Pan-European Privacy-Preserving Proximity Tracing
Pan-European Privacy-Preserving Proximity Tracing
(PEPP-PT) makes it possible to inform potentially exposed individuals and thus help interrupt new chains of SARS-CoV-2 transmission more rapidly and effectively. We are a growing European team. We provide standards, technology and services to countries and developers. We stand for a fully privacy centered approach. We build on well-tested, fully implemented proximity measurement and scalable backend services. We create the ability to integrate tracing of infection chains across borders in a multinational European setting.
WHAT WE ARE DOING
Vigorous testing, isolation of cases, and quarantine of exposed contacts are key measures to fight the COVID-19 pandemic. To support the fight, Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT)—in full compliance with European data protection rules (GDPR)—is being developed by a multinational team of scientists and engineers. PEPP-PT technology neither stores nor transmits personal data, location data, nor device addresses. The privacy-preserving technology also facilitates international travel as it works across borders.
The PEPP-PT initiative invites all European countries to participate.
THE CURRENT SITUATION
The COVID-19 pandemic poses a major threat to countries around the world. In response to the rapidly growing number of cases and the danger of overburdening health systems, many countries have begun lockdowns to slow the spread of the new coronavirus. Since a long-term lockdown is not economically viable, the urgent question arises as to how an open society and economy can be maintained without risking a collapse of the healthcare system.
Experience in some Asian countries has shown that widespread testing, combined with isolation of confirmed cases and quarantine of their contacts, is a successful control strategy. The current bottlenecks in testing capacity are likely to be eliminated in the coming weeks.
The challenge then will be to isolate confirmed cases and their contacts in a way that is compatible with our common understanding of privacy in European democracies.
Contact tracing is a proven method to help contain the spread of infectious diseases. The aim is to inform the relevant contacts of infected cases as quickly as possible about the potential of infection, in order that appropriate measures be taken in a timely manner. In the case of SARS-CoV-2, a large proportion of transmissions occur through droplets that travel only over a short distance (about 2 m). Thus, “contacts” are people that may have been exposed to the virus in this manner, through physical proximity. That is why the PEPP-PT initiative uses the term “proximity tracing.”
Quarantine of contacts is necessary to prevent further transmissions. This approach has been shown to be effective for various diseases. The challenge in the current situation is the speed with which the new coronavirus spreads, as well as the already high case numbers. If the case numbers fall to a low level due to intervention measures, rigorous testing and rapid quarantine of contacts can prevent further large outbreaks - until a vaccine is available.
Technology can make a decisive contribution to efficient and broadly supported proximity tracing. But technology must be used and deployed responsibly. For this reason, a team of scientists and developers in several European countries has been working together on a non-commercial technical solution that implements proximity tracing via smartphones. Our solution does not track people nor collect data about who they are and where they have been, we only trace proximity to inform individuals about their exposure risks. Our approach is called “Pan-European Privacy-Preserving Proximity Tracing,” or PEPP-PT.
The development of this technology is based on three basic principles. Firstly, it is the result of close European cooperation. Only in this way can we gather and exploit the expertise of the continent in an efficient and targeted manner. Secondly, the technology must be international and operate across national borders. In doing so, the technology will facilitate the resumption of international business and personal travel. Thirdly, the technology must be in accord with the European General Data Protection Regulation (GDPR). A health crisis must not lead to a weakening of the privacy for which many generations before us have fought.
Developing such a system is a challenge, but one that is worth facing. PEPP-PT is a core technology that provides an internationally applicable proximity tracing mechanism. Starting from this base, each country can develop its own app and utilize its own secure infrastructure. This allows each participating country to implement its own operational follow-up in coordination with the local health authorities to meet the needs of the local population. Each country must also convince its own citizens to participate in such a system. The underlying technology, which is being developed in constant exchange with data protection experts and ethicists, is scalable and open, and can be used by any country.
The virus spreads quickly and knows no political boundaries. To bring it under control, we act similarly: speed and international cooperation are essential to protect health, the economy and privacy.
HOW DOES IT WORK?
The technology is being developed for smartphones running Android and iOS. It only works for users that have downloaded an app that uses the PEPP-PT mechanism.
1) Anonymous identifier donation.
Each PEPP-PT app broadcasts a limited-time anonymous identifier (ID) over a short distance.
2) Logging the proximity history.
