Homo Digitalis participates in EU project to promote next generation private and secure electronic payments
A new electronic payment system that is socially, ecologically and fiscally responsible, to make payments easy for all of us. This is the aim of the Next Generation Internet pilot project called NGI TALER.
The NGI TALER consortium is coordinated by the Coding Theory and Cryptology Group at the Eindhoven University of Technology and has ten other partners from eight European countries (Belgium, France, Germany, Greece, Hungary, Luxembourg, the Netherlands, France, Germany, Greece, Luxembourg, Switzerland and the Netherlands). The consortium varies in the types of institutions, including research (Eindhoven University of Technology) and applied universities (Berner Fachhochschule BFH), small for-profit companies (Code Blau GmbH, Taler Systems S.A., VisualVest), one-structure (petites singularités), cooperative banks (GLS Bank, MagNet Bank), one foundation (Stichting NLnet) and civil society organisations (E-Seniors Association, Homo Digitalis).
The GNU Taler payment solution differs from current online payment methods, such as credit cards or bank transfers, as it offers privacy for the buyer: neither merchants (payees) nor banks can track or link payments to the consumer. This makes the system similar to cash for the consumer, bringing this level of privacy to electronic payments.
It is also a risk-free payment option for the merchant, as there is no equivalent to counterfeit or stolen credit cards, as payments are cleared and confirmed immediately like cash. No new currency is involved, there is no energy-intensive proof-of-work or proof-of-stake method, and payment approval is processed even faster than with credit cards. The European NGI TALER program enforces transparency on the part of the payee , allowing governments to hold businesses accountable for their income and tax obligations.
NGI TALER is funded as a pilot project under the Next Generation Internet (NGI) initiative under the European Commission’s Horizon Europe research funding programme and will run until 2026. This project is based on the free GNU Taler software, which has been developed by the GNU community and Taler Systems S.A., and which has been widely endorsed by economic experts, including experts from several central banks – including the Swiss National Bank (SNB).
The aim of the project is to make the GNU Taler available as a payment system through two European banks – GLS Bank (Germany) and MagNet Bank (Hungary). The ambition of NGI TALER is to reach the European market during the project period and to have the payment mechanism accepted and widely adopted by the end of the project.
Under the hood, GNU Taler uses state-of-the-art cryptography to achieve these features. The initial investment in the required infrastructure is low and the payment mechanism operates more efficiently than existing payment solutions, with lower transaction costs – a benefit that will be shared by consumers, merchants and banks. This makes it a viable candidate for micropayments, creating an interesting and privacy-friendly alternative to subscription or advertising-based revenues for newspapers and other publishers.
For more information visit the project website here.
Celebrating our birthday with EDRi
On Tuesday 12 December at 17:30, at the Benaki Museum's Central Amphitheatre (138 Pireos St.) Homo Digitalis celebrates 5 years full of successes, actions, alliances, difficulties, dedication and perseverance for the protection of Human Rights in the modern digital age! Together with us, European Digital Rights (EDRi), the largest network of digital rights organisations in the world, celebrates its 20th anniversary!!!
There, we will be honoured with speeches and presentations by:
-Dr. Wojciech Wiewiorowski, European Data Protection Supervisor (EDPS),
-Dr. George Roussopoulos, Computer Engineer, Specialist of the Data Protection Authority (DPA),
-Alexandra Toth, Programme Manager, European AI & Society Fund,
-Dr. Alexandra Giannopoulou, digiRISE Programme Manager, Digital Freedom Fund and Researcher at the University of Amsterdam,
-Diego Naranjo, Head of Policy, European Digital Rights
(EDRi),
-Max Schrems, Honorary President of noyb.eu,
-Ioannis Kouvakas, Senior Legal Counsel & Assistant General Counsel, Privacy International,
-Dr. Ilia Siatitsa, Lawyer & Director of the State Accountability Program, Privacy International and
-Gus Hosein, Executive Director, Privacy International.
Admission is free and no registration is now required.
You can view the full schedule of the event here.
We invite you to the celebration of 5 Years of Homo Digitalis & 20 Years of EDRi
We invite you to celebrate our birthday together!
