RENEW EUROPE Webinar on COVID-19 contact tracing applications

Stephan Engberg

PriWay / CitizenKey

Q: There is an excessive focus on proximity falling to go deeper into the real problems. E.g. intra-hospital and care centers are not covered at all. Why feed cartel control to the Gapple model. How do we get to focus on a 360°? E.g. CitizenKey Https://www.linkedin.com/pulse/covid-19-response-needs-wake-up-reality-stephan-engberg (to Sophie in 't Veld)

Narseo Vallina

IMDEA Networks Institute

Q: One of the problems of CT apps is that the software development process and data processing is often delegated to external companies. Is the EDPB planning the creation of a task force dedicated at auditing / verifying this software and their data processing? (to Wojciech Wiewiórowski)

Paul Breitbarth

TrustArc

Q: Thank you for organising this webinar - very useful!

Karen Melchior

Radikale Venstre

Q: For Techcrunch: Please should the google/apple address that to their team in Bruxelles. I can send you the contact (to Karen Melchior)

Vincent Manancourt

POLITICO

Q: The consensus seems to be that decentralized apps are more privacy preserving than centralized apps. Why then do the EDPB and EDPS back both centralized and decentralized models? (to Wojciech Wiewiórowski)

Andrea

GDP

Q: Why has there been both EDPB and EC guidance on COVID-19 mobile apps? Granted, they overlap considerably, but not entirely - this is confusing for app developers. (to Wojciech Wiewiórowski)

A: Sophie in 't Veld: There are many different views on the value of contact apps for fighting corona. We want to know more before we take position, that is why we have organised this webinar

Natasha

TechCrunch

Q: What changes is Apple being asked to make to the API by governments in France and Germany? As it stands, they both intend to use a centralized system -- will their apps be given access to the API? (to Gary Davis)

Ander

Q: Where do you see the postal code information be encoded? in the diagnosis keys themselves? (to Dave Burke)

Pauline McBride

Queen's University, Belfast

Q: Question for Michael/Gary - just to be clear, if a user also supplies a phone number to a public health authority through an app using the decentralised model, presumably the public health authority does not receive any of the bluetooth information - and even if it did, presumably it would convey nothing by way of additional personal information to the public health authority? Thanks.

Michael M.

Nancy university

Q: Is it possible that some people can set they are positive in the app and lie about it ? I mean how can we trust the system if it depends on users behavior.

Ander Elustondo Jauregui

EC

Q: On the operation of backend servers: How will you ensure interoperability between the frontend (OS) and backends (run by MSs)? (to Dave Burke)

Jean-Luc Sanne

Q: According to a judgment last year of the European Court of Justice (Case Google v CNIL), there is no obligation for Google to apply the European right to be forgotten outside the EU. What guarantee offers google to travellers who use the tracing app? (to Dave Burke)

Andrej

Q: I think we do not need this type of apps. People are serious enough, they practice social distancing. Absolutely not. Sophy, where do you see the need for this apps. (to Sophie in 't Veld)

Ander Elustondo Jauregui

EC

Q: Which are the epidemiological heuristics use by A&G proximity tracing algorithms? Can they be tune as we learn more with the virus? Can a national authority fine tune these heuristics? (to Dave Burke)

Nataliia Bielova

Inria

Q: I would like all panelists to ask their opinion on the de-identification fallacy described by Ed Felten: If Alice met only Bob (or her phone was on only when she was next to Bob), then when Bob is infected, Alice knows it was Bob who is infected. (see minute 44 of https://mediacentral.princeton.edu/media/CITP+WebinarA+Ed+Felten+-+COVID-19%2C+Technology%2C+Privacy+and+Civil+Liberties/1_syzkrdfd for details) (to Dita Charanzová)

Chris

Q: One of the key privacy protections you mentioned was not identifying positive COVID-19 users to other users, Google or Apple, but will they be identified to national health authorities? And will be users be informed of such? (to Gary Davis)

