Frankfurt: As the COVID-19 crisis rages, governments around the world are pinning much of their hopes on virus-tracking technologies aimed at identifying potential spreaders of the disease and interrupting chains of new infections.
So far, however, many European health authorities are still largely dependent on traditional means of communication, such as telephone, email and even postal letters, although digital means have already proven to be far superior in fighting the spreading virus.
Early adopters of the technology have been South Korea, Singapore and — first and foremost — China, where a government-mandated smartphone app is said to have contributed to bringing local outbreaks of new infections quickly under control.
But the tracking tools used in the Asian countries are a far cry from what European populations and governments expect in terms of protecting the privacy of data, and the public is alarmed by reports that technology that could be used for dystopian snooping on citizens during and after the pandemic.
Since early March, IT specialist and German government adviser Chris Boos has been grappling with the question of whether contact tracing of virus carriers can be done while maintaining strict EU privacy rules, asking himself repeatedly: "Is this possible only in the way the Chinese did it?"
From the very beginning, Boos has been joined in his thoughts by Thomas Wiegand, the head of the Heinrich-Hertz-Institute for Telecommunication (HHI), which is part of the German Fraunhofer science organization.
The German government supported their efforts, and a few days later a project known as the Pan European Privacy-Protecting Proximity Tracing (PEPP-PT) was born.
The project includes about 130 scientists from all over Europe, who are working to develop a digital technology capable of tracing infections with mobile phone applications. The PEPP-PT protocol is intended to use proximity-tracking Bluetooth technology to map contacts between infected individuals anonymously and without identifying their physical locations.
"PEPP-PT is not limited to Europe, but can be used worldwide," Boos told DW, adding it had always been the designers' goal to make the protocol available for other countries. "PEPP-PT is a basic technological standard that only requires adaptation to the needs of local health authorities."
The key element of the protocol is that the design entails local processing of contact tracing on the user's device, regardless of what type of smartphone and individual apps are being used. There's no requirement for pseudonymized IDs to be centralized, where the pooled data would pose a privacy risk.
The German government and science community was originally planning to launch the new standard as early as mid-April, after the Easter holidays. But Health Minister Jens Spahn said on April 17 that the rollout would have to be pushed back by three to four weeks "for it [PEPP-PT] to be really good."
The delay is widely seen as a result of widening splits within the PEPP-PT consortium over how the EU's sweeping data protection laws can best be preserved in view of the needs of epidemiologists seeking to track infections.
Some project participants, including the Helmholtz Center for Information Security (CISPA), have withdrawn their support, while about 280 scientists from more than 25 countries published an open letter urging governments not to abuse PEPP-PT by spying on their people.
"We are concerned that some 'solutions' to the crisis may, via mission creep, result in systems which would allow unprecedented surveillance of society at large," they wrote.
The details of their criticism are highly technical but revolve around whether sensitive data would be kept safely on devices or stored on a central server in a way that might allow a bad actor to reconstruct the record of where and when a given person has met other people.