SwissCovid Keeps Your Secrets
A conversation with Carmela Troncoso, who designed Swisscovid together with a team of Swiss and European experts.
A research lab dedicated to privacy by design
Privacy is the main research focus of assistant professor Carmela Troncoso, the brain behind the Swisscovid tracing app. Her team at SPRING, the Security and Privacy Engineering lab at EPFL, seek to embed privacy in systems and technology so that they can be deployed without impacting on societal values. Unsurprisingly, privacy by design was a central concern during her team’s development of the Swisscovid app. Presence Switzerland visited Troncoso to learn more about her approach, and how privacy is built into the app.
“The privacy of the users, the lack of potential to use the servers to abuse the system, is in the design of the technology”, Troncoso told us during our visit. “When you have a secret and you tell it to someone, you trust this person to not reveal it. Privacy by design means that you don’t tell the secret. So you don’t need to trust this person not to reveal it. And this is what the Swisscovid app does: it does not reveal any secrets.”
A solution that guarantees privacy and transparency
So why did someone dedicated to privacy decide to work on a contact tracing app? “At some point, epidemiologists explained that it is very important to cut the chain of contagion,” Troncoso explained. “The extreme option is this lockdown we have been living under – Switzerland has been pretty strict, other places have been stricter. So governments are keen to find other solutions that can help us to avoid this very strict lockdown, but still be able to cut the chains very fast, so that the growth is not exponential.
What is very important, is that when we put a technology out there to solve a problem, it does not introduce another problem.
“And the idea of building an app came up because an app is something that everybody has on their phone. So wouldn’t it be great if we could use this technology that is already out there? Now, what is very important, is that when we put a technology out there to solve a problem, it does not introduce another problem. And here is where my expertise and our expertise – of the people that participated in this project – comes into play: how do we actually exploit all of the benefits of this? We have a phone that has Bluetooth, can do all of these very nice things, without introducing a new problem. And that’s the work that we have done in the three last months: building the minimal impact application".
We made a big effort to create a lot of documentation about how the app works, what the risks are, how the decisions that we took were made.
Troncoso welcomes that legislation was put in place to ensure that the app was deployed with “maximum guarantees” – meaning that the government made sure that there was an adequate legal framework. A new law that included provisions to make sure that nobody could be discriminated against through use of the app was drafted and put through Parliament. This was very important to ensure that the app would be adopted by users.
Another key element was that the app’s code was available to the public early on. Troncoso underlined how important it was to her and her team that as much information as possible was publicly available. “It is not only that this app is open source in the sense that the code is public and people can read and reuse it. We made very sure from the beginning that the process was as transparent as possible. So we made a big effort to create a lot of documentation about how the app works, what the risks are, how the decisions that we took were made. Some of these documents came a bit later than others because there was not much time, but we just tried to make everything transparent so that users could understand the purpose of the app and how it works. So yes, all the code of the app is public and available for reuse.”
Why the team got Apple and Google on board
“In order for this application to be deployable, it was necessary that these two giants decide to participate,” Troncoso explained. “Apple needed to modify its operating system to enable these government applications to listen in the background. Otherwise, you would have to have the application active all the time, which would consume a lot of battery and be very annoying for users. If users don’t like the app, they don’t install the app, and nothing works. On the Google side, and the Apple-Google alliance, we needed them to make sure that when the phones put out this information, the two brands could understand each other.”
If users don’t like the app, they don’t install the app, and nothing works.
The team that built SwissCovid
Putting together a team with the needed expertise was crucial. “This is a very big team, this did not only happen because of us,” Troncoso stresses. “I didn’t only have people here in Lausanne that had expertise like myself.” SPRING’s privacy, systems and software security experts soon joined forces with cryptography and wireless security specialists based at ETH Zurich. The team then continued to expand to include thirty researchers from ten different institutions in eight European countries.
According to Troncoso, one of the reasons for the project’s success was that it quickly assembled a team with the correct expertise to understand and design an app that would actually do the job without having to collect data or endanger users. “That’s what really made this happen: that we had a very cohesive group with the different areas of expertise necessary to build this app – including an extremely good group of epidemiologists that we were able to consult every day to find out if the technology was really up to the task”.