Ander Elustondo Jauregui

EC

Q: How will Apple & Google ensure that harmful apps do not have access to these APIs, and that only public health authorities do? (to Gary Davis)

Andrej

Q: We have a similar situation here in the USA. Some state governer, interestingly, from democrats (elections are envisaged in November) wanted to use appes to follow COVID 19 infected , but they were faced with protests and rejections. They wanted emails, full names and addresses. (to Sophie in 't Veld)

Ander Elustondo Jauregui

EC

Q: Is there a way to reconcile different architectures (centralised and decentralised) in the backends? (mainly thinking about cross border interoperability) (to Michael Veale)

Ander Elustondo Jauregui

EC

Q: How will back-end server cross-border interoperability be ensured? (to Dave Burke)

Nikolai Retskin

Q: Will your API be open-source? If not, why? (to Dave Burke)

Frank Grimm

Bielefeld University

Q: We're seeing news from lobbies in France and Germany that push for weakening the privacy assurances and openly imply your approach hinders the contact tracing effort. Realizing both Google and Apple have ample experience in this regard, are you confident you are able to go forward with this without giving in to changes that lower privacy expectations? (to Dave Burke)

Samuel Teichman

Q: Political leaders from across the globe take advantage of an unprecedented health situation to claim disproportionate powers. In Poland, Andrzej Duda carried out a coup in order to maintain the presidential elections in May. In Hungary, Viktor Orbán passed an absurd emergency law, giving him full powers for an indefinite period. From Australia to France, nations are availing every surveillance tool at their disposal to to track the novel coronavirus: some are collecting anonymized data, others are tracking every individuals’ movements. Far from me be it to suggest that all these solutions are tarred with the same brush, but all do illustrate a tendency to drift towards authoritarianism, and thereby to accept the unacceptable in times of crisis. This is wrong. We measure the greatness and the strength of our democracies by their capacity to resist these temptations when adversity hits. (to Véronique Trillet-Lenoir)

Alice Stollmeyer

Defend Democracy

Q: Summing up: we lack evidence. Karen, why would we risk fundamental freedoms & rights for this? There are less invasive alternatives. (to Karen Melchior)

Sophie Kwasny

Council of Europe

Q: Models show that if 80% of people wear masks, the infectious R0 is of less than one: significant impact on the reduction of the spread of the virus. Isn't this what actually needs to be promoted (with social distancing) ? (to Lina Nerlander)

Julian Lasinger

Renew Europe

Q: What are the main bottlenecks to get a European app on the ground running soon?

Mathieu Peyrega

None

Q: What is the expected level of "false positive" .unconfined R0 is about 4, and the app may trace tenth (hundreth) of contacts at positive detection. What is test facilities are not scaled ? Could that quickly lead to something almost equivalent to full lockdown ?

Amory louis

EP

Q: What are we going to do with the people identified by contact tracing (manual or not) ? Will they have an obligation to test, isolate ? And how will it be controlled ?

Kevin Allison

Eurasia Group

Q: How are governments integrating contact tracing apps into their broader pandemic responses (manual contact tracing, epidemiological modelling, etc)? Do the PEPP-PT/DP-3T approaches differ in the types of data that can be made available to a centralized health authority? (sorry if this has already been asked, connection problems...)

Nataliia Bielova

Inria

Q: Where can we find more information on the large scale user survey you are conducting? We have many questions and possible ideas for collaboration. (to Nuria Oliver)

Björn

Q: The random ID generated for the Bluetooth proximity exchange will be anonymous, yes. But once the system has to alert/inform an owner due to a possible infection, this anonymity has to be lifted. Who will do that and who will have access to that information?

Frank Grimm

Bielefeld University

Q: Verification and calibration came up a few times in this discussion, do you see a need to perform these on a basis of full populations or is that a nice to have which could achieve similar results on a consensually given subset? (to Lina Nerlander)

Pauline McBride

Queen's University, Belfast

Q: Thanks for excellent talks. Could Nuria explain a little more about how in a decentralised system a user's phone number could be uploaded and made available to a public health authority and what privacy protections might apply in such an arrangement? (to Nuria Oliver)

Q: How do you implement contact tracing if people don’t enable Bluetooth by default?