Come and experience what Homo Digitalis has achieved in 5 years – and European Digital Rights (EDRi) in 20 years – of action for the protection of Human Rights in the modern digital age.
The event is free of charge and will be followed by networking drinks
Registration required by 1/12 here.
We will celebrate together with key speakers who will honour us :
-Dr. Wojciech Wiewiorowski, EDPS – European Data Protection Supervisor
-Dr. George Rousopoulos, Computer Engineer, Specialist Scientist, DPO
-Alexandra Toth, Programme Manager, European AI & Society Fund & Society Fund,
-Dr. Alexandra Giannopoulou, digiRISE Project Manager of the Digital Freedom Fund and Researcher at the University of Amsterdam
-Eliza Triantafyllou, Journalist, inside story.,
-Diego Naranjo, Head of Policy, European Digital Rights (EDRi)
-Max Schrems, Honorary President noyb.eu
-Ioannis Kouvakas, Senior Legal Counsel & Assistant General Counsel, Privacy International
*The exact programme of the event will be published in the coming days.
We have prepared an easy-to-read infographic on developments at the AI Act trilateral conferences
How are the tripartite conferences progressing in the context of the adoption of the proposed EU AI legislation?
Together with European Digital Rights and other key civil society organisations we have been working closely with over the last few years on this legislative dossier, we have prepared a graphic to highlight where we are with meeting our demands for the protection of Human Rights.
We have achieved significant improvements, but unfortunately there are still many provisions that do not meet our requests. You can read more on the relevant here.
Homo Digitalis has made its first recruitment! We welcome Lamprini Gyftokosta, our Director of Human Rights & AI Issues
This is an impressive milestone moment for Homo Digitalis!!!!
We are excited to announce that we have hired our first full-time, paid staff member, our new Director of Human Rights & AI, Lamprini Gyftokosta!!!
We are extremely fortunate to have Lambrini on board!!! Her extensive experience in complex legal & technological issues, as well as her deep knowledge of the relevant challenges arising from the use of new technologies in Human Rights will help us to continue our successful course and improve our strategic actions!
Welcome Lamprini!!!
We are extremely grateful to the European AI & Society Fund for believing in us and giving us the opportunity to professionalize our organization! Of course, we can’t thank EDRi enough for all the partnerships, visibility and support over the last 5 years that helped Homo Digitalis believe in its potential and achieve significant victories!!!
Reference to the actions of Homo Digitalis in the Annual Study of Fundamental Rights Agency (FRA)
On 11 June, the European Union Agency for Fundamental Rights (FRA) published its annual Study on Fundamental Rights.
The study is an excellent analysis of the situation of Fundamental Rights in the EU Member States, as well as the challenges that arise regarding their protection.
Chapter 6 of the Study focuses on the Information Society, Respect for Privacy and Personal Data and reports on the actions of Homo Digitalis.
It is a great honor for our organization to have our name mentioned next to recognized prestigious organizations such as Noyb, Access Now, EDRi, Privacy International, Bits of Freedom!
You can read the FRA Study for free here.
As a reminder, actions of Homo Digitalis were included in the recent study of FRA “Coronavirus pandemic in the EU – Fundamental Rights Implications – Bulletin 2”.
Reference to the activities of Homo Digitalis in a study by the Council of Europe
On 12th October, the Council of Europe published its study on the use of new technologies by its Member States in order to tackle the various challenges that came up during the pandemic.
On page 11 of the study, the Council of Europe is referring to the activities of our organisation as regards the use of drones by the Greek Police.
It is a great honor and joy for our organisation, the fact that our activities have drawn the attention of international organisations such as the Council of Europe.
You may read the study here.
We would like to remind you that direct reference to the activities of our organisation have been made in the past from different well-known organisations in the field of human rights, such as the two studies of the Fundamental Rights Agency (FRA).
The actions of Homo Digitalis in “Kathimerini” Newspaper
It is a great pleasure for our organization that our actions are mentioned in a recent article published in the newspaper “Kathimerini”. Journalist Ioannis Papadopoulos with his article “Border controls with advanced digital systems” focuses on European research programs in the field of border management in Greece and refers to our requests for access to information that we had sent to the Research Executive Agency (REA) of the European Commission regarding seven (7) research programs concerning the use of new technologies in the fields of migration and policing in Greece and the relevant answers we received.
