SwissCovid

Last updated

SwissCovid is a COVID-19 contact tracing app used for digital contact tracing in Switzerland. Use of the app is voluntary and based on a decentralized approach using Bluetooth Low Energy and Decentralized Privacy-Preserving Proximity Tracing (dp3t).

Contents

Development

The app was developed in collaboration with the École polytechnique fédérale de Lausanne and the Swiss Federal Institute of Technology in Zurich as well as other experts. [1]

Non-interoperability with applications in European countries

There is an agreement between EU countries to make applications compatible. [2] However, there is no legal basis for the SwissCovid application to be part of this portal even though technically speaking it is ready, according to Sang-Ill Kim, head of the digital transformation department of the Federal Office of Public Health. [3]

Criticism

Not full open source and dependence on Google and Apple

In June 2020, researchers Serge Vaudenay and Martin Vuagnoux published a critical analysis of the application, noting that it relies heavily on Google and Apple's exposure notification system, which is integrated into their respective Android and iOS operating systems. Since Google and Apple have not released the full source code of this system, this would call into question the truly open source nature of the application. The researchers note that the dp3t collective, which includes the developers of the application, has asked Google and Apple to release their code. [4] Moreover, they criticize the official description of the application and its functionalities, as well as the adequacy of the legal basis for its effective operation. [5]

Cyber attacks

Professor Serge Vaudenay and Martin Vuagnoux identify also various security vulnerabilities in the application. The system would thus allow a third party to trace the movements of a phone using the application by means of Bluetooth sensors scattered along its path, for example in a building. Another possible attack would be to copy identifiers from the phones of people who may be ill (for example, in a hospital), and to reproduce those identifiers in order to receive notification of exposure to COVID-19 and illegitimately benefit from quarantine (thus entitling them to paid leave, a postponed examination, or other benefits). The system would also allow a third party to use a phone using the application by means of Bluetooth sensors scattered along the way. [6]

Paul-Olivier Dehaye of Personaldata.io and professor Joel Reardon of the University of Calgary published in June 2020 several examples of AEM (Associated Encrypted Metadata) replay and manipulation attacks via software development kits (SDKs) found in benign third-party mobile applications downloaded by the general public and having the phone's Bluetooth access permissions [7] and in September 2020 a paper indicating that "Bluetooth-based proximity tracing apps are fundamentally insecure with respect to an attacker leveraging a malevolent app or SDK". [8]

Costs

According to a publication by the federal administration, "the costs of developing the software for the mobile phone application, the GR back-end and the code management system as well as the costs for access management for the cantonal doctors' services are estimated at a one-off amount of 1.65 million francs. [9] However, the Zurich-based company Ubique, responsible for the development of the application, was finally awarded the mandate to develop the application for an amount of 1.8 million francs. [10] Through the Botnar Foundation based in Basel, École polytechnique fédérale de Lausanne received 3.5 million Swiss francs for the development of the application [11]

Related Research Articles

Serge Vaudenay French cryptographer

Serge Vaudenay is a French cryptographer and professor, director of the Communications Systems Section at the École Polytechnique Fédérale de Lausanne

COVID-19 pandemic in Switzerland Ongoing COVID-19 viral pandemic in Switzerland

The COVID-19 pandemic in Switzerland is part of the worldwide pandemic of coronavirus disease 2019 caused by severe acute respiratory syndrome coronavirus 2. The virus was confirmed to have spread to Switzerland on 25 February 2020 when the first case of COVID-19 was confirmed following a COVID-19 pandemic in Italy. A 70-year-old man in the Italian-speaking canton of Ticino which borders Italy, tested positive for SARS-CoV-2. The man had previously visited Milan. Afterwards, multiple cases related to the Italy clusters were discovered in multiple cantons, including Basel-City, Zürich, and Graubünden. Multiple isolated cases not related to the Italy clusters were also subsequently confirmed.

COVID-19 apps Mobile apps designed to aid contact tracing

COVID-19 apps are mobile software applications for digital contact tracing during the COVID-19 pandemic, i.e. the process of identifying persons ("contacts") who may have been in contact with an infected individual.

Aarogya Setu Mobile application for COVID-19 contact tracing in India

Aarogya Setu is an Indian COVID–19 "contact tracing, syndromic mapping and self-assessment" digital service, primarily a mobile app, developed by the National Informatics Centre under the Ministry of Electronics and Information Technology (MeitY). The app reached more than 100 million installs in 40 days. On 26 May, amid growing privacy and security concerns, the source code of the app was made public.

Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT/PEPP) is a full-stack open protocol designed to facilitate digital contact tracing of infected participants. The protocol was developed in the context of the ongoing COVID-19 pandemic. The protocol, like the competing Decentralized Privacy-Preserving Proximity Tracing (DP-3T) protocol, makes use of Bluetooth LE to discover and locally log clients near a user. However, unlike DP-3T, it uses a centralized reporting server to process contact logs and individually notify clients of potential contact with an infected patient. It has been argued that this approaches compromises privacy, but has the benefit of human-in-the-loop checks and health authority verification. While users are not expected to register with their real name, the back-end server processes pseudonymous personal data that would eventually be capable of being reidentified. It has also been put forward that the distinction between centralized/decentralized systems is mostly technical and PEPP-PT is equally able to preserve privacy.

TraceTogether Singapores national contact tracing platform for COVID-19 pandemic

TraceTogether is a digital system the Government of Singapore implemented to facilitate contact tracing efforts in response to the COVID-19 pandemic in Singapore. The main goal is quick identification of persons who may have come into close contact with anyone who has tested positive for COVID-19. The system helps in identifying contacts such as strangers encountered in public one would not otherwise be able to identify or remember. Together with SafeEntry, it allows the identification of specific locations where a spread between close contacts may occur.

The (Google/Apple) Exposure Notification (GAEN) system, originally known as the Privacy-Preserving Contact Tracing Project, is a framework and protocol specification developed by Apple Inc. and Google to facilitate digital contact tracing during the COVID-19 pandemic. When used by health authorities, it augments more traditional contact tracing techniques by automatically logging encounters with other notification system users using their Android or iOS smartphone. Exposure Notification is a decentralized reporting based protocol built on a combination of Bluetooth Low Energy technology and privacy-preserving cryptography. It is used as an opt-in feature within COVID-19 apps developed and published by authorized health authorities. Originally unveiled on April 10, 2020, it was first made available on iOS on May 20, 2020 as part of the iOS 13.5 update and on December 14, 2020 as part of the IOS 12.5 update for older iPhones. On Android, it was added to devices via a Google Play Services update, supporting all versions since Android Marshmallow.

COVIDSafe Contact tracing applications commissioned by the Australian Department of Health

COVIDSafe is a digital contact tracing app announced by the Australian Government on 14 April 2020 to help combat the ongoing COVID-19 pandemic. The app is based on the BlueTrace protocol, originally developed by the Singaporean Government, and was first released on 26 April 2020. The app is intended to augment traditional contact tracing by automatically tracking encounters between users and later allowing a state or territory health authority to warn a user they have come within 1.5 metres with an infected person for 15 minutes or more.

TCN Protocol Proximity contact tracing protocol

The Temporary Contact Numbers Protocol, or TCN Protocol, is an open source, decentralized, anonymous exposure alert protocol developed by Covid Watch in response to the COVID-19 pandemic. The Covid Watch team, started as an independent research collaboration between Stanford University and the University of Waterloo was the first in the world to publish a white paper, develop, and open source fully anonymous Bluetooth exposure alert technology in collaboration with CoEpi after writing a blog post on the topic in early March.

Digital contact tracing Method of contact tracing using mobile devices

Digital contact tracing is a method of contact tracing relying on tracking systems, most often based on mobile devices, to determine contact between an infected patient and a user. It came to public prominence in the form of COVID-19 apps during the COVID-19 pandemic. Since the initial outbreak, many groups have developed nonstandard protocols designed to allow for wide-scale digital contact tracing, most notably BlueTrace and Exposure Notification.

Decentralized Privacy-Preserving Proximity Tracing Proximity contact tracing protocol

Decentralized Privacy-Preserving Proximity Tracing is an open protocol developed in response to the COVID-19 pandemic to facilitate digital contact tracing of infected participants. The protocol, like competing protocol Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT), uses Bluetooth Low Energy to track and log encounters with other users. The protocols differ in their reporting mechanism, with PEPP-PT requiring clients to upload contact logs to a central reporting server, whereas with DP-3T, the central reporting server never has access to contact logs nor is it responsible for processing and informing clients of contact. Because contact logs are never transmitted to third parties, it has major privacy benefits over the PEPP-PT approach; however, this comes at the cost of requiring more computing power on the client side to process infection reports.

NHS COVID-19 UK contact tracing app for COVID-19

NHS COVID-19 is a voluntary contact tracing app for monitoring the spread of the COVID-19 pandemic in England and Wales. It has been available since 24 September 2020 for Android and iOS smartphones, and can be used by anyone aged 16 or over.

On April 16, 2020, Nodle released The Whisper Tracing Protocol white paper and the Coalition App on Android. The protocol is intended to be a privacy first Digital contact tracing tool developed for the 2020 COVID-19 pandemic. The project has been spun off into The Coalition Foundation. The protocol is being used for the Government of Senegal's Daancovid19 mobile contact tracing app initiative. Daancovid19 is the Senegalese digital response against the coronavirus. It was started by a handful of digital professionals and subsequently brought together nearly 500 volunteer experts from the private, public, and civil society. The respective Coalition App has been promoted by the City of Berkeley, California to their residents.

