SwissCovid

Last updated November 12, 2023

SwissCovid is a COVID-19 contact tracing app used for digital contact tracing in Switzerland. Use of the app is voluntary and based on a decentralized approach using Bluetooth Low Energy and Decentralized Privacy-Preserving Proximity Tracing (dp3t).^{[ citation needed ]}

Development

The app was developed in collaboration with the FOPH by Federal Office for Information Technology, Systems and Communications FOITT, École polytechnique fédérale de Lausanne (EPFL) and the Swiss Federal Institute of Technology in Zurich (ETH) as well as other experts.^[1]

Non-interoperability with applications in European countries

There is an agreement between EU countries to make applications compatible.^[2] However, there is no legal basis for the SwissCovid application to be part of this portal even though technically speaking it is ready, according to Sang-Ill Kim, head of the digital transformation department of the Federal Office of Public Health.^[3]

Criticism

Not full open source and dependence on Google and Apple

In June 2020, researchers Serge Vaudenay and Martin Vuagnoux published a critical analysis of the application, noting that it relies heavily on Google and Apple's exposure notification system, which is integrated into their respective Android and iOS operating systems. Since Google and Apple have not released the full source code of this system, this would call into question the truly open source nature of the application. The researchers note that the dp3t collective, which includes the developers of the application, has asked Google and Apple to release their code.^{[ citation needed ]} Moreover, they criticize the official description of the application and its functionalities, as well as the adequacy of the legal basis for its effective operation.^[4]

Cyber attacks

Professor Serge Vaudenay and Martin Vuagnoux identify also various security vulnerabilities in the application. The system would thus allow a third party to trace the movements of a phone using the application by means of Bluetooth sensors scattered along its path, for example in a building. Another possible attack would be to copy identifiers from the phones of people who may be ill (for example, in a hospital), and to reproduce those identifiers in order to receive notification of exposure to COVID-19 and illegitimately benefit from quarantine (thus entitling them to paid leave, a postponed examination, or other benefits). The system would also allow a third party to use a phone using the application by means of Bluetooth sensors scattered along the way.^[5]

Paul-Olivier Dehaye of Personaldata.io and professor Joel Reardon of the University of Calgary published in June 2020 several examples of AEM (Associated Encrypted Metadata) replay and manipulation attacks via software development kits (SDKs) found in benign third-party mobile applications downloaded by the general public and having the phone's Bluetooth access permissions^[6] and in September 2020 a paper indicating that "Bluetooth-based proximity tracing apps are fundamentally insecure with respect to an attacker leveraging a malevolent app or SDK".^[7]

Costs

According to a publication by the federal administration, "the costs of developing the software for the mobile phone application, the GR back-end and the code management system as well as the costs for access management for the cantonal doctors' services are estimated at a one-off amount of 1.65 million francs.^[8] However, the Zurich-based company Ubique, responsible for the development of the application, was finally awarded the mandate to develop the application for an amount of 1.8 million francs.^[9] Through the Botnar Foundation based in Basel, École polytechnique fédérale de Lausanne received 3.5 million Swiss francs for the development of the application^[10]

Related Research Articles

The École polytechnique fédérale de Lausanne is a public research university in Lausanne, Switzerland. Established in 1969, EPFL has placed itself as a public research university specializing in engineering and natural sciences.

Serge Vaudenay is a French cryptographer and professor, director of the Communications Systems Section at the École Polytechnique Fédérale de Lausanne

James R. Larus is an American computer scientist specializing in the fields of programming languages, compilers, and computer architecture. He is currently at École Polytechnique Fédérale de Lausanne (EPFL) where he has served as the Dean of the School of Computer and Communication Sciences (IC) from 2014 until 2021.

The COVID-19 pandemic in Switzerland is part of the worldwide pandemic of coronavirus disease 2019 caused by severe acute respiratory syndrome coronavirus 2. The virus was confirmed to have spread to Switzerland on 25 February 2020 when the first case of COVID-19 was confirmed following a COVID-19 pandemic in Italy. A 70-year-old man in the Italian-speaking canton of Ticino which borders Italy, tested positive for SARS-CoV-2. The man had previously visited Milan. Afterwards, multiple cases related to the Italy clusters were discovered in multiple cantons, including Basel-City, Zürich, and Graubünden. Multiple isolated cases not related to the Italy clusters were also subsequently confirmed.

COVID-19 apps include mobile-software applications for digital contact-tracing - i.e. the process of identifying persons ("contacts") who may have been in contact with an infected individual - deployed during the COVID-19 pandemic.

Aarogya Setu is an Indian COVID-19 "contact tracing, syndromic mapping and self-assessment" digital service, primarily a mobile app, developed by the National Informatics Centre under the Ministry of Electronics and Information Technology (MeitY). The app reached more than 100 million installs in 40 days. On 26 May, amid growing privacy and security concerns, the source code of the app was made public.

Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT/PEPP) is a full-stack open protocol designed to facilitate digital contact tracing of infected participants. The protocol was developed in the context of the ongoing COVID-19 pandemic. The protocol, like the competing Decentralized Privacy-Preserving Proximity Tracing (DP-3T) protocol, makes use of Bluetooth LE to discover and locally log clients near a user. However, unlike DP-3T, it uses a centralized reporting server to process contact logs and individually notify clients of potential contact with an infected patient. It has been argued that this approaches compromises privacy, but has the benefit of human-in-the-loop checks and health authority verification. While users are not expected to register with their real name, the back-end server processes pseudonymous personal data that would eventually be capable of being reidentified. It has also been put forward that the distinction between centralized/decentralized systems is mostly technical and PEPP-PT is equally able to preserve privacy.

BlueTrace is an open-source application protocol that facilitates digital contact tracing of users to stem the spread of the COVID-19 pandemic. Initially developed by the Singaporean Government, BlueTrace powers the contact tracing for the TraceTogether app. Australia and the United Arab Emirates have already adopted the protocol in their gov apps, and other countries were considering BlueTrace for adoption. A principle of the protocol is the preservation of privacy and health authority co-operation.

TraceTogether is a digital system implemented by the Government of Singapore to facilitate contact tracing efforts in response to the COVID-19 pandemic in Singapore. The main goal is quick identification of persons who may have come into close contact with anyone who has tested positive for COVID-19. The system helps in identifying contacts such as strangers encountered in public one would not otherwise be able to identify or remember. Together with SafeEntry, it allows the identification of specific locations where a spread between close contacts may occur.

The (Google/Apple) Exposure Notification (GAEN) system, originally known as the Privacy-Preserving Contact Tracing Project, is a framework and protocol specification developed by Apple Inc. and Google to facilitate digital contact tracing during the COVID-19 pandemic. When used by health authorities, it augments more traditional contact tracing techniques by automatically logging close approaches among notification system users using Android or iOS smartphones. Exposure Notification is a decentralized reporting protocol built on a combination of Bluetooth Low Energy technology and privacy-preserving cryptography. It is an opt-in feature within COVID-19 apps developed and published by authorized health authorities. Unveiled on April 10, 2020, it was made available on iOS on May 20, 2020 as part of the iOS 13.5 update and on December 14, 2020 as part of the iOS 12.5 update for older iPhones. On Android, it was added to devices via a Google Play Services update, supporting all versions since Android Marshmallow.

The Temporary Contact Numbers Protocol, or TCN Protocol, is an open source, decentralized, anonymous exposure alert protocol developed by Covid Watch in response to the COVID-19 pandemic. The Covid Watch team, started as an independent research collaboration between Stanford University and the University of Waterloo was the first in the world to publish a white paper, develop, and open source fully anonymous Bluetooth exposure alert technology in collaboration with CoEpi after writing a blog post on the topic in early March.

Digital contact tracing is a method of contact tracing relying on tracking systems, most often based on mobile devices, to determine contact between an infected patient and a user. It came to public prominence in the form of COVID-19 apps during the COVID-19 pandemic. Since the initial outbreak, many groups have developed nonstandard protocols designed to allow for wide-scale digital contact tracing, most notably BlueTrace and Exposure Notification.

Decentralized Privacy-Preserving Proximity Tracing is an open protocol developed in response to the COVID-19 pandemic to facilitate digital contact tracing of infected participants. The protocol, like competing protocol Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT), uses Bluetooth Low Energy to track and log encounters with other users. The protocols differ in their reporting mechanism, with PEPP-PT requiring clients to upload contact logs to a central reporting server, whereas with DP-3T, the central reporting server never has access to contact logs nor is it responsible for processing and informing clients of contact. Because contact logs are never transmitted to third parties, it has major privacy benefits over the PEPP-PT approach; however, this comes at the cost of requiring more computing power on the client side to process infection reports.

<span class="mw-page-title-main">NZ COVID Tracer</span> Mobile software application

NZ COVID Tracer is a mobile software application that enables a person to record places they have visited, in order to facilitate tracing who may have been in contact with a person infected with the COVID-19 virus. The app allows users to scan official QR codes at the premises of businesses and other organisations they visit, to create a digital diary. It was launched by New Zealand's Ministry of Health on 20 May 2020, during the ongoing COVID-19 pandemic. It can be downloaded from the App Store and Google Play.

