The Inner Circle

 View Only
  • 1.  Coronavirus: An EU approach for efficient contact tracing apps to support gradual lifting of confinement measures

    Posted Apr 17, 2020 02:09:00 AM
    Any comment on this EU Guideline ?
    Are cybersecurity, privacy and transparency requirements complete ?
    Italy is going to test Immuni app from Bending Spoons ...




    ------------------------------
    Alberto Manfredi MSc|MBA|CISSP|CISA|CRISC|GCFA|LA27001|STAR Auditor
    CSA Italy
    ------------------------------


  • 2.  RE: Coronavirus: An EU approach for efficient contact tracing apps to support gradual lifting of confinement measures

    Posted Apr 17, 2020 06:29:00 AM
    Hi Alberto
    First of, I'm neither a lawyer, nor an epidemiologist, nor a political leader, just a European interested in Cloud and security :-)
    Of course, I fully see the potential bad side of enforcing the use of an app, in some tricky political contexts.

    But here are 2 things I'd like to share:
    1. If we don't find a common and coordinated response throughout Europe (or the EU), it will be both a political failure, and will only provide a partial view on the pandemic, as we cannot consider that the virus is stopped by border!
    2. regarding all the strong voices against such an application because of "privacy" issues  and the "government" would be spying on us, let me just remind that our mobile telco have been able to track us from day 1
    The EU toolbox is accompanied by guidance on data protection --> https://ec.europa.eu/commission/presscorner/detail/en/ip_20_669
    It has links to others documents of interest such as https://ec.europa.eu/info/files/guidance-apps-supporting-fight-against-covid-19-pandemic-relation-data-protection_en
    What I read so far is fine with me, but of course implementation and controls will be the next activities to monitor.

    Just my 2 (euro)cents

    ------------------------------
    Olivier Caleff - CSA French Chapter - Chapter Leader - [email protected] - https://CloudSecurityAlliance.fr
    ------------------------------



  • 3.  RE: Coronavirus: An EU approach for efficient contact tracing apps to support gradual lifting of confinement measures

    Posted Apr 17, 2020 08:48:00 AM
    Dear Olivier,
    I completely agree with you. Cooperation is the only way to overcome pandemics and  secure info-sharing protocols/platforms could guarantee better results than single "magic" apps. An Oxford University's study demonstrated that data tracing apps should be installed on at least 80% of smartphone owners (country level) to be effective. Remember it is voluntary based...


    ------------------------------
    Alberto Manfredi MSc|MBA|CISSP|CISA|CRISC|GCFA|LA27001|STAR Auditor
    Chapter Leader | VP & MD
    CSA Italy
    ------------------------------



  • 4.  RE: Coronavirus: An EU approach for efficient contact tracing apps to support gradual lifting of confinement measures

    Posted Apr 17, 2020 09:16:00 AM
    I'll make a summary of the various position papers released by the CNIL - the French Data Protection Agency - on this topic.
    And yes, this will be on a voluntary basis, so figures may greatly diverge among countries, or even regions.
    Regarding implementation, what about the use of the Cloud?
    Comments anyone?

    ------------------------------
    Olivier Caleff - CSA French Chapter - Chapter Leader - [email protected] - https://CloudSecurityAlliance.fr
    ------------------------------



  • 5.  RE: Coronavirus: An EU approach for efficient contact tracing apps to support gradual lifting of confinement measures

    Posted Apr 19, 2020 10:55:00 AM
    Thank you Olivier.
    I've found very interesting the analysis in the following paper
    https://github.com/ROBERT-proximity-tracing/documents/blob/master/Proximity-tracing-discussion-EN.pdf
    A critical decision is the use of a centralized Vs a decentralized monitoring system and, above all, the use of a risk analysis approach (starting from DPIA).
    Italy has chosen "Immuni" app (Bending Spoons) that seems to comply with Pepp-Pt (Pan-European Privacy-Preserving Proximity Tracing)  approach. We're waiting for more info ...






    ------------------------------
    Alberto Manfredi MSc|MBA|CISSP|CISA|CRISC|GCFA|LA27001|STAR Auditor
    Chapter Leader | VP & MD
    CSA Italy
    ------------------------------



  • 6.  RE: Coronavirus: An EU approach for efficient contact tracing apps to support gradual lifting of confinement measures

    Posted Apr 19, 2020 12:58:00 AM
    Has anyone looked at ROBERT ( ROBust and privacy-presERving proximity Tracing protocol )
    Interesting initiative by INRIA (FR), Fraunhofer (DE) and a couple of other research organisations & researchers.
    Excerpt:
    The main goal of proximity tracing mobile applications is to notify people that they have been in close proximity of COVID-19 virus carriers in the last N days even though the carriers who did not have symptoms and were not even tested at the time of interaction. Ensuring the highest data protection and security standards will encourage a quick and broad adoption by citizens.This document proposes a ROBust and privacy-presERving proximity Tracing (ROBERT) scheme that relies on a federated server infrastructure and temporary anonymous identifiers with strong security and privacy guarantees

    Link ⇒ https://github.com/ROBERT-proximity-tracing/documents

    ------------------------------
    Olivier Caleff - CSA French Chapter - Chapter Leader - [email protected] - https://CloudSecurityAlliance.fr
    ------------------------------



  • 7.  RE: Coronavirus: An EU approach for efficient contact tracing apps to support gradual lifting of confinement measures

    Posted Apr 19, 2020 06:45:00 AM
    Another approach is a decentralized one and promoted by Switzerland

    News ⇒ Swiss pull out of European contact tracing App project
    Documents ⇒ Decentralized Privacy-Preserving Proximity Tracing

    HTH

    ------------------------------
    Olivier Caleff - CSA French Chapter - Chapter Leader - [email protected] - https://CloudSecurityAlliance.fr
    ------------------------------