back to article Contact-tracing or contact sport? Defections and accusations emerge among European COVID-chasing app efforts

European efforts to define a contact-tracing protocol aimed at making it easier for authorities to detect cases of COVID-19 appear to be having a rather vivid disagreement. One of the efforts is the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) group, a Germany-based effort to develop a contact-tracing protocol. …

  1. Chris G

    Testing! testing!

    While contact tracing is obviously useful, it seems more is spoken about it than the value of knowing who actually has C19 as soon as possible. I realise developing a simple, fast, effective and economical test is not that easy but catching it earlier and prevent contact sooner would reduce the potential number of contacts significantly.

    But then what government doesn't like to keep tabs on it's population?

    1. Anonymous Coward
      Anonymous Coward

      Re: Testing! testing!

      Are you advocating for generalized testing? Because our Health Minister in France outlined yesterday evening why it's impossible: you can't test everybody without symptom. It's not possible to swab 60 millions of noses, get an instant result, and then test again the next day, until symptoms appear.

      Not even going into how much keeping tab on the population that would require...

      1. Jimmy2Cows Silver badge

        Re: Generalised testing

        What's needed is a relatively cheap and simple home test that gives you a quick yes or no, 99% accurate. Then go to a more dedicated test facility for confirmation (or call health bods and they send someone (well protected) to you).

        Sort of like a home pregnancy test, but probably a blood prick not pissing on a stick.

        Same for antibody tests to see if you've had it already (acknowledging there's currently no evidence that antibodies = future immunity).

        This is the only way to do entire population testing. The logistics of testing everyone at dedicated facilities are far too impractical.

        I believe there has been some progress in this area, but not sure how far along it is, or how accurate the results are.

        1. Anonymous Coward
          Anonymous Coward

          Re: Generalised testing

          Or you could ask the Iranians to share their secret technology:

          But back in the real world: generalized tests can /not/ be personal, because unlike pregnancy, it's actually contagious. What of all those people who will not test themselves, or not share the results, because they don't believe it's that bad, or can't afford to stay home, or whatever? That's really not a way to do an *entire* population testing.

          And it would not be workable anyway: sending tens of thousands more people (those infected but without symptoms) to those dedicated test facilities would ensure long lines of worried people waiting to get inside, and swamp any health system. All the false positive would be certain to become true positive. And then of course, once confirmed, what would you do with them? If it's only to tell them to stay home and avoid contact with others, we're already doing just that.

          As soon as you start thinking of the logistics of handling millions of people, in a foolproof way, it become rather clear that generalized tests just can't work (unless the Iranians got it right, ahah, j/k).

        2. TDog

          Re: Generalised testing

          99% accuracy - with a nominal 70 million tests a day means 700 thousand false results. Assuming 1% of the population is actually infected gives 7000 false negatives. Plus 693,000 false positives. Every day.

          Sorry but the maths don't make this doable. And if you say well test again the next day - that is no problem. Except that we've now got the results of that days testing added into the mix as well.

          3 blue one brown - very simple explanation of Bayes theorem which explains this better than I can:

          1. martinusher Silver badge

            Re: Generalised testing

            A more workable approach is to use sentinel individuals, its like using sentinel animals to warn humans of danger ("canary in the coal mine"). You quite rightly point out that you can't test everyone unless the test is perfect because the number of erroneous results wiill overwhelm the system. You need to figure out how to break up the mass of people into groups, how those groups interact and find sentinels to keep an eye on their health. The likes of Google and Facebook are already doing this as the basis of their advertising model -- they're probably be quite effective at virus tracking at the moment but probably don't want to tip their hand too much for fear of spooking everyone.

            (Paranoid? Moi? Seriously, they can already do a pretty decent job of tracking influenza infections starting with nothing more than purchases of OTC cold and flu medication.)

          2. Potemkine! Silver badge

            Re: Generalised testing

            99% accuracy

            Make twice the test and the false negative ratio falls.

            There's no perfect solution and there won't be. 1% of error is better than no detection at all.

