Offline-messaging app Bridgefy — which innovatively uses Bluetooth and Wi-fi — became known as the go-to app by thousands of protesters around the world to keep communications going even when oppressive regimes blocked or shut down the Internet. Recently, activists in Nigeria and Thailand have urged supporters to download the app, as last year, when protesters in Hong Kong downloaded Bridgefy to face the government’s censorship of phone services or data connections. In the last 12 months, the startup says it’s reached 2 million downloads. And since the events of the weekend, when Turkey and Greece were hit by an earthquake, the app is now trending on app stores for those regions.
Bridgefy is now publishing a major new update, with a new, crucial feature for activists: end-to-end encrypted messages. This will allow people to securely send and receive messages when they don’t have access to data and will use the same encryption protocol used by Signal, Whatsapp and Facebook Messenger .
Bridgefy launched in 2014 (and appeared on the TechCrunch Disrupt stage in 2017) when the founders identified the problem of not being able to communicate during the earthquakes in Mexico City. It started as a mobile app, and an SDK was added a few years later so other apps could also work without the Internet. The Bridgefy SDK is now licensed to companies on an annual subscription model, based on user volume and is integrated by more than 40 companies across payments, messaging, gaming, social media, dating, and natural disaster apps. Technically-speaking, its competitors include GoTenna and the moth-ball gathering Firechat, although Bridgefy has become better known in the activist space.
The startup is now raising a Seed round and has already raised $800,000 USD, with investors including Twitter cofounder Biz Stone, Alchemist Accelerator and GAN Ventures.
Elon Musk -founded Neuralink has made headlines over the past many years around it efforts to develop a new kind of interface between the human brain and computing devices. On Friday, the company provided a demo of the technology, and Musk kicked off the demo by saying that the purpose of the entire presentation was recruiting — not fundraising or any other kind of promotion.
“We’re not trying to raise money or do anything else, but the the main purpose is to convince great people to come work at Neuralink, and help us bring the product to fruition — make it affordable and reliable and and such that anyone who wants one can have one,” he said.
Musk then went on to say that the reason he wants to make it generally available is that just about everyone will have some kind of neurological problem over time, including memory loss, anxiety, brain damage, depression and a long list of other ailments. Of course, there’s no clear evidence that any of this long list of problems can be quickly and easily “solved” with any one solution, so it’s a bit challenging to see this as a reasonable end goal for the company.
The goal may be ambitious — and definitely subject to a lot of ethical and medical debate — but the technology that Musk actually demonstrated was much less so. Musk first noted that Neuralink had changed design since the reveal last year, with a smaller physical device profile that he said can be fully hidden under hair once installed in the skull. He had a physical device in-hand to show its size.
Image Credits: Neuralink
Musk then turned the audience’s attention to three pigs that were in attendance in nearby pens, with handlers nearby. The three pigs were one that was untreated, the second (“Gertrude”) was installed with a Neuralink device, called the “Link,” and the third had previously had one installed but then subsequently had it removed. Musk at first had trouble coaxing Gertrude to come out and perform for the small, socially distanced crowd in attendance (who were seated at bar-height tables as if they were at a comedy club). Eventually, however, he skipped Getrude to show that the pig who had her Link removed was very healthy and normal-looking.
Image Credits: Neuralink
Back to Gertrude, Musk showed a display that played a sound and showed a visual spike whenever the Link detected that Gertrude made contact to something with her snout while rooting around for food.
“For the initial device, it’s read/write in every channel with about 1024 channels, all-day battery life that recharges overnight and has quite a long range, so you can have the range being to your phone,” Musk said. “I should say that’s kind of an important thing, because this would connect to your phone, and so the application would be on your phone, and the Link communicating, by essentially Bluetooth low energy to the device in your head.”
Image Credits: Neuralink
Musk closed the prepared portion of the presentation by noting that the company had received a Breakthrough Device designation from the U.S. Food and Drug Administration in July, and that the company is “preparing for first human implantation soon, pending required approvals and further safety testing.”
