
Apple Google Contact Tracing API – need for interoperability and standardisation - kncvetko
https://medium.com/@kristijan.cvetkovic/covid-19-tracker-apps-and-apple-google-contact-tracing-api-ed9983ea049a
======
tastroder
Some of this seems to overcomplicate matters. DP-3T for example (in the
centralized setup) suggest in the whitepaper you linked to simply upload data
to the health authority backend of the countries you visit. Having a single
health authority registry sounds impractical.

At the very least, if you want this to gain any traction in the EU, please
amend this specification to include a way to get a single users data back out
by revocation or deletion.

Sidenote: What's with all the GraphQL? Do the data formats being exchanged
here really warrant that?

~~~
kncvetko
Author here:

Uploading diagnosis keys to health authorities backends of each realm you‘ve
visited is unfortunately not a trivial requirement. To prevent fraud and
pranksters health authorities would need define a trusted set of apps, which
requires a complicated process or architecture. But a trusted set of apps in
itself won’t prevent fraud. The critical transaction is the push of keys after
a positive diagnosis which needs to be secured extra and the trust propagated
to other health authorities. Our approach reduces the complexity by focusing
on the securing the push by the proposed signed one time token.

The proposed solution tries to be compatible with the Contact tracing API. In
terms of GDPR the sensitive data set could be the diagnosis keys and to some
extend the geohashes. However both data sets are aggregated and anonymized so
that a contact service backend provider can‘t match it with a specific user.
Hence we don‘t see significant limitations for the proposed solution by GDPR
in the EU.

The proposed solutions assumes that there won’t global standardized apps. Even
the EU struggles to standardize it’s efforts and a frictioned set of tracking
apps might be reality. We think that this will limit the effectiveness of
tracking as soon as travel restrictions are reduced and shall be addressed in
an early stage of development.

We use the SDL capabilities of graphQL to define the required mutations,
queries and types as technical but platform agnostic documentation of the
proposed interfaces.

------
lrhegeba
hope the apple/google PMs take it into consideration, seems like a valid
enhancement to me

