on the company, a recommendation or a usage obligation of a Corona App is an “IT system requiring approval” or requires a company agreement. In order to reconcile health protection with the protection of privacy, companies should inform their employee representatives about the technical background right now and involve them in the technical review if necessary. The disclosed architecture documentation is fully sufficient for operational acceptance. There is no need to wait for the app itself until the end of June! However, the rollout of the new iOS and Android systems is not an action requiring approval. This interview will hopefully also make a first contribution to kick-starting the process in companies.
Many thanks to Dr. Berndt Pilgram and Dr. Stefan Ried for the details and their personal assessments.
Helpful background information for Chief Information & Security Officers in Germany
- Official website of the Corona Tracing App www.coronawarn.app/de/
- Open-Source-Project: github.com/corona-warn-app
- Architecture documentation: https://github.com/corona-warn-app/cwa-documentation/blob/master/solution_architecture.md#mobile-applications
- Basics and international comparison: de.wikipedia.org/wiki/COVID-19-App
- Critical voices: https://www.chip.de/news/Sicherheits-Experte-wettert-gegen-Corona-Apps-Tracing-Apps-gegen-Covid-19-absolut-wertlos_182663501.html
- COVIDSAFE Privacy Impact Assessment (Australia): https://www.health.gov.au/sites/default/files/documents/2020/04/covidsafe-application-privacy-impact-assessment-covidsafe-application-privacy-impact-assessment.pdf
- Technical and legal analysis of the Stopp-Corona-App (Austria): https://epicenter.works/document/2497