While the device demonstrated was only a read-device, receiving data from the signals in the pig’s brain, the plan is to provide both read and write capabilities with the goal of being able to address neurological issues as mentioned above. Musk also stressed that why he showed the pig which had had its implant removed safely was because the plan is to provide updates to the hardware over time as better versions become available. Ultimately, Musk said during a later Q&A that Neuralink hopes to get the cost down to somewhere in the thousand-dollar range, with a minimal cost for the hardware itself along the line of modern wearable devices.
Musk actually referred to the Neuralink devices as a “Fitbit in your skull with tiny wires” at multiple points during the presentation, which actually seems like a pretty dystopian proposition, depending on your perspective. Capabilities he teased eventually include the ability to summon your Tesla with a thought, and video game control interfaces — including complete control of Starcraft. Musk also said in the future he expected people with Link to be able to “save and replay memories,” adding the caveat that “thisisobviouslysoundingincreasinglylikeaBlackMirrorepisode, but well, I guess they’re pretty good at predicting.” He even went so far as to say that “you could potentially download [memories] into a robot body.”
The first clinical trial will focus on individuals with paraplegia or tetraplegia, resulting from cervical spinal cord injury. The plan for a first trial is to enroll a “small number” of these individuals in order to test the efficacy and safety of the technology.
With the launch of Android 11 getting closer, Google today launched the third and final beta of its mobile operating system ahead of its general availability. Google had previously delayed the beta program by about a month because of the coronavirus pandemic.
Image Credits: Google
Since Android 11 had already reached platform stability with Beta 2, most of the changes here are fixes and optimizations. As a Google spokesperson noted, “this beta is focused on helping developers put the finishing touches on their apps as they prepare for Android11, including the official API 30 SDK and build tools for Android Studio.”
The one exception is some updates to the Exposure Notification System contact-tracing API, which users can now use without turning on device location settings. Exposure Notification is an exception here, as all other Android apps need to have location settings on (and user permission to access it) to perform the kind of Bluetooth scanning Google is using for this API.
Otherwise, there are no surprises here, given that this has already been a pretty lengthy preview cycle. Mostly, Google really wants developers to make sure their apps are ready for the new version, which includes quite a few changes.
If you are brave enough, you can get the latest beta over the air as part of the Android Beta program. It’s available for Pixel 2, 3, 3a, 4 and (soon) 4a users.
When visualizing a new IoT application; carefully consider not what data flows you want, but what data flows your application needs to be successful.
Data flows are one of the key constraints in the design of any IoT application. Data flows drive not just communications cost, but also indirectly control communication technology selection, power needs, and the actual paradigm of an application’s functionality. As you begin visualizing your new IoT application, think carefully about the data and communication patterns that support your planned features.
IoT is a confluence of smart and connected in a remote device. I assume that if you’re reading this you have a “device” side and a “user” application side that you are thinking about connecting. Your devices could be in near proximity of your user, their home/office, or anywhere. The user application where the device data lands initially could be a smartphone, or in many cases a cloud platform. Throughout the discussion, chances are the connection will be over a wireless link. This is by far the predominant pattern for typical IoT (non-IIOT/non-manufacturing use cases).
First, let’s differentiate between “data” and “data flows.
Data: what is measured
Data Flows: what is communicated.
Sure, increased data is likely to ramp up the amount of data sent to/from your device, but more data is not a linear predictor of how much data an application needs to communicate with a user. As the power of IoT device MCU chips increases, there is a steady ability to do more processing on the device and only communicate a summary of relevant events and periodic data points.
Communications are power-hungry compared with computation and memory on an IoT device. The more you can keep your radio turned off, the more battery life that remains. There are power light wireless technologies like Bluetooth Low Energy (BLE) for near distance communications, but what if your device is far away? Radios vary in their performance profile and there are numerous articles out there about WiFi vs. LoRa vs. LTE. Know your communications stack. Next, I lay out some concepts that should be considered regardless of which type of radio is in your device.
