Hundreds of academics have warned governments around the world not to commission coronavirus contact-tracing apps that collect and store personal data on entire countries' populations.
Published today, the open letter has been signed by professors from 26 countries and urges governments to think about the dangers of building pools of data revealing precisely who you meet, when and where.
Referring to other countries' experiments with contact-tracing apps as a way of halting the spread of the infection, the academics said: "Though the effectiveness of contact tracing apps is controversial, we need to ensure that those implemented preserve the privacy of their users, thus safeguarding against many other issues."
The Register explained in broad terms how the apps work a few days ago. The problem is that there are two competing approaches for contact-tracing apps: a centralised one, where data from the population is concentrated at one hub for analysis; and a decentralised one, where apps tell the user if they have been in contact with someone who has COVID-19.
The academics fear that a centralised approach would either create an irresistible temptation for "mission creep", fuelling the worst authoritarian instincts of governments collecting population-scale social graph data – or simply create a hugely valuable store of that data ripe for criminals, spies and similar undesirables to hack into.
In the letter, the academics warned that the centralised approach could "catastrophically hamper trust in and acceptance of such an application by society at large." If people didn't trust a government-backed app for fear that data harvested from it could be abused for other purposes, they simply wouldn't use it or would find ways of spoofing the data.
On the flip side, trusting the population to input its own medical diagnoses into a decentralised app is a risky approach. Aside from those not wishing to declare their status, for whatever reason, what about those with mild symptoms who might think they've had a bad cold instead of the coronavirus?
"Research has demonstrated that solutions based on sharing geolocation (i.e., GPS) to discover contacts lack sufficient accuracy and also carry privacy risks because the GPS data is sent to a centralized location," said the letter. "For this reason, Bluetooth-based solutions for automated contact tracing are strongly preferred when available."
Google and Apple, two companies not known for their devotion to privacy, have jointly released a set of specs for a Bluetooth-based contact-tracing app. Singapore released, and later open-sourced, a Bluetooth-based app, having explicitly discounted GPS on practical grounds.
The letter, full details of which El Reg can't publish because our version has people's email addresses baked into it for media use, highlighted four consortia whose decentralised approaches it endorsed: the Western world's TCN Coalition; the Swiss-led DP-3T collective, which includes the co-founder of VMware as one of its advisors; and two American academic initiatives, PACT (MIT) and PACT (UW). Despite the similar names, the US organisations are not formally linked.
Trouble at t'monitoring mill
Meanwhile, a contact-tracing app creation collective originally billed as pan-European has started to wobble as it appears to back away from one decentralised approach.
The PEPP-PT project, a German-led initiative that started off backing both centralised and decentralised models for contract-tracing apps, seems to have fallen out big time with the project building its decentralised model, DP-3T.
Cryptography prof Kenny Paterson of DP-3T told The Register the first he knew about PEPP-PT's apparent change of tack was when its organisers stopped talking to him last week, adding that other institutions had seen this and began socially distancing themselves from PEPP-PT as a result: "There was a leaking away of support over the weekend from the international community at the same time as we were getting [today's] letter ready."
Other academics expressed surprise and discomfort last week to El Reg about PEPP-PT's new direction. ®