B2B Marketers » Reach Pre-Qualified IT Decision Makers with a Custom Lead Gen Program » Get Details
                          Welcome Guest | Sign In
                          Women in Tech

                          Apple-Google Contact Tracing App Gets First Trial in Switzerland

                          By Richard Adhikari
                          May 29, 2020 11:51 AM PT
                          apple and google's coronavirus contact tracing api is in use in a swisscovid pilot program

                          Decode Your Future with an Online Computer Science Degree from Drexel
                          Drexel University OnlineDrexel University's online computer science programs are designed to prepare you for work on the cutting edge of technology. The curriculum is designed for students with any level of experience or previous knowledge. Choose the program that’s right for you. Learn More.

                          Switzerland this week launched a pilot program for SwissCovid, a contact tracing app based on Apple and Google's jointly developed APIs.

                          The APIs will work with iOS 13.5 and devices running Android 6.0 or higher.

                          The pilot involves several thousand workers at Ecole polytechnique fédérale de Lausanne, ETH Zurich, the Swiss Army, and staff at some hospitals and cantonal administrations.

                          The app will monitor people in real-world situations, notifying participants who have been in contact with someone who was diagnosed COVID-positive.

                          It will run until the Swiss Parliament debates its legal basis in June. The aim is to launch it nationwide in mid-June.

                          However, the app was publicly available in the Google Play Store for several hours on Monday.

                          Access was restricted on Tuesday, according to EFPL spokesperson Emmanuel Barraud.

                          Although the number of unauthorized downloads has not been disclosed, the unintended access should not affect the pilot's effectiveness, Barraud said.

                          How SwissCovid Works

                          SwissCovid uses Bluetooth Low-Energy beacons to exchange and record the ephemeral proximity identifiers of phones in a user's vicinity. The identifiers are kept on the phone unless the user tests positive for COVID-19.

                          The app signals a user who has been in prolonged contact with one or more people who subsequently tested positive for COVID-19. The user must have been in contact with a COVID-positive person for more than 15 minutes or must have been less than two meters away -- about six feet.

                          SwissCovid indicates the day of exposure the risk and tells the user what procedures to follow.

                          Users who test positive are given a single-use code by their doctor, which lets them voluntarily send their phone's ephemeral keys, for the days they are contagious, to a server managed by the Swiss administration.

                          SwissCovid uses the Decentralized Privacy-Preserving Proximity Tracing (DP3T) protocol to minimize the collection and sharing of information.

                          The protocol, from EPFL's Security & Privacy Engineering Laboratory, is the joint work of 25 academics from research institutions across Europe.

                          "Our goal is to offer a solution that can be adopted in Europe and around the world," said Carmela Troncoso, an assistant professor at EFPL and head of its SPRING Lab.

                          The EU plans to adopt common rules for using mobile apps to track the spread of the coronavirus.

                          Security and Privacy

                          Contact tracing has raised a number of concerns about security and privacy.

                          Researchers uncovered seven security flaws in the UK's app. A security flaw in Qatar's Ehteraz mandatory tracing app exposed the personal information of more than 1 million people.

                          In the United States, Democrat and Republican lawmakers have released competing bills targeting privacy in COVID-19 contact tracing apps.

                          Apple and Google have tried to forestall obstacles stemming from privacy and security concerns by requiring public health authorities (PHAs) to sign legal agreements governing use of the Apple-Google API:

                          • Apps built using the APIs can be used only to fight the coronavirus epidemic;
                          • The amount of data collected must be minimized;
                          • The PHAs must get user consent at multiple stages;
                          • Users can turn exposure notifications on and off;
                          • They cannot ask permission to use a smartphone's location services;
                          • They cannot employ user data collected for things like targeted advertising; and
                          • The API will be available for only one app per country or region, depending on the government's approach.

                          All metadata associated with Bluetooth will be encrypted.

                          Centralized vs. Decentralized

                          There is considerable debate in Europe over whether to adopt a centralized or decentralized approach. The UK has taken a centralized approach, while SwissCovid is decentralized, storing personal data it collects only on users' phones.

                          "Governments prefer centralized proximity tracking because they receive the richest amount of information. They have more detailed information on users and citizens to understand deeper trends," noted Ray Wang, principal analyst at Constellation Research.

                          However, the success of that approach relies on trust in the collector, and "privacy advocates are worried about the social graph moving into the hands of governments," Wang told TechNewsWorld. "Privacy advocates prefer the decentralized approach."

                          Decentralized models "tend to be faster. They can be more resilient to a massive breach if the data is also decentralized, and they can better conform to localized regulations and concerns," remarked Rob Enderle, principal analyst at the Enderle Group.

                          However, they are more difficult to secure overall because of their increased complexity, greater contact surface, and numerous weak links, Enderle told TechNewsWorld. Further, analysis "is often slower and less comprehensive."

                          Centralized systems are easier to secure and manage, faster to analyze, and less expensive to deploy, Enderle said. They often are also more robust.

                          On the other hand, centralized systems don't conform as well to local rules such as moving data, Enderle pointed out. They make it easier to capture the entire database if breached, and can be destroyed totally in a catastrophic event.

                          Coming to America

                          There is no clear-cut indication as to which approach would be best in the U.S.

                          "I think the question is which solutions protects the rights of people best," said Mike Jude, research director at IDC.

                          "Obviously, this would be a decentralized application," he told TechNewsWorld. "However, that's a very American point offer -- that freedom is more important than centralized control."

                          Still, both approaches are dangerous because "we're building an infrastructure that can easily be perverted by a police state," Jude said. "Any system like this can and will be used for nefarious purposes."

                          A group of 200 scientists worldwide expressed concern that tracking apps could be misused for surveillance purposes.

                          Despite issues in the U.S., "if the COVID-19 vaccine doesn't pan out," Jude said, "or there's a second wave that's more intense than the first, people might demand contact tracing."

                          Richard Adhikari has been an ECT News Network reporter since 2008. His areas of focus include cybersecurity, mobile technologies, CRM, databases, software development, mainframe and mid-range computing, and application development. He has written and edited for numerous publications, including Information Week and Computerworld. He is the author of two books on client/server technology. Email Richard.

                          Reader Comments
                          Women in Tech
                          Which technology has the strongest positive or negative impact on race relations?
                          Smartphone cameras, by holding people accountable.
                          Twitter, by reporting news as it happens.
                          Facebook, by providing a platform for discussing the issues.
                          YouTube, by exposing viewers to other cultures.
                          Twitter, by fueling antagonisms.
                          Facebook, by spreading fake news.
                          Inside TechNewsWorld


                                                  Go abroad


                                                  Premier League

                                                  Premier League

                                                  search for

                                                  Mobile phone