Most IoT projects fall into two broad categories. These two patterns dictate many aspects of the data flows your application will need to perform and when your communications hardware needs to be turned on.
Interactive applications place the user and device in virtual proximity, with physical distance ranging from a few feet to miles to wherever. The communication flows, bridge that physical distance. This application pattern is the most demanding from a communications perspective.
Communications that are interactive require that a device radio stays on to listen for user input. This could be constrained to a specific interval of interest, rather than 24 hours a day. Maybe the communications channel can be predictably enabled during “business hours” or only during predicted device “usage” times. The key point, radio on all the time increases power consumption considerably. This in turn increases challenges for off-grid or solar applications to have enough power harvesting and storage.
Being that the interactive application pattern is so demanding that you may find variations necessary to make things work. Consider maybe delaying user input by minutes or even hours, opening times for user control of the device.
From a communication and power budget perspective, this application pattern is much easier to implement. Devices can wake up occasionally, gather and locally store data, assess the situation, and then decide if communication is required. The radio stays off until it is needed to send data to the user before it’s back to sleep for the communications.
The remote monitoring pattern can be integrated with an interactive application by making use of when the radio is already turned on. When you periodically send data, check for user directives. This approach is standardized in LoRaWAN Class A devices which listens for user input 1 and 2 seconds after transmitting its data.
IoT applications typically use protocols such as MQTT or HTTP to package their data while in transit. MQTT, HTTP, AMQP and other IoT communication protocols add protocol data to the total amount of IoT device payload data being transmitted between the device and the user. The amount of data communicated typically increases in two ways: framing overhead and keepalives.
Framing overhead is the extra data that is sent along with an application’s data to make communications more robust and reliable. Think of protocol framing as the envelope you put your physical correspondence in. In the case of MQTT, to send data, the overhead is 6 characters + the MQTT topic name your device is publishing to. This can add up and, in some cases, exceed the size of the payload data you are sending to the user side. It is important to note that while MQTT transmits these extra characters with your message payload, MQTT is more efficient than AMQP and HTTP; which is why MQTT is so often used in IoT systems.
The other protocol tax is keepalive messaging (sometimes referred to as heartbeats). MQTT implementations typically perform a keepalive action every 1-4 minutes, this time period is referred to as the keepalive interval. Keepalives are not required if data transmission has been performed recently. To keep communications active, MQTT sends a 2-character long PING when the keepalive interval ends. The keepalive interval is reset with each transmission, for either a PING or payload data.
Most implementations afford the ability to lengthen the keepalive interval (reduce the number of keepalives sent), each system will typically impart some upper limit for the keepalive interval. Azure IoT Hub uses MQTT extensively and limits the keepalive interval to a maximum of 1177 seconds or once every 19 minutes, 37 seconds (Understand Azure IoT Hub MQTT Support).
When reviewing data and deciding what to send back and forth, think about ways to eliminate or reduce application data flows. When reviewing data flows, take note of how big each one is, how often data is sent, and what is going on with your communications channel when nothing is happening.
Time adds up… fast! Sending 500 characters of data every 20 seconds:
180 times / hour 90KB / hour
4,320 times / day 2,160MB / day
30,240 times / week 17,120MB / week
129,600 times / month 64,800MB / month
Remember every character you send can increase costs and draws down your device’s battery.
After sampling remote data, look for ways to summarize prior to sending. For example: consider sending maximum, minimum, average, and number of data points over a specific period.
Similarly, once a maximum and minimum are established, consider sending data only when a new outlying maximum or minimum has been observed.
For remote sensing consider only sending data once a day or even once a week. But send data events when something significant has been observed at the device.
Consider building normal limits in your device software. When the data being sensed leaves these limits, then communicate and report the event to the user.
Log your data locally on the device and send a block of data (a day or weeks’ worth) at one time. Once the radio is on using it, then shut it off. Every time the radio is turned on/off, power is wasted before/after when data is sent.
Only you can determine when a piece of data being sent is valuable. Is that piece of data something you want… or is it something you need?
