An interview with Hans-Christian Boos. He is the Founder and CEO of Ar
How was the PEPP-PT consortium project born? How did the European members of the consortium come into contact?
Hans-Christian Boos: I think many people had the same idea at the same time. Then, it just happened that some people met. In the beginning it was Thomas Wiegand and me who first met and the same day we had this discussion with the Robert Koch Institute, the German CDC. We could see that using digital contact tracing worked very well to get a hold of the disease in China, but we asked ourselves the question “could this be done in a privacy preserving way?.” This is how it got together. The team expanded as more and more scientists and technologists started talking to each other, trying to solve a problem in a way suitable for a Western democracy.
Events have evolved as we know. What’s your opinion of the discussion that’s been going on?
Hans-Christian Boos: For quite a while, we have been discussing what the security architecture or the system should be: if it should be a centralised architecture or if it should be a decentralised one. But the discussion is so focused on security, while the goal is to allow the best management of the pandemic with the best possible privacy. Therefore, if we look at the security architecture – centralised or decentralised – on a technical side this discussion is about 30 years old. And it was never solved, as the two options clearly have advantages and disadvantages. A decentralised system has the big advantage of not needing a trusted entity. In a centralised or similar approach you need someone to trust. The public debate is very harmful, because in the end it’s about trust.Both systems are privacy-preserving. The real questions are: “do you trust the government at all or don’t you trust the government?”. “What system serves better in terms of managing this pandemic?” So far, what I’ve heard from the epidemiologists is that the ability to adjust quickly in a centralized system is better. Plus it can be deployed faster. And this is why I personally believe it’s a choice that a country needs to make.
Two approaches, then, both with pros and cons. Which one to choose?
Hans-Christian Boos: I’m not against the technology that D3PT has developed, it’s a good technology. Until people are not infected by the virus, both systems are pretty much the same. They collect proximity tracing on your telephone. They take an API model like, 2 meters 15 minutes: everybody we’ve met that long will be saved in the contact list on the telephone and now is where they differ. In a decentralized system when you get tested positively, you have to upload the keys that you have shown to the outside world into the cloud. These keys get distributed to everybody who can then look on their own phone. The algorithm can see that you, your phone, has been in contact with this infected person and then the phone can do something for you. The big advantage of this is that the question of “have you been in contact?” even in an anonymized form is never available to anyone else. That’s a pretty good thing. In the centralised system everything is exactly the same. Everything stays completely in your phone until you are marked as being infected. Instead of just uploading your ID, you upload the list of the contacts that you have seen for long enough and close enough. Everything anonymous. On the centralised system now, it goes and notifies all these contacts. The main difference is the trust in the central entity. Therefore, if you don’t trust your government or an independent entity or something to hold this type of data then you can’t use a centralised version. If you trust the government to hold this type of data then there is absolutely no problem with it.
What about Google and Apple? There seems to be a problem with making everything work even without unlocking the phone screen.
Hans-Christian Boos: Everybody relies on Apple and Google in order to get better access to Bluetooth and to background running. Apple and Google are on a decentralised protocol. There are quite a few countries trying to convince them that another protocol should be used. They have built their management of the epidemic around this. But I wonder if we’re debating whether a country should have a choice or not, how can a company make that choice for the entire world? Where’s the legitimate claim to that? It takes sovereignty away from countries but that’s again something I can have a personal opinion on, but it’s something that the countries will have to do. So far the discussion is open. I think the Apple and Google preference is clear: they all want to keep it in their cloud. And you really have to ask yourself where does the legitimisation come from for a company to make that choice for everybody.
The technical problem remains. If the screen does not unlocked, the application does not work. Suppose people still use it with the unlocked screen, other concrete problems emerge. If the phone is stolen, for example – what happens?
Hans-Christian Boos: These are problems every application will face, unless Apple and Google help. If Apple does not help with it, then Apple is trying to impose something on people and I go back again to what I said earlier: I think it needs to be the choice of the country because it’s the country’s response over the health care system. If Apple insists on this, that’s a demonstration on why it’s dangerous to have a monopoly in the mobile ecosystem.
How long do you think that we will need these kind of technologies?
Hans-Christian Boos: Until there’s a vaccine. That’s very clear.. As long as there is a pandemic going on, then you will need a whole set of measures. It’s not just an app. Our question, in the end, should be: “how could we get as many people back to work and back to social life as quickly as possible?”.
Back to work with the application or even a bracelet?
Hans-Christian Boos: I think it is necessary to do this. In terms of getting children and people who don’t want or don’t have smartphones. Actually, they’re much cheaper. We thought that this would come much later but since last week we actually have a group in the PEPP-PT project that is working on a protocol for this. So that could actually come much faster than we thought.