Carmela González Troncoso is a Spanish telecommunication engineer and researcher specialized in privacy issues, and an LGBT+ activist. She is currently a tenure track assistant professor at École Polytechnique Fédérale de Lausanne (EPFL) in Switzerland and the head of the SPRING lab. Troncoso gained recognition for her leadership of the European team developing the DP-3T protocol that aims at the creation of an application to facilitate the tracing of COVID-19 infected persons without compromising on the privacy of citizens. Currently she is also member of the Swiss National COVID-19 Science Task Force in the expert group on Digital Epidemiology. In 2020, she was listed among Fortune magazine's 40 Under 40.

Marcel Salathé is a Swiss digital epidemiologist. He is currently an associate professor at École Polytechnique Fédérale de Lausanne (EPFL) He is the director of the Lab of Digital Epidemiology, based at EPFL's Geneva Campus. In the first year of the COVID-19 pandemic, Salathé was the most quoted scientist in the Swiss media.

COVID Alert was the Exposure Notification service app for the country of Canada. It launched in the province of Ontario on July 31, 2020, and became available in nearly all Canadian provinces by October of that year, excluding Alberta, and British Columbia.

Mathias Payer is a Liechtensteinian computer scientist. His research is invested in software and system security. He is Associate Professor at the École Polytechnique Fédérale de Lausanne (EPFL) and head of the HexHive research group.

Founded in 2013, X-Mode Social is a US company based in Reston, Virginia.

Maria Colombo is an Italian mathematician specializing in mathematical analysis. She is a professor at the EPFL in Switzerland, where she holds the chair for mathematical analysis, calculus of variations and partial differential equations.

References

↑ "Tackling Covid-19 trace and trace app problems". eeNews Europe. 2020-07-20. Retrieved 2020-08-11.
↑ "Press corner". European Commission - European Commission. Retrieved 2020-08-11.
↑ "L'appli Swiss-Covid à l'étranger". www.Bluewin.ch (in French). Retrieved 2020-08-11.
↑ "Analysis of Swisscovid" (PDF).
↑ Vaudenay, Serge. "The Dark Side of SwissCovid". lasec.epfl.ch. Retrieved 2020-11-10.
↑ Dehaye, Paul-Olivier; Reardon, Joel (2020-06-22). "SwissCovid: a critical analysis of risk assessment by Swiss authorities". arXiv: 2006.10719 [cs.CR].
↑ Dehaye, Paul-Olivier; Reardon, Joel (2020-11-09). "Proximity Tracing in an Ecosystem of Surveillance Capitalism". Proceedings of the 19th Workshop on Privacy in the Electronic Society. Virtual Event USA: ACM. pp. 191–203. arXiv: 2009.06077 . doi: 10.1145/3411497.3420219 . ISBN 978-1-4503-8086-7.
↑ "Botschaft zu einer dringlichen Änderung des Epidemiengesetzes im Zusammenhang mit dem Coronavirus (Proximity-Tracing-System)" (PDF).
↑ "Ubique schnappt sich Millionenauftrag vom Bund für Corona-App". www.netzwoche.ch (in German). 15 May 2020. Retrieved 2020-08-11.
↑ "Fondation Botnar commits CHF 20 million to global research efforts around COVID-19". Fondation Botnar. 2020-03-27. Retrieved 2020-08-11.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Tackling Covid-19 trace and trace app problems". eeNews Europe. 2020-07-20. Retrieved 2020-08-11.

[2] "Press corner". European Commission - European Commission. Retrieved 2020-08-11.

[3] "L'appli Swiss-Covid à l'étranger". www.Bluewin.ch (in French). Retrieved 2020-08-11.

[4] "Analysis of Swisscovid" (PDF).

[5] Vaudenay, Serge. "The Dark Side of SwissCovid". lasec.epfl.ch. Retrieved 2020-11-10.

[6] Dehaye, Paul-Olivier; Reardon, Joel (2020-06-22). "SwissCovid: a critical analysis of risk assessment by Swiss authorities". arXiv: 2006.10719 [cs.CR].

[7] Dehaye, Paul-Olivier; Reardon, Joel (2020-11-09). "Proximity Tracing in an Ecosystem of Surveillance Capitalism". Proceedings of the 19th Workshop on Privacy in the Electronic Society. Virtual Event USA: ACM. pp. 191–203. arXiv: 2009.06077 . doi: 10.1145/3411497.3420219 . ISBN 978-1-4503-8086-7.

[8] "Botschaft zu einer dringlichen Änderung des Epidemiengesetzes im Zusammenhang mit dem Coronavirus (Proximity-Tracing-System)" (PDF).

[9] "Ubique schnappt sich Millionenauftrag vom Bund für Corona-App". www.netzwoche.ch (in German). 15 May 2020. Retrieved 2020-08-11.

[10] "Fondation Botnar commits CHF 20 million to global research efforts around COVID-19". Fondation Botnar. 2020-03-27. Retrieved 2020-08-11.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]