Technology improvements over the past few years mean that most fully wireless earbuds are a lot better than they used to be. That has led to something of a narrowing of the field among competitors in this arena, but some of the players still stand out – and Jabra have definitely delivered a standout performer with its newest Elite Active 75t fully wireless earbuds.
Jabra’s Elite Active 75t is a successor to its very popular 65t line, with added moisture resistance designed specifically for exercise use, as indicated by the ‘Active’ in the name. At $199.99, these are definitely premium-priced – but they’re a lot more affordable than many of the other offerings in the category, especially with their IP57-water and sweat resistance rating.
The Elite Active 75t also feature an esteemed 7.5 hours of battery life on a single charge, and their compact charging case carries backup power that adds up to a total of 28 hours potential run time across a single charge for both. The case charges via USB-C and also offers a fast-charge capability that provides 60 minutes of use from just 15 minutes of charging.
While they don’t offer active noise cancellation, they do have passive noise blocking, and an adjustable passthrough mode so that you can tune how much of the sound of the world around you you want to let in – a great safety feature for running or other activities.
They use Bluetooth 5.0 for low power consumption and extended connection range, have an auto-pause and resume feature for when you take out one earbud, and include a 4-mic array to optimize audio quality during calls.
Jabra has accomplished a lot on the design front with the Elite Active 75t. Their predecessor was already among the most compact and low-profile in-ear wireless buds on the market, and the Elite Active 75t is even smaller. These are extremely lightweight and comfortable, too, and their design ensures that they stay put even during running or other active pursuits. In my testing, they didn’t even require adjustment once during a 30-minute outdoor run.
Their comfort makes them a great choice for both active use and for all-day wear at the desk – and the 7.5 hours of battery life doesn’t seem to be a boast, either, based on my use, which is also good for workday wear.
Another key design feature that Jabra included on the Elite Active 75t is that both earbuds feature a large, physical button for controls. This is much better and easier to use than the touch-based controls found on a lot of other headsets, and makes learning the various on-device control features a lot easier.
Finally in terms of design, the charging case for the Elite Active 75t is also among the most svelte on the market. It’s about the size of two stacked matchboxes, and easily slides into any available pockets. Like the earbuds themselves, the case features a very slightly rubberized outer texture, which is great for grip but, as you can see from the photos, is also a dust magnet. That doesn’t really matter unless you happen to be tasked with photographing them, however.
One final note on the case design – magnetic snaps in the earbud pockets mean you can be sure that your headset buds are seated correctly for charging when you put them back, which is a great bit of user experience thoughtfulness.
It’s easy to see why the Jabra Elite Active 75t is already a favorite among users – they provide a rich, pleasant sound profile that’s also easily tuned through the Jabra Sound+ mobile app. Especially for a pair of earbuds designed specifically for active use, these provide sound quality that goes above and beyond.
Their battery life appears to line up with manufacturer estimates, which also makes them class-leading in terms of single charge battery life. That’s a big advantage when using these for longer outdoor activities, or, as mentioned, when relying on them for all-day desk work. Their built-in mic is also clear and easy to understand for people on the other side of voice and video calls, and the built-in voice isolation seems to work very well according to my testing.
In my experience, their fit is also fantastic. Jabra really seems to have figured out how to build a bud that stays in place, regardless of how much you’re moving around or sweating. It’s really refreshing to find a pair of fully wireless buds that you never have to even think about readjusting them during a workout.
Jabra has done an excellent job setting their offering apart from an increasingly crowded fully wireless earbud market, and the Elite Active 75t is another distinctive success. Size, comfort and battery life all help put this above its peers, and it also boasts great sound quality as well as excellent call quality. You can get better sounding fully wireless earbuds, but not without spending quite a bit more money and sacrificing some of those other advantages.
