Privacy concerns

[watmm]

Hi all, not sure where to put this question.
I just wanted to bring this thread to your attention. Maybe this would be a better place to address some of it's questions therein.

corona-warn-app/cwa-documentation#615

[watmm]

Ok, maybe i'll get a better response if i put the questions here.

First, the most important but out of scope question. If you have an opinion or know anything about the subject i would be interested to hear it, otherwise skip ahead to the tech Qs.

Why, given that the results of votes on digital green certificates, and the list of amendments shows us that AM12 was adopted, and given that the purpose of AM12 is to restrict the use of digital green certificates to their intended purpose for use only at member state borders without further individual member state legislation, do we see countries such as Germany pushing ahead with their use for access to private spaces such as bars and restaurants, even outside?

Now, the code...

In the technical specifications it states

6.3.1 Frontend
The verifier app frontend provides functionality to scan and verify DGCs. It scans the base45-
encoded QR code, extracts the COSE signature, and decodes CBOR back to JSON (see also
6.2.1). It then verifies the signature with the keys provided by the verifier app’s backend. The
app uses only open-source libraries; all DGCs scanned or processed are ephemeral and will
not be stored.

Can businesses create their own verifier app or is there just one?
What are the requirements to be a verifier app?
Can these requirements be imposed via the holder's app?
and correct if i'm wrong here, but to my knowledge at the point of verification there is not simply a 👍 / 👎 situation but rather all json fields are visible to the verifier app?

What i'm trying to get at here is, how can the holder really know that these json fields are ephemeral?

[daniel-eder]

@watmm thank you for your questions. I'm afraid I cannot answer the political question, as this is a matter that needs to be decided and clarified with the EC and Member States, and is out of scope for the technical part of the project represented here on GitHub.

@SchulzeStTSI can you address the technical questions?

[watmm]

Nothing?

[FlorianFranzen]

@watmm Yes, all JSON data is accessible to anybody that has access to the QR code. This data contains at least your full name and data of birth and information about what is being certified (e.g. when you were vaccinated). This is strictly necessary to tie a certificate to a person with the help of a government-issued id. This is not different to how many other documents work, e.g. your bank card carrying your name on it, etc.

As things are set up at the moment there are little alternatives to "securely" tie a certificate to a person in a way that it can easily verified across multiple countries. Exposing your name and date of birth has become the requirement to use a lot of services and using this form of certification is no different. With any information you expose in the clear there is never any perfect guarantee that the other side will not retain it, so as in many cases the guarantee here is based on legal merits at best.

(Disclaimer: I am in no way associated with the DGC and all opinion expressed here represents my own.)

[phaesun]

@FlorianFranzen Is it still the case, that all JSON data is accessible? Scanning my own QR code with a 3rd party app, yields a message that the content is encrypted (which in fact it does seem to be).