            1. Justthefacts Silver badge

              Re: Generalised testing

              No, it’s really not that simple.

              Firstly, false positives are rarely due to the “the test incorrectly flagging”. It’s because real tests are never specific enough to flag only the correct molecule. A small number of people will have had something that the test reacts to. Re-test them, and you get the same outcome. Ditto false negative: if the particular person for some reason has only a low number of antibodies, which the test isn’t sensitive enough to pick up.Re-test them, and you get the same outcome. Any potential improvement from re-testing is already included because they already do two swabs / blood samples.

              Antibody tests are blood concentrations in real human beings, and the data varies day-to-day, depends on what and when they ate, can be masked by hormone cycles or another infection.

              The PCR swab tests of “have you got it”, are very dependent on whether the tester is skilled enough to get the swab far up enough your nose at the right angle, which is really a lot harder than it sounds, particularly if the patient has dementia or mental health issues. Untrained staff do well to achieve false negatives of 10%, doctors and trained staff achieve about 1-2% false negative.

              Simultaneously 99% specific and sensitive is *aspirational* for best-in-class tests after years of development, not on a hurriedly expanded testing service. That’s not happening anytime soon. 98% specific and sensitive would be considered damn good. At the moment, the best PCR tests *anywhere in the world* are barely meeting 98%, and the antibody ones seem to be stuck at 90% which isn’t really any use to anybody.

              Nevertheless, we somehow need to find a way to make critical policy based on data we know to be flawed.

          3. Trigonoceps occipitalis

            Re: Generalised testing


      2. I am the liquor

        Re: Testing! testing!

        Tracing and testing, they go hand in hand. Tracing tells you who to test. Tracing without testing is of limited value, especially if the tracing is just based on whose phone your phone has been in bluetooth range of. People are not going to be willing to use such an app if it's going to tell them to self-isolate on the basis that they might have been 10 metres away from an infected person, without testing to prove the possibility.

        1. whileI'mhere

          Re: Testing! testing!


    2. Charlie Clark Silver badge

      Re: Testing! testing!

      The whole tracing idea is really a red herring and about wanting to be seeing doing something. We are dealing with a virus that is extremely infectious (though apparently not contagious) with quite a long incubation period where people are infectious without displaying symptoms. This makes testing for the presence of the virus useful for studies only, because by the time you have the results, the damage has been done.

      More importantly, we have to assume that the disease is endemic. This means that, until we have reliable treatment and a vaccine that it will continue to spread and the only thing you can do is control the rate of infection. But, unfortunately, it also means that those particularly susceptible to the disease will, at some point, succumb and probably die.

      Reliable testing for antibodies should help us determine whether sufficient "herd immunity" has been built up in specific areas. The results from Sweden, which continues to have the most relaxed approach to the pandemic, will be key on this. At the moment the presence of antibodies does not guarantee immunity, because we don't know enough about possible reinfection rates, nor whether it will sufficiently suppress the virus so that people who are immune can be considered as no longer infectious. The hope* is that Sweden has naturally passed peak infection.

      This is why both Norway and Denmark have decided to reopen schools and nurseries. Though, it's worth pointing out that people in Scandinavia generally keep their distance from each other anyway and a great many have summer houses they can escape to.

      * Current death rate in Sweden continues to decline.

      1. Anonymous Coward
        Anonymous Coward

        Re: Testing! testing!

        I think you reversed your adjectives :)

        According to Merriam-Webster, it's definitely contagious, it does spread by human contact.

        "Food poisoning, for example, is infectious but not contagious: food can be contaminated with a bacteria (an infectious agent) that makes you sick, but you can't give your food poisoning to someone else by shaking their hand or even giving them a kiss."

        1. Charlie Clark Silver badge

          Re: Testing! testing!

          In the UK "infectious" generally denotes airborne (keep your distance, probably viral) and "contagious" generally denotes physical contact (wash your hands, probably bacterial). But, of course, many people do use them interchangeably. With respect to covid-19 plenty of fresh air and sunshine is as good as we can do, though I look alarmingly around me at the increasing number of people who are busy trying to convert themselves from potential sources of viral infection into definite sources of bacterial infection by wearing cotton masks for sustained periods in public. Of course, they're just responding to what they're coming across in the media…

      2. crayon

        Re: Testing! testing!