Apple and Google have provided a number of updates about the technical details of their joint contact tracing system, which they’re now exclusively referring to as an “exposure notification” technology, since the companies say this is a better way to describe what they’re offering. The system is just one part of a contact tracing system, they note, not the entire thing. Changes include modifications made to the API that the companies say provide stronger privacy protections for individual users, and changes to how the API works that they claim will enable health authorities building apps that make use of it to develop more effective software.
The additional measures being implemented to protect privacy include changing the cryptography mechanism for generating the keys used to trace potential contacts. They’re no longer specifically bound to a 24-hour period, and they’re now randomly generated instead of derived from a so-called “tracing key” that was permanently attached to a device. In theory, with the old system, an advanced enough attack with direct access to the device could potentially be used to figure out how individual rotating keys were generated from the tracing key, though that would be very, very difficult. Apple and Google clarified that it was included for the sake of efficiency originally, but they later realized they didn’t actually need this to ensure the system worked as intended, so they eliminated it altogether.
The new method makes it even more difficult for a would-be bad actor to determine how the keys are derived, and then attempt to use that information to use them to track specific individuals. Apple and Google’s goal is to ensure this system does not link contact tracing information to any individual’s identity (except for the individual’s own use) and this should help further ensure that’s the case.
The companies will now also be encrypting any metadata associated with specific Bluetooth signals, including the strength of signal and other info. This metadata can theoretically be used in sophisticated reverse identification attempts, by comparing the metadata associated with a specific Bluetooth signal with known profiles of Bluetooth radio signal types as broken down by device and device generation. Taken alone, it’s not much of a risk in terms of exposure, but this additional step means it’s even harder to use that as one of a number of vectors for potential identification for malicious use.
It’s worth noting that Google and Apple say this is intended as a fixed length service, and so it has a built-in way to disable the feature at a time to be determined by regional authorities, on a case-by-case basis.
Finally on the privacy front, any apps built using the API will now be provided exposure time in five-minute intervals, with a maximum total exposure time reported of 30 minutes. Rounding these to specific five-minute duration blocks and capping the overall limit across the board helps ensure this info, too, is harder to link to any specific individual when paired with other metadata.
On the developer and health authority side, Apple and Google will now be providing signal strength information in the form of Bluetooth radio power output data, which will provide a more accurate measure of distance between two devices in the case of contact, particularly when used with existing received signal strength info from the corresponding device that the API already provides access to.
Individual developers can also set their own parameters in terms of how strong a signal is and what duration will trigger an exposure event. This is better for public health authorities because it allows them to be specific about what level of contact actually defines a potential contact, as it varies depending on geography in terms of the official guidance from health agencies. Similarly, developers can now determine how many days have passed since an individual contact event, which might alter their guidance to a user (i.e. if it’s already been 14 days, measures would be very different from if it’s been two).
Apple and Google are also changing the encryption algorithm used to AES, from the HMAC system they were previously using. The reason for this switch is that the companies have found that by using AES encryption, which can be accelerated locally using on-board hardware in many mobile devices, the API will be more energy efficiency and have less of a performance impact on smartphones.
As we reported Thursday, Apple and Google also confirmed that they’re aiming to distribute next week the beta seed version of the OS update that will support these devices. On Apple’s side, the update will support any iOS hardware released over the course of the past four years running iOS 13. On the Android side, it would cover around 2 billion devices globally, Android said.
Coronavirus tracing: Platforms versus governments
One key outstanding question is what will happen in the case of governments that choose to use centralized protocols for COVID-19 contact tracing apps, with proximity data uploaded to a central server — rather than opting for a decentralized approach, which Apple and Google are supporting with an API.
In Europe, the two major EU economies, France and Germany, are both developing contact tracing apps based on centralized protocols — the latter planning deep links to labs to support digital notification of COVID-19 test results. The U.K. is also building a tracing app that will reportedly centralize data with the local health authority.
This week Bloomberg reported that the French government is pressuring Apple to remove technical restrictions on Bluetooth access in iOS, with the digital minister, Cedric O, saying in an interview Monday: “We’re asking Apple to lift the technical hurdle to allow us to develop a sovereign European health solution that will be tied our health system.”
