Switzerland launches SwissCovid tracing app for residents

Marcel Salathé, professor of epidemiology at the Swiss Federal Institute of Technology in Lausanne (EPFL), says SwissCovid's personal data will remain on your mobile phone and will not be recorded on a central server. Keystone / Jean-christophe Bott

Swiss residents will be able to download the new SwissCovid smartphone app from June 25. The contact-tracing system aims to prevent the spread of the virus while guaranteeing privacy and control over personal data for users.

Sara Ibrahim

SwissCovid, the Swiss coronavirus contact tracing app, can now be downloaded on the smartphones of over eight million residents, after parliament passed a legal amendment to govern its use and data protection. From June 25, the app will be available from the Apple App and Google Play stores for the public to test it.

This concludes an experimental test phase which, since May 25, has involved 15,000 users in the federal administration, the army, hospitals and the federal technology institutes. They were recruited to test the app’s functionality and safety.

One of the biggest remaining challenges is to convince large numbers of the public to use the app to ensure it works properly, say federal public health officials and researchers at the Zurich and Lausanne federal institutes of technology. They developed the app in collaboration with a team of scientists and experts around Europe, and the federal government’s computing science and telecommunications department and the Swiss company Ubique.

"We want to reassure citizens that this app ensures maximum protection of data and privacy, thanks to the decentralisation of the information and the Bluetooth technology, which blocks geolocation,” Sang-il Kim, head of the digital transformation division at the Federal Office of Public Health (FOPH), told swissinfo.ch. Kim stressed the voluntary and non-discriminatory nature of this approach to coronavirus tracing, as required by Swiss law. He pointed out that the app can only be used in containing the epidemic and confers no particular advantage or disadvantage on anyone who decides to use it.

New strategy on testing and quarantine

With the launch of this app, the Federal Office of Public Health (FOPH) has signalled an important change in strategy on testing and quarantine, as compared to the test phase. The Swiss government recently agreed to foot the bill for medical tests for coronavirus infections to encourage the population to participate in prevention efforts. In addition to the test, the authorities also recommend calling the SwissCovid Infoline to get more advice on the next steps. A compensation for loss of earnings can be claimed for the period of quarantine if this is ordered by a physician or the cantonal health authority. 

End of insertion

Privacy as a crucial issue

SwissCovid works via a decentralised system of data storage, designed to respect users’ private life and prevent any improper use of personal data. All operations potentially affecting privacy, like analysing contacts to find who might have been infected – smartphones will exchange coded, anonymous signals known as 'Ephemeral IDs' every 2.5 or 5 minutes – and notifications will be done directly on the cell phone and not via a central server, as would happen with centralised apps.

This crucial feature ensures that data collected by the app remain on the user’s device for no more than 14 days. Only where infection has been confirmed by a test will information (in anonymous and encrypted form) from the infected user be moved to the federal government’s central server. And the user first has to decide to share his or her information with the app using a code received from the cantonal government. This information will not be tagged with a precise identity and will not say anything about the individual; it will just say that the person is infected.

Data and centralisation: how does it work?

In case of infection, the only information forwarded to the central server, with the user’s consent, will be what are called the Temporary Exposure Keys. This is a data set created randomly every 24 hours which generates unique and one-directional records called 'ephemeral identities', following contacts between smartphones in close proximity. The system ensures the anonymity of tracing data.

The Temporary Exposure Keys won’t contain any personalised information, such as user identifiers, information on movements or contacts. Once they are uploaded to the central server they will just indicate that individual X has become infected, and the date they are thought to have been infected. When smartphones in close proximity contact one another, the user’s device requests the central server to give the Temporary Exposure Keys for the last 14 days, so as to compare them with data collected by the app in the tracing phase and to pinpoint any contact with an infected person. This operation is strictly confined to the user’s device; it is not on the central server. This is why the developers talk about "decentralisation" of data.

End of insertion

The SwissCovid app is the first in Europe to use the application programming interfaces (API) of Google and Apple. These allow devices using Android and iOS to work together and give users direct control of their own data from their own device. The approach uses Bluetooth Low Energy technology and encryption to establish contact between two smartphones that are within at least 1.5 metres of each other for a period of at least 15 minutes, ensuring both privacy and low power consumption.

According to Carmela Troncoso, who heads the security and privacy engineering laboratory at EPFL which is leading the DP-3T project (decentralised tracing to ensure privacy), this system means a significant change in the way mass technologies are designed and developed. “For the first time, a solution was designed for the use by millions of people with a built-in privacy guarantee right from the start. This never happened before – until now,” she told swissinfo.ch.

Troncoso said the pressure for change came from lively public and political debate about safeguarding personal data and from the transparent approach adopted by Google and Apple, which in this case worked together in a very open way.

"We are looking at a cultural transformation in the making. At last we are realising that technology is an indispensable part of our lives and that computer architecture and infrastructure are crucial because they define power relations", Troncoso added.

Digital tracing not immune to criticism

Although the try-out phase verified the solidity of the system in ensuring anonymity and safeguarding of data, there are some critical issues that might frustrate tracing.

The first concerns the risk of creating “false positives” or “false negatives”. Bluetooth technology, which is used to make contact in close proximity, may be affected by various extraneous factors. For one thing, physical obstacles like walls and other people or objects between two smartphones could affect the accuracy of signal pickup. In such cases it is hard to tell if the contact really came from within 1.5 metres away. The use of masks or other protective devices not recognised by the app might falsify results too.

Nontheless, Kim is confident that calibration testing has provided very positive results, although complete accuracy in measuring distance cannot be guaranteed, and the 1.5-metre calculation is in fact an approximation. For Troncoso, it’s not really a problem: "There’s not much real difference between 1.5 metres and 1.75 metres, let’s say. The really decisive factor for infection is the time-length of exposure to the virus".

The second big challenge is getting the Swiss system to work with apps from other countries. “We’ve done all we can to develop a solution that will ensure smooth operation with systems elsewhere. On this point, the APIs of Apple and Google have been of enormous help,” explained Kim. However, system compatibility is not yet conclusively established, due to the lack of an agreement between countries that would specify the same degree of data protection and cyber-security. In an attempt to create a common basis to work on, the European Union recently published  guidelines specifying a basis for compatibility of tracing apps in different European countries.

There is also a risk that at some time in the future Apple and Google might change the whole game in their own corporate interests by altering their standards. “So far, Google and Apple have been nothing but transparent in this situation, and they took the route of standardising and implementing the solution that was least invasive of people’s privacy. But who knows if this gesture of goodwill might turn out to be a double-edged sword that could be wielded to justify new data-gathering standards or future abuse of data gathered, say, for example, so as to get to the stage where they can dominate the market in telemedicine?” wrote Matthew Dennis and Georgy Ishmaev, two researchers on the ethical aspects of emergent technologies and data at the Technical University of Delft.

Zooming in on cyber security

In Switzerland, cybersecurity testing of the SwissCovid app was carried out by the National Cyber Security Centre. In a second phase, there was public testing, where anyone could get into the open source application on the GitHub site and try to hack it, noting any weaknesses found. Both kinds of testing have their results available online and they are constantly being updated.

One of the major problems found was potential degradation of user privacy – depending on the device used, not the app – due to Bluetooth’s displaying of the name of the phone detected in close proximity (say, 'Mikes Iphone'), and a kind of attack on the Bluetooth signal, called 'replay-attack', which might cause chains of “false positives”.

End of insertion
Share this story