Tracing App Backend Development - Bert Hubert's writings

bert@hubertnet.nl / @bert_hu_bert / LinkedIn

Very quick post. The Dutch government just launched a tender for “digital technologies that can help with Corona”. The tender includes words on privacy sensitive contact tracing, it explicitly refers to PEPP-PT, the Pan-European Privacy-Preserving Proximity Tracing project.

Responses are due on Tuesday the 14th of April, 12:00 (noon). The question/answer form asks if you can do a demo on the 18th of April and have something that could be rolled out on the 28th. This seems ambitious.

UPDATE! We submitted a response, together with Fox-IT, Intermax, Computest, Anoigo, Framcon, Simplon and HackDefense. Now let’s see what happens!

I (with help, see below) intend to submit a proposal for a backend where apps can query for infected keys, and where any app, after authorization from a health care professional, can submit infected keys. This backend will feature advanced things like rollback of bad submissions, health care provider authorization checks, checkpointing, ability to de-register infected keys, incremental updates, DoS-filtering and very high scalability and availability.

Code will be on this GitHub repo, where requirements are currently being written.

Documents:

Vooraankondiging, pre-announcement, in Dutch
Question / Answer form, in Dutch
Uitnodiging, invitation letter, in Dutch
Question / Answer form in English
Invitation in English

The goal is that if I/we focus on a high performance, geo-redundant, secure backend, people that are “good with apps” can focus on the app part. The API will be completely open so multiple apps can make use of this platform. All code will be OPEN SOURCE.

Note: most of the logic happens in the apps. The various protocols (DP-3T or Apple/Google) make sure only the most relevant data is uploaded. This project attempts to be the place where that data gets uploaded. So this project services the privacy preserving protocols.

I am sure others will join in quickly, so this is not just me. Or not for very long at least!

The offer to build this backend is based on the ample experience we have over at PowerDNS for maintaining rock solid services that, over at some customers, perform millions of queries per second on millions of customer profiles, in a distributed platform. I also have experience in working with the Dutch government. Please also read my earlier page on Corona contact tracing apps.

If you want to join in, please know:

All code will be open source
We will enter this tender on a ‘cost+’ basis, so don’t join in for the money!
We will be offering both software and services, so experience with high-availability hosting on hardware you own is very welcome.

Please contact me on bert@hubertnet.nl if you can help!