While a German-led standardization push around COVID-19 contact tracing apps, called PEPP-PT — that’s so far only given public backing to a centralized protocol, despite claiming it will support both approaches — said last week that it wants to see changes to be made to the Google-Apple API to accommodate centralized protocols.
Asked about this issue an Apple spokesman told us it’s not commenting on the apps/plans of specific countries. But the spokesman pointed back to a position on Bluetooth it set out in an earlier statement with Google — in which the companies write that user privacy and security are “central” to their design.
Judging by the updates to Apple and Google’s technical specifications and API framework, as detailed above, the answer to whether the tech giants will bow to government pressure to support state centralization of proximity social graph data looks to be a strong “no.”
The latest tweaks look intended to reinforce individual privacy and further shrink the ability of outside entities to repurpose the system to track people and/or harvest a map of all their contacts.
The sharpening of the Apple and Google’s nomenclature is also interesting in this regard — with the pair now talking about “exposure notification” rather than “contact tracing” as preferred terminology for the digital intervention. This shift of emphasis suggests they’re keen to avoid any risk of their role being (mis)interpreted as supporting broader state surveillance of citizens’ social graphs, under the guise of a coronavirus response.
Backers of decentralized protocols for COVID-19 contact tracing — such as DP-3T, a key influence for the Apple-Google joint effort that’s being developed by a coalition of European academics — have warned consistently of the risk of surveillance creep if proximity data is pooled on a central server.
Apple and Google’s change of terminology doesn’t bode well for governments with ambitions to build what they’re counter-branding as “sovereign” fixes — aka data grabs that do involve centralizing exposure data. Although whether this means we’re headed for a big standoff between certain governments and Apple over iOS security restrictions — à la Apple vs the FBI — remains to be seen.
Earlier today, Apple and Google’s EU privacy chiefs also took part in a panel discussion organized by a group of European parliamentarians, which specifically considered the question of centralized versus decentralized models for contact tracing.
Asked about supporting centralized models for contact tracing, the tech giants offered a dodge, rather than a clear “no.”
“Our goal is to really provide an API to accelerate applications. We’re not obliging anyone to use it as a solution. It’s a component to help make it easier to build applications,” said Google’s Dave Burke, VP of Android engineering.
“When we build something we have to pick an architecture that works,” he went on. “And it has to work globally, for all countries around the world. And when we did the analysis and looked at different approaches we were very heavily inspired by the DP-3T group and their approach — and that’s what we have adopted as a solution. We think that gives the best privacy preserving aspects of the contacts tracing service. We think it’s also quite rich in epidemiological data that we think can be derived from it. And we also think it’s very flexible in what it could do. [The choice of approach is] really up to every member state — that’s not the part that we’re doing. We’re just operating system providers and we’re trying to provide a thin layer of an API that we think can help accelerate these apps but keep the phone in a secure, private mode of operation.”
“That’s really important for the expectations of users,” Burke added. “They expect the devices to keep their data private and safe. And then they expect their devices to also work well.”
DP-3T’s Michael Veale was also on the panel — busting what he described as some of the “myths” about decentralized contacts tracing versus centralized approaches.
“The [decentralized] system is designed to provide data to epidemiologists to help them refine and improve the risk score — even daily,” he said. “This is totally possible. We can do this using advanced methods. People can even choose to provide additional data if they want to epidemiologists — which is not really required for improving the risk score but might help.”
“Some people think a decentralized model means you can’t have a health authority do that first call [to a person exposed to a risk of infection]. That’s not true. What we don’t do is we don’t tag phone numbers and identities like a centralized model can to the social network. Because that allows misuse,” he added. “All we allow is that at the end of the day the health authority receives a list separate from the network of whose phone number they can call.”
MEP Sophie in ‘t Veld, who organzied the online event, noted at the top of the discussion they had also invited PEPP-PT to join the call but said no one from the coalition had been able to attend the video conference.