        "and a great many have summer houses they can escape to."

        Are they like here where the locals want to drive away the people who want to sit out the lockdown in their summer/2nd homes?

        1. Stoneshop
          Thumb Up

          Re: Testing! testing!

          Not really. If (in .no/.se/.fi) you have two summer homes less than 100m apart it's considered crowded. In .dk might be a little less.

          Although the house on a barren rocky plateau in northern Norway, with no other human-made structures within 10km either way might be considered a little extreme even by local standards. Or the person living there was building and testing the loudspeaker stacks for Disaster Area,and considered it prudent to not cause a serious number of casualties when nudging the amps off zero.

        2. Charlie Clark Silver badge

          Re: Testing! testing!

          Not as far as I know. The Norwegians apparently introduced the restrictions to reduce call outs by the emergency services to people who have accidents (usually when drunk). But it's worth noting that the Scandinavians generally do what the governments recommend, which can't necessarily be said of other countries.

      3. Justthefacts Silver badge

        Re: Testing! testing!

        I pretty much agree with all your points, but “Current death rate in Sweden continues to decline”.

        Your source is interesting, and vastly disagrees with this:

        Worldometers shows Sweden reporting figures that oscillate repeatedly, reporting hardly any deaths on a weekend/Monday, followed by massive spikes. There are a lot of reporting anomalies in every country - e.g. every single country so far has later “found” at least a thousand unreported deaths arriving in a lump or two. It’s “fog of war”, rather then anybody hiding data, just the systems are being stressed.

        1. Charlie Clark Silver badge

          Re: Testing! testing!

          Your source is interesting, and vastly disagrees with this:

          Totals are the same on both. SVT is the national broadcaster. Figures are updated in near real time.

          Infection rate rate of increase is linear, which is probably the most important number, though no guarantee this won't pick up again. Count for the weekend is in and last week they were moaning that other countries weren't counting the dead in retirement homes properly.

          I just wish broadcasters would cover this say 1/10 th as much as they do the horror stories. The antibody tests will drive policy in Scandinavia.

  2. Pascal Monett Silver badge

    And here we go again

    Somebody told Unhygienix that his fish is not fresh again, and now the whole village is in an uproar.

    Such is life in the village of the indomitable.

  3. Nigel Smart
    Thumb Up


    Note ETH, EPFL and KU Leuven also pulled out of the PEPP-PT project over the weekend.

  4. Anonymous Coward
    Anonymous Coward

    Quick prediction.

    Due to all the arguments going on, the contact tracing app will be ready just after the pandemic is over.

    1. Nigel Smart

      Re: Quick prediction.

      DP-3T is almost ready and we are in discussion with some governments already on deployment.

      1. Someone Else Silver badge

        Re: Quick prediction.

        Who's 'we', Kimosabe?

      2. Irongut

        Re: Quick prediction.

        What do you mean "we", Tonto?

  5. Adair

    'One of the efforts is the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) group, a Germany-based effort to develop a contact-tracing protocol. The other is the Decentralized Privacy-Preserving Proximity Tracing protocol, DP-3T, a Switzerland-based effort.'

    Puts me in mind of...

    FRANCIS: Thanks, Reg.

    BRIAN: Are you the Judean People's Front?

    REG: Fuck off!

    BRIAN: What?

    REG: Judean People's Front. We're the People's Front of Judea! Judean People's Front. Cawk.

    FRANCIS: Wankers.

    BRIAN: Can I... join your group?

    REG: No. Piss off.

  6. Anonymous Coward
    Anonymous Coward

    It will only work if the take-up matches the proportion required for Herd Immunity

    i.e. 60% of the population for R0 = 2.5, or 82% if R0 = 5.7.

  7. Anonymous Coward
    Anonymous Coward

    Why aren't the Telcos and manufacturers involved?