Rosamund Lewis

WHO

Q: It may be important to highlight that most likely the vast majority of -pings- will yield neg test results at the end of the day, as for manual contact/tracing. This can reassure individuals but indicates another reason public health involvement is critical, and that is to determine which indivduals pinged will need to go into quarantine as a high/risk contact. (to Lina Nerlander)

Peter

Q: Do you think a solution based on consent will meet all the requirements for consent to be valid?

Kenny Paterson

ETH Zurich

Q: What the app does once a user has been notified about potential infection is completely open. Crucially, it does not depend on centralised vs decentralised nature of architecture. For example, users who have been "exposed" could be prompted to contact the health authority for testing. (to Clayton Hamilton)

Teemu Ropponen

MyData Global

Q: 40-70% adoption needed for contact tracing apps to be meaningful - is it possible, how? Do you see that there might be specifc benefits in the app in particlar segments? To catch e.g. "super-infectors", health care workers, etc. (to Clayton Hamilton)

Jean-Luc Sanne

European Commission

Q: Bluetooth emissions have a range of about 10 meters, which inaccurate to identify contact persons when the recommended distance for social distancing is around 1.5-2 meters. Is this problem of noise solved? (to Nuria Oliver)

X

x

Q: In a decentralised system, the notified person could be given a number to call back (to Nuria Oliver)

Tomáš Opat

Q: Is there any way of taking into account how Bluetooth signal can be blocked by where the device is (e.g. in a pocket, purse, mobile phone case etc.)?

Elias Aarnio

Electronic Frontier Finland

Q: What is the minimum required amount from the technical contact tracing framework to do the job? (to Lina Nerlander)

A: Sophie in 't Veld: I don't know the deficiencies of every app proposed in the NL, but so far not even one was sufficient as regards privacy, or precise and trustable...

Pekka Kahri

Helsinki University Hospital

Q: Could digital verifiable credentials in connection with (traditional and app-based) contact tracing offer public health authorities ways to manage outbreak better when society and services are being opened? (to Lina Nerlander)

Albert

N/A

Q: Very good initiative, MEP In't Veld!. Can the refusing/impossibility of downloading the Covid-19 contact tracing app, allow an EU government to limit EU citizen's mobility? thanks (to Karen Melchior)

Elias Aarnio

Electronic Frontier Finland

Q: What whould be the practical case where the use of privacy protecting app would cause the absense of information in manual contact tracing? I cannot think of any. (to Lina Nerlander)

Jean-Luc Sanne

European Commission

Q: One the average, how many contact persons does the app identify per day for one infected person? (to Lina Nerlander)

Frank Grimm

Bielefeld University

Q: Do you yourself have or do you know of any input on the question from the epidemiological perspective as to what exact data health authorities supposedly lack in the decentralized setting? So far there seem to be many allegations of privacy slowing the process down and not many specific calls to action in this regard that could be addressed. (to Clayton Hamilton)

Adrian P

N/A

Q: Hello, What are the battery consumption averages for the Bluetooth centralized vs decentralized approach? Thanks, Adi (to Nuria Oliver)

Elias Aarnio

Electronic Frontier Finland

Q: Are you really saying Netherlands did not find anything working? As far as I know the core of the issue is they did not find anything acceptable _privacywise_. (to Sophie in 't Veld)

Alice Stollmeyer

Defend Democracy

Q: What’s missing in most debates about contact-tracing apps is how EFFECTIVE they actually are — and there could be some rude awakening. Are you aware of the Swedish research simulating the effects of policy measures to curb the corona virus? What they found is that randomly testing people would be more effective and would need less tests than a contact-tracing app. Ms Nerlander, would you agree with EU Parliament's think-tank that BEFORE rolling out any app, the EU needs to do a coordinated assessment of usefulness, effectiveness, security risks, technological readiness and threats to fundamental freedoms and human rights? (to Lina Nerlander)