A German research institute that’s involved in developing a COVID-19 contacts tracing app with the backing of the national government has released some new details about the work which suggests the app is being designed as more of a ‘one-stop shop’ to manage coronavirus impacts at an individual level, rather than having a sole function of alerting users to potential infection risk.
Work on the German app began at the start of March, per the Fraunhofer-Gesellschaft institute, with initial funding from the Federal Ministry of Education and Research and the Federal Ministry of Health funding a feasibility study.
In a PDF published today, the research organization reveals the government-backed app will include functionality for health authorities to directly notify users about a COVID-19 test result if they’ve opted in to get results this way.
It says the system must ensure only people who test positive for the virus make their measurement data available to avoid incorrect data being inputed. For the purposes of “this validation process”, it envisages “a digital connection to the existing diagnostic laboratories is implemented in the technical implementation”.
“App users can thus voluntarily activate this notification function and thus be informed more quickly and directly about their test results,” it writes in the press release (which we’ve translated from German with Google Translate) — arguing that such direct digital notification of tests results will mean that no “valuable time” is lost to curb the spread of the virus.
Governments across Europe are scrambling to get Bluetooth-powered contacts tracing apps off the ground, with apps also in the works from a number of other countries, including the UK and France, despite ongoing questions over the efficacy of digital contacts tracing vs such an infectious virus.
The great hope is that digital tools will offer a route out of economically crippling population lockdowns by providing a way to automate at least some contacts tracing — based on widespread smartphone penetration and the use of Bluetooth-powered device proximity as a proxy for coronavirus exposure.
Preventing a new wave of infections as lockdown restrictions are lifted is the near-term goal. Although — in line with Europe’s rights frameworks — use of contacts tracing apps looks set to be voluntary across most of the region, with governments wary about being seen to impose ‘health surveillance’ on citizens, as has essentially happened in China.
However if contacts tracing apps end up larded with features that are deep linking into national health systems that raises questions about how optional their use will really be.
An earlier proposal by a German consortium of medical device manufacturers, laboratories, clinics, clinical data management systems and blockchain solution providers — proposing a blockchain-based Digital Corona Health Certificate, which was touted as being able to generate “verifiable, certified test results that can be fed into any tracing app” to cut down on false positives — claimed to have backing from the City of Cologne’s public health department, as one example of potential function creep.
In March, Der Spiegel also reported on a large-scale study being coordinated by the Helmholtz Center for Infection Research in Braunschweig, to examine antibody levels to try to determine immunity across the population. Germany’s Robert Koch Institute (RKI) was reportedly involved in that study — and has been a key operator in the national contacts tracing push.
Both RKI and the Fraunhofer-Gesellschaft institute are also involved in parallel German-led pan-EU standardization effort for COVID-19 contacts tracing apps (called PEPP-PT) that’s been the leading voice for apps to centralize proximity data with governments/health authorities, rather than storing it on users’ device and performing risk processing locally.
PEPP-PT bases its claim of being a “privacy-preserving” standard on not backing protocols or apps that use location data or mobile phone numbers — with only arbitrary (but pseudonymized) proximity IDs shared for the purpose of tracking close encounters between devices and potential coronavirus infections.
Yet, at the same time, regional privacy experts, the EU parliament and even the European Commission have urged national governments to practice data minimization and decentralized when it comes to COVID-19 contacts tracing in order to boost citizen trust by shrinking associated privacy risks.
If apps are voluntary citizens’ trust must be earned not assumed, is the key argument. Without substantial uptake the utility of digital contacts tracing seems doubtful.
Apple and Google have also come down on the decentralized side of this debate — outting a joint effort last week for an API and later opt-in system-wide contacts tracing. The first version of their API is slated to be in developers’ hands next week.
Meanwhile, a coalition of nearly 300 academics signed an open letter at the start of this week warning that centralized systems risked surveillance creep — voicing support for decentralized protocols, such as DP-3T: Another contact tracing protocol that’s being developed by a separate European coalition which has been highly critical of PEPP-PT.