We warmly thank Ioannis Papadopoulos for his interest in the actions of Homo Digitalis.
(Links are available only in Greek)
Deploying DP3T in the real world - how ready are we?
Undoubtably, there has been a big debate in the last couple of months around the topic of contact tracing apps. This debate focuses mainly on the choice of either centralized or decentralized architecture, in order to minimize the processing of personal data and make sure that privacy of participants is protected.
The teams still remaining in the PEPP-PT consortium are perhaps the main representatives of the centralized approach, having published the specifications of ROBERT on April 18, and of NTK the day after. On the other side, the teams in the DP3T consortium criticize centralized systems, pointing out that they can be turned into mass surveillance instruments of governments, and they emphasize on the development of the decentralized model DP3T. However, there have been several studies criticizing the privacy protection offered by decentralized models as well. In the decentralized approaches we should also include the protocol from Apple and Google, which will be soon in the OS of our mobile phones.
Understandably, all these discussions have created a lot of confusion to non-experts. In an effort to clarify some of the issues, we contacted Dr. Apostolos Pyrgelis*, Post-Doctoral researcher in EPFL and member of the DP3T team. In this article we publish his answers on our questions around the DP3T protocol, focusing mainly on how close we are to real-life deployment and the Greek reality. We would like to thank Dr. Apostolos Pyrgelis for his availability.
Also, we would like to thank our member Dr. Ioannis Krontiris** for reaching out to Dr. Apostolos Pyrgelis and the DP3T team and for facilitating this interview. We will soon publish this interview translated in Greek, as well.
1) What is the relation between Google/Apple platform (GACT API) and DP-3T? Is the plan to deploy DP-3T on top of the GACT platform or does it have its own independent access to the OS (e.g. Bluetooth hardware, storage of keys, etc.)?
The DP-3T project is formed by a group of international researchers whose interest is to ensure that proximity tracing technologies will not violate human rights key to our democratic society. It started independently of Google and Apple and remains independent of them. The DP-3T project is constantly making new proposals and is publishing positions to inform the discussion around proximity tracing. These positions may be different from these companies’ strategies or points of view.
The Google/Apple joint system design (i.e., the GACT API) aims at enabling interoperability for decentralized proximity tracing applications across iOS and Android mobile devices. This is particularly important for the success of contact tracing apps. To this end, the plan is to deploy the DP-3T protocol on top of the GACT platform and the DP-3T project has access to a code base for iOS and Android that is functional prior to the corresponding OS upgrades. Currently, DP-3T project members are working in close collaboration with Google/Apple engineers to provide open-source support for their API, since we expect that the majority of national applications will be built on top of it.
2) Broadcasting continuously Bluetooth beacons can be used to track people around, since one could try to link these messages together and create traces. What countermeasures do you take against this?
In the DP-3T system, the users’ mobile devices broadcast to their vicinity (random looking) ephemeral identifiers via Bluetooth Low Energy (BLE). To prevent user tracking via these broadcasts, the ephemeral identifiers are changing regularly (e.g., every 15 min). We here note that this is a shared feature among DP-3T and the GACT platform.
3) What is your experience and lessons learnt from testing the app with real users? How many manual tracers did you use for these tests?
We here clarify that we did not perform any testing of the application with real users or contact tracers. We only performed field experiments in known scenarios for which we could collect ground truth that would enable us to evaluate the accuracy of using BLE beacons for distance estimation among individuals, in various settings. A brief overview of these experiments can be found on the following video. We are currently processing the results of the field experiments aiming to identify the appropriate configurations and parameters for reliable distance estimation using BLE.
4) What would cause a false positive or a false negative in the DP-3T system? Consider for example thousands of people stuck in traffic in a busy city like Athens. That means I am in my car stopped for several minutes next to someone in their own car who’s infected. What existing measures are being considered to mitigate this class of problems?
First, we remind that traditional, person-based contact tracing has a lot of false positives since the majority of users that are exposed to infected others, do not present symptoms and do not get themselves infected. Similarly, it also has false negatives since infected users are unable to recall all the people that they met with in the recent past or identify strangers that they encountered in a bus, a shop, etc.