    I'll tell you why. Because they already have the ability do do all of this, including knowing when you became infected. With the capabilities built into modern smart phones; Apple, Google, Samsung, LG, et al, and the wireless carriers already have 'contact tracing' covered nine ways from Sunday. If they have to admit that PEPP-PT will be an absolute waste of time and money, people might start to demand more privacy (good luck with that).

    Some of you are going to claim that you 'only have a feature phone' or 'you don't carry it all of the time' but I think you also understand, and according to a quick search, 19% of people carry a feature phone, and 77% a smart phone, that this gives those in charge enough coverage to make much better decisions than they have been making to date. Of course, if they publicly admit what they actually do, every revolution thus far would be considered a pleasant afternoon in polite company.

    1. Adair

      Re: Why aren't the Telcos and manufacturers involved?

      And yet...

      'They' continue to royally fuck-up; and government continues, almost without exception, to exhibit all the hallmarks of cock-up rather than conspiracy.

      They may have the ability to accrue data like gods, but clearly have not the understanding, wisdom, nor even the will, to be able to make effective use of it.

      Not that there is any cause for complacency, quite the opposite in fact, but it helps to maintain a healthy degree of scepticism, and a reasonable grasp of the actualite .

      1. Charlie Clark Silver badge

        Re: Why aren't the Telcos and manufacturers involved?

        Good point, well made. Have one of these!

  8. FatGerman Silver badge

    And they've not even begin to address the most important question - what colour should it be?

    1. Danny 2

      Colourless - the virus is smaller than the wavelength of visible light. That's how children are protecting themselves by displaying colourful rainbows in windows.

    2. Stoneshop

      Stick it up your nose

      Virus detection kit, surveillance app and everything including fire.

  9. Version 1.0 Silver badge

    Surely it would be much simpler to buy just data from Google to find out who's searching for their symptoms?

  10. RichardNeill

    IPXE's CX protocol solves this

    Please take a look at

    This solves the distributed contact tracing problem in a privacy-preserving way.

    The spec/protocol is complete and open-source; it just needs widespread implementation.

    [IPXE is the project that was originally Etherboot]

    From the features list:

    * Zero information leakage: for users who do not choose to disclose any information for contact tracing (e.g. because they are never diagnosed with the disease), the information broadcast by that user is indistinguishable from an ideal random bitstring.

    * Zero collection of location information: the devices running the protocol can choose to do so with no source of location information, and can therefore guarantee that no location history is collected.

    * Zero privilege: there is no third party, central authority, or software provider who has privileged access to any data.

    * Trusted diagnoses: governments and public health services provide trusted and digitally signed medical diagnoses, with the ability for users to distinguish between self-reported symptoms and medical test results.

    * Distributed contact identification: users can identify only their own hazardous contacts, and no central authority has access to the information required to identify contacts.

    * Immediate deployability: the protocol may be implemented as an app on existing Android and iOS devices, with no requirement for changes to the core operating system.

    * Interoperability: the protocol may be implemented by any device and as part of any app, with all apps and all devices able to benefit equally from the same distributed data set.

    * Flexibility: multiple interoperating apps may exist to cover different user niches and preferences, with no restriction on development of new apps and no need for users to be running the same app.

    * International: the protocol allows for multiple healthcare providers in multiple jurisdictions, with support for distributed contact identification even for users travelling across national boundaries.

    * Low bandwidth: the protocol includes measures to reduce the bandwidth requirements to manageable levels even when dealing with billions of users and frequent requests.

    * Disconnected operation: the protocol will operate without a data connection, including in environments such as underground, at sea, or within an aircraft.

    * Low resource: the protocol may be implemented on embedded systems such as an ESP32 microcontroller, enabling it to be deployed even in environments where typical Android or iPhone mobile devices are unaffordable.

    * Ease of implementation: all cryptographic operations and data formats are chosen to be easily implemented using widely available and well-trusted existing libraries.