NZ COVID Tracer Mobile software application

NZ COVID Tracer is a mobile software application that enables a person to record places they have visited, in order to facilitate tracing who may have been in contact with a person infected with the COVID-19 virus. The app allows users to scan official QR codes at the premises of businesses and other organisations they visit, to create a digital diary. It was launched by New Zealand's Ministry of Health on 20 May 2020, during the ongoing COVID-19 pandemic. It can be downloaded from the App Store and Google Play.

Covid Watch

Covid Watch was an open source nonprofit founded in February 2020 with the mission of building mobile technology to fight the COVID-19 pandemic while defending digital privacy. The Covid Watch founders became concerned about emerging, mass surveillance-enabling digital contact tracing technology and started the project to help preserve civil liberties during the pandemic.

Carmela Troncoso Spanish telecommunication engineer

Carmela González Troncoso is a Spanish telecommunication engineer and researcher specialized in privacy issues, and a LGBT+ activist. She is currently a tenure track assistant professor at École Polytechnique Fédérale de Lausanne (EPFL) in Switzerland and the head of the SPRING lab. Troncoso gained recognition for her leadership of the European team developing the DP-3T protocol that aims at the creation of an application to facilitate the tracing of COVID-19 infected persons without compromising on the privacy of citizens. Currently she is also member of the Swiss National COVID-19 Science Task Force in the expert group on Digital Epidemiology. In 2020, she was listed among Fortune magazine's 40 Under 40.

Marcel Salathé Swiss digital epidemiologist

Marcel Salathé is a Swiss digital epidemiologist. He is currently associate professor at École Polytechnique Fédérale de Lausanne (EPFL) He is the director of the Lab of Digital Epidemiology, based at EPFL's Geneva Campus. In the first year of the COVID-19 pandemic, Salathé has been the most quoted scientist in the Swiss media.

COVID Alert Canadian contact-tracing app for COVID-19

COVID Alert is the Exposure Notification service app for the country of Canada. It launched in the province of Ontario on July 31, 2020, and became available in nearly all Canadian provinces by October of that year, excluding Alberta, and British Columbia.

COVID Tracker Ireland Contact tracing application released by the Government of Ireland on 7 July 2020

COVID Tracker Ireland is a digital contact tracing app released by the Irish Government and the Health Service Executive on 7 July 2020 to prevent the spread of COVID-19 in Ireland. The app uses ENS and Bluetooth technology to determine whether a user have been a close contact of someone for more than 15 minutes who tested positive for COVID-19. On 8 July, the app reached one million registered users within 36 hours after its launch, representing more than 30% of the population of Ireland and over a quarter of all smartphone users in the country. As of August 2021, over 3,030,000 people have downloaded the app.

X-Mode Social is a US company founded in 2013 and specialized in location data and based in Reston, Virginia. In August 2021, the company was bought to Digital Envoy.

References

  1. "Tackling Covid-19 trace and trace app problems". eeNews Europe. 2020-07-20. Retrieved 2020-08-11.
  2. "Press corner". European Commission - European Commission. Retrieved 2020-08-11.
  3. "L'appli Swiss-Covid à l'étranger". www.Bluewin.ch (in French). Retrieved 2020-08-11.
  4. "SwissCovid under fire: four questions to understand". World Today News. 2020-06-10. Retrieved 2020-08-13.
  5. "Analysis of Swisscovid" (PDF).
  6. Vaudenay, Serge. "The Dark Side of SwissCovid". lasec.epfl.ch. Retrieved 2020-11-10.
  7. Dehaye, Paul-Olivier; Reardon, Joel (2020-06-22). "SwissCovid: a critical analysis of risk assessment by Swiss authorities". arXiv: 2006.10719 [cs.CR].
  8. Dehaye, Paul-Olivier; Reardon, Joel (2020-11-09). "Proximity Tracing in an Ecosystem of Surveillance Capitalism". Proceedings of the 19th Workshop on Privacy in the Electronic Society. Virtual Event USA: ACM: 191–203. arXiv: 2009.06077 . doi: 10.1145/3411497.3420219 . ISBN   978-1-4503-8086-7.
  9. "Botschaft zu einer dringlichen Änderung des Epidemiengesetzes im Zusammenhang mit dem Coronavirus (Proximity-Tracing-System)" (PDF).
  10. "Ubique schnappt sich Millionenauftrag vom Bund für Corona-App". www.netzwoche.ch (in German). Retrieved 2020-08-11.
  11. "Fondation Botnar commits CHF 20 million to global research efforts around COVID-19". Fondation Botnar. 2020-03-27. Retrieved 2020-08-11.