When PEPP-PT phone A is sufficiently close to PEPP-PT phone B for a long enough period of time, the measurements on the phone of user A are encrypted and recorded together with the anonymous ID of phone B (which, in turn, does the same for phone A). No geolocation, no personal data, or other information that would allow the identification of a user are logged. This anonymous proximity history is stored encrypted on the phone and cannot be viewed by anyone, not even the phone’s user.
3) Usage of the proximity history: two scenarios.
a) If a user has not tested positive for the virus, the anonymous proximity history remains encrypted on the user’s phone and cannot be viewed or transmitted by anybody. Moreover, only the proximity history that could be relevant for detecting virus transmission is saved, and earlier proximity history is continuously deleted.
b) If user A has been confirmed SARS-CoV-2 positive, the health authorities will contact user A and convey a code to user A, with which the encrypted proximity history stored on user A’s phone can be transmitted in encrypted form to the national trust center.
4) Country-dependent trust center operation.
The anonymous IDs contain an encrypted mechanism to identify the country of each user. Based on that, a national trust center proceeds as follows for each anonymous ID in the proximity history received from user A:
a) If an anonymous ID is identified as being from another country, the anonymous ID is transmitted in an encrypted form to the trust center of that other country. Any further processing is done by the trust center of the other country.
b) If an anonymous ID is identified as being from the trust center’s country, the anonymous ID can be linked to a unique app ID of the corresponding PEPP-PT phone. When the user of phone B inquires, they will be informed about the possible exposure.
THE CORE FEATURES
The PEPP-PT mechanisms provide the following core features:
Well-tested and established procedures for proximity measurement for popular mobile operating systems and devices.
Enforcement of user privacy, data protection, anonymization, and GDPR compliance.
Enforcement of information and communication security.
International interoperability to support tracking of local infection chains even if a chain was started abroad and spans multiple PEPP-PT participant countries. As well as opening borders, this mechanism enables local authorities to use local law and procedures, while allowing international cooperation and real-time isolation as well as risk assessment.
Backend architecture and technology that can be deployed into local IT infrastructure and can handle hundreds of millions of devices and users per country.
Managing the partner network of national initiatives and providing application programming interfaces (APIs) for integration of PEPP-PT features and functionalities into national health processes (tests, communications, etc.) and national system processes (health logistics, economy logistics, etc.) giving many local initiatives a local backbone architecture that enforces GDPR and ensures scalability.
Certification service to verify that local implementations use the PEPP-PT mechanisms as advertised and, thus, inherit the privacy and security testing and approval that PEPP-PT mechanisms offer.
If necessary, PEPP-PT can provide the following services for national initiatives:
Support implementing and financing of local “installation” and “trust” campaigns, because only a high saturation of users can quell future outbreaks.
If setting up a local trust center (through which anonymous users can be connected with health authorities) is not possible within a reasonable amount of time, PEPP-PT can either temporarily or on the long term supply such infrastructure to participating countries following strict European data protection and privacy standards.
If national resources for setting up a scalable infrastructure to operate a local platform cannot be made available in a desirable time frame, PEPP-PT can supply such infrastructure either temporarily or on the long term in participating countries.
Manage a repository of building blocks used successfully by PEPP-PT members and shared with the community.
The PEPP-PT initiative is financed through donations and has adopted the WHO standards for financing to avoid any external influence.
WHO ARE WE?
The PEPP-PT team, which has 130 members working in six European countries, includes scientists, technologists, and experts from well-known international institutions and companies. We wield expertise in communication, psychology, epidemiology, proximity tracing, security, encryption, data protection, application development, scalable systems, supercomputing infrastructure, and artificial intelligence.
HOW TO PARTICIPATE
We welcome new members into our team. If you are a technical or scientific entity, please use our onboarding document. If you represent a government, please be in touch and we will connect you with the network of governments already committed to PEPP-PT.
Please be advised that our top priorities are privacy-preservation, information security, data protection, speed, and quality. Therefore, we are onboarding new partners to PEPP-PT core teams step by step. We make all functionality and features, as well as our support, available to any partner. We look forward to welcoming you in the PEPP-PT team.
Please click here for onboarding documentation and access to code
SECURITY & FRAUD PROTECTION
All code of the PEPP-PT system is being monitored by the development team and, in parallel, by national cyber security agencies and data protection agencies—line by line. Only code that has been checked this way will be released to the public. This ensures that no unintended code or loopholes exist in PEPP-PT, and privacy is guaranteed.
OPEN SOURCE LICENSE
Code of the PEPP-PT will be under Mozilla Open Source license or similar.
BETTER TOGETHER. CONTACT US.