It is important to distinguish the above false positives/negatives from those that are related to contact discovery, i.e., the fact that two users were exposed to each other in close distance and for a specific amount of time (as defined by the public health authorities), when it comes to digital contact tracing. In the DP-3T system, the contact discovery process is realized via transmissions over Bluetooth, whose wireless broadcast nature is inherently affected by factors such as physical objects, radio interference, weather conditions, etc. This might lead to contact discovery false positives, e.g., if a contact is registered even though there is clear physical separation, such as a wall, between the users, and false negatives, e.g., if an actual contact is missed due to radio interference. The DP-3T team is currently performing extensive measurements to better understand the performance of Bluetooth communications for distance estimation in various settings and parameterize the application in a very conservative manner such that false positives/negatives are limited. We have not explicitly tested the traffic jam scenario, but to account for such situations the app will allow the users themselves to temporarily disable the contact discovery process.
5) Which factors are affected while deployment of DP-3T is scaled up? Would the protocol scale to the magnitude of millions of users?
The DP-3T protocol is designed in such a way that it easily scales to countries with millions of users without compromising their privacy. User devices need to download from the backend server minimal information per day (a few MBs) — which makes DP-3T also scalable to countries with poor broadband — and require very little time (a few secs) to generate their ephemeral keys and compute the infection risk of their owner.
6) Have you been approached by the Greek authorities regarding deployment of DP-3T in Greece? Do you have any indication in which direction Greece wants to take with respect to contact tracing apps?
We have not been approached by the Greek authorities regarding deployment of DP-3T in their country. As such, we do not have any information about the Greek plans with respect to contact tracing applications.
7) Assuming that Greece opts in for a decentralised solution in the future (DP-3T or other), what information would Greece have to share with other countries regarding visitors and tourists in order to achieve interoperability between decentralised solutions across countries? Would that reveal travel plans of people back to their homelands?
Interoperability of contact tracing systems across countries is a very important factor for their success — especially, in cases of free movement, such as the EU, where people travel daily to other countries for business, leisure, etc. The DP-3T project envisions interoperability between decentralized solutions across countries and is currently collaborating with designers and engineers from various countries to address its technical challenges. In one of the proposed interoperability solutions, users would have to configure their application to receive notifications from the countries that they travel into. Moreover, the homeland backend servers of the infected users would have to forward the relevant data to the backends of other countries that these users have visited. While this would reveal information about users’ travel patterns to their homelands, we believe that this is acceptable for the international success of contact tracing.
8) A major issue for contact tracing apps is persuading people to actually use them. Do you have any indication what is the minimum necessary penetration of the app to the population in order for the app to be effective? Is a high degree of case identification within a population required and does this translate to widespread testing?
Indeed, the success of contact tracing apps depends on users’ adoption and this is why we believe that it is of paramount importance to ensure them that their privacy is protected. While such a large scale deployment has never been performed before it is not clear what is the minimum necessary penetration of the app to the population for it to be successful. However, epidemiologists believe that any percentage of app usage will contribute to the pandemic mitigation efforts. To this end, the DP-3T project is hopeful that the app will have impact for “proximity communities”, e.g., commuters, co-workers, students, that have a suitable density of deployment. Finally, we remark that contact tracing apps should be complementary (and absolutely not a replacement) to traditional interview-based contact tracing and should be combined with public health infection testing policies. What really matters, at the end of the day, is to bring and maintain the virus transmission rate below 1.
* Dr. Apostolos Pyrgelis is a Post-Doctoral researcher at the Laboratory for Data Security of École Polytechnique Fédérale de Lausanne. His research interests include privacy-enhancing technologies and applied cryptography, and enjoys studying problems at the intersection of big data analytics and security or privacy. He received his PhD from University College London and his BSc and MSc from the University of Patras in Greece.
**Dr. Ioannis Krontiris holds a Ph.D. Degree in Computer Science from University of Mannheim in Germany, and a M.Sc. Degree in Information Technology from Carnegie Mellon University in USA, while he is also a graduate from the School of Electrical and Computer Engineering of the Technical University of Crete. He is currently working as a Privacy Engineer at the European Research Center of Huawei in Munich, Germany.