And while PEPP-PT claimed recently to have seven governments signed up to its approach, and 40 more in the pipeline, at least two of the claimed EU supporters (Switzerland and Spain) had actually said they will use a decentralized approach.
The coalition has also been losing support from a number of key research institutions which had initially backed its push for a “privacy-preserving” standard, as controversy around its intent and lack of transparency has grown.
Nonetheless the two biggest EU economies, Germany and France, appear to be digging in behind a push to centralize proximity data — putting Apple in their sights.
Bloomberg reported earlier this week that the French government is pressurizing Apple to remove Bluetooth restrictions for its COVID-19 contacts tracing app which also relies on a ‘trusted authority’ running a central server (we’ve covered the French ROBERT protocol in detail here).
It’s possible Germany and France are sticking to their centralized guns because of wider plans to pack more into these contacts tracing apps than simply Bluetooth-powered alerts — as suggested by the Fraunhofer document.
Access to data is another likely motivator.
“Only if research can access sufficiently valid data it is possible to create forecasts that are the basis for planning further steps against are the spread of the virus,” the institute goes on. (Though, as we’ve written before, the DP-3T decentralized protocol sets out a path for users to opt in to share proximity data for research purposes.)
Another strand that’s evident from the Fraunhofer PDF is sovereignty.
“Overall, the approach is based on the conviction that the state healthcare system must have sovereignty over which criteria, risk calculations, recommendations for action and feedback are in one such system,” it writes, adding: “In order to achieve the greatest possible usability on end devices on the market, technical cooperation with the targeted operating system providers, Google and Apple, is necessary.”
Apple and Google did not respond to requests for comment on whether they will be making any changes to their API as result of French and German pressure.
Fraunhofer further notes that “full compatibility” between the German app and the centralized one being developed by French research institutes Inria and Inserm was achieved in the “past few weeks” — underlining that the two nations are leading this particular contacts tracing push.
In related news this week, Europe’s Data Protection Board (EDPB) put out guidance for developers of contacts tracing apps which stressed an EU legal principle related to processing personal data that’s known as purpose limitation — warning that apps need to have purposes “specific enough to exclude further processing for purposes unrelated to the management of the COVID-19 health crisis (e.g., commercial or law enforcement purposes)”.
Which sounds a bit like the regulator drawing a line in the sand to warn states that might be tempted to turn contacts tracing apps into coronavirus immunity passports.
The EDPB also urged that “careful consideration” be given to data minimisation and data protection by design and by default — two other key legal principles baked into Europe’s General Data Protection Regulation, albeit with some flex during a public health emergency.
However the regulatory body took a pragmatic view on the centralization vs decentralization debate — saying both approaches are “viable” in a contacts tracing context, with the key caveat that “adequate security measures” must be in place.
Kleine tragbare Lautsprecher bleiben der Renner. Sie sollen flexibel sein und ermöglichen, die Musik überall mit hinzunehmen, sei es auf Reisen, zum Picknick im Park oder mobil in der Wohnung. Wir haben drei Modelle bis 200 Euro von JBL, Teufel und Klipsch getestet. Jedes weist eine ganz eigene Besonderheit und mit individuellem Konzept auf.
Das ist nicht bei allen gleichermaßen geglückt. Ein Gerät überrascht mit einem unerwartet schlechten Testergebnis.
Apple and Google’s engineering teams have banded together to create a decentralized contact tracing tool that will help individuals determine whether they have been exposed to someone with COVID-19.
Contact tracing is a useful tool that helps public health authorities track the spread of the disease and inform the potentially exposed so that they can get tested. It does this by identifying and “following up with” people who have come into contact with a COVID-19-affected person.
The first phase of the project is an API that public health agencies can integrate into their own apps. The next phase …
Bluetooth location beacon startup Estimote has adapted its technological expertise to develop a new product designed specifically for curbing the spread of COVID-19. The company created a new range of wearable devices that co-founder Steve Cheney believes can enhance workplace safety for those who have to be co-located at a …