    1. doublelayer Silver badge

      Re: IPXE's CX protocol solves this

      Sure, it sounds nice. However, I note a few problems. First, there aren't those apps yet, though it is stated they'd be easy to create. Second, there are no providers of dangerous seeds (which would have to be set up by health providers), so it'd be useless even if there were such apps.

      The third problem concerns this quote from their documentation. This is how you find out that you've been in contact with someone:

      "The healthcare provider publishes a notification list of hazardous seed values corresponding to positive diagnoses. Each participating device downloads this list and compares the hazardous contact identifiers against its own record of observed contact identifiers."

      Or, in simpler terms:

      1. Device creates a seed at some time.

      2. Every [short amount of time], it uses that to generate a new identifier. The page doesn't say how long, so I'm going to guess twenty minutes.

      3. That identifier is broadcast for that [short amount of time].

      4. The user tests positive.

      5. Their seed is uploaded to a database which is region or country-wide.

      6. Everyone downloads a list of seeds and uses them to generate the identifiers.

      7. Identifiers match, and alerts can be generated.

      The problem is that generating a bunch of identifiers from random seeds when they change so frequently is intensive from a processing perspective. If a seed is generated a month ago, then to check the identifiers for that seed means my device has to generate 2160 identifiers and check 1008 of them against my list. Also, I need to know when that seed was generated. I have to do this for every person in the country who tests positive. Every day. Probably most of that would get done while I sleep and the phone charges, but it could cause battery drain and slow processing if the phone is trying to do that while I'm using it. The severity of this would depend on the extent of the outbreak and of testing. In Australia, I'd have to generate and check about 82000 identifiers per day. In Germany, it'd be about 7.79 million.

      Is the system gravely flawed? No. It's been thought through with some care from the look of things. But it has some flaws, and they may be severe enough that it doesn't get adopted elsewhere. I'd be happy to add this to the list of possible ways to do this, but it won't solve any of the major problems still facing the concept, including these:

      1. The concept only works with thorough adoption.

      2. The concept only works with thorough testing.

      3. The concept only works with comprehensive support from health authorities.

      4. The concept does not have much time to start to be useful before it ends up being too late and mostly useless.

      5. The concept can promote anxiety if it is too broad.

      6. The concept can promote complacency if testing is insufficient or contacts are not correctly logged.

      7. The concept could be modified to add additional surveillance which would undermine confidence. (Yes, this approach slightly mitigates that concern, but if seeds can be collected by some means including a government-created app implementing the rest of the protocol, it would still allow surveillance).

  11. Anonymous Coward
    Anonymous Coward

    Italy meanwhile choosed its own one..

    ... developed by a company called Bending Spoons which till now just developed some fitness app and quizzes ones. Which got on the news for an attempt to buy Grindr, and having among investors, with a small quote, two daughters and one son of Berlusconi.

    The app doesn't look to implement none of those protocols, and it looks the code isn't published anywhere.

  12. Claverhouse Silver badge

    No Man Knows My Name

    That document says the app collects users’ age, gender, phone number, profession and name. It tracks users with GPS and Bluetooth. And while that information is not uploaded to the government until a positive COVID test, “All personal information collected from you … at the time of registration will be retained for as long as your account remains in existence and for such period thereafter as required under any law for the time being in force.”

    I can understand the abhorrence of tracking by both capitalist enterprise and soviet Stasi government well enough --- having more anti-tracking and advertisement-blocking on my devices than you could shake a stick at ( although mostly because I despise advertising ) --- yet I feel the anti-gummint libertarian freedom-lovers miss a point here.

    Sometimes I have advocated a government universal database of homes of properties for sale and rent --- to make it easy to find somewhere nice --- and have run into the same objection to government collecting information...


    Won't any government already have this information ?

  13. Potemkine! Silver badge

    Good point from the INRIA paper

    "We underline the importance of this debate and encourage to compare technical solutions based on privacy risk assessment rather than on ill-defined catchwords such as ”centralised” vs ”decentralised"

    Something can be decentralized but by horrible in term of privacy. Let's focus on risk assessment rather than on dogmatic approaches.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon