Beyond acknowledging the importance of using new technologies to fight Covid-19, such an app also raises critical questions and concerns: Would it tempt states to increase their surveillance of citizens’ behaviour? How will data protection and privacy be ensured? What would a widespread use of the app mean for our society?
The blog is part of a blog series, which looks at issues that are tackled by the Swiss Digital Initiative (SDI). An initiative, which has been launched in September 2019 by digitalswitzerland and under the patronage of Federal Councilor Ueli Maurer. It aims to promote the responsible use of new technologies through concrete projects. In the last weeks, the need to incorporate ethical principles and values into technologies has become more apparent than ever.
A recent survey by Deloitte revealed that almost two thirds of the Swiss population are in favour of digital contact tracing.
Intermediary results of an ongoing survey conducted by the innovation ethics lab ethix show that participants are willing to use a decentralized model – as promoted in Switzerland – and consider the balance between protection of privacy and contribution of the app to crisis resolution to be acceptable. For those resistant to this, the impact on privacy is disproportional.
In Switzerland, ETH and EPFL are working on an app, based on the DP3T (Decentralized Privacy-Preserving Proximity Tracing) concept, that will use the new Google and Apple contact tracing APIs when they become available. The app is designed to alert users who have been in contact with a person tested positive for the coronavirus. It does not trace the user location, but only traces proximity between users of the app on the basis of Bluetooth. As soon as two app users come into close contact, the proximity tracing app registers the contact as an encrypted “handshake”. If someone tests positive for the coronavirus this person can notify their anonymous contacts registered by the app and stored in a decentralized manner. According to EPFL and ETH, the app will be ready by 11 May.
The app alone is not the solution, but must be part of a larger strategy combined with additional measures (e.g. comprehensive testing).
For the app to be effective, it must be used by as many people as possible. Trust in the app is therefore essential. A key to trust is to ensure that the app meets the highest standards of privacy and security and maintains appropriate control mechanisms. The following main criteria must be fulfilled.
Both the Federal Data Protection Commissioner, Adrian Lobsiger, and the National Ethics Committee gave green light for digital contact tracing under specific conditions. They emphasised above all the consensus aspect: every step must be voluntary and without compulsion, even after installation. The Federal Council announced that the use of the app will be voluntary in Switzerland.
It is crucial that the application ensures user data privacy and enables user control over their data. It should therefore be open sourced to allow other software developers to review how it is built. As for the Swiss solution, both the documentation and a sample implementation are available on GitHub.
The approach adopted by DP3T aims to provide maximum security and privacy for the end user. This decentralized storage and processing of data is an important, trust-building principle. Anonymity of the user is guaranteed.
Temporally limited, necessary, proportionally and scientifically validated
The Oxford Digital Lab published guidelines for digital tracking and tracing systems and stressed that measures infringing on fundamental rights must be time-bound, and meet standards of necessity, proportionality and scientific validity.
To summarize, from a technical point of view the Swiss solution seems to fulfill the main criteria for a trustworthy app and develops its app on the basis of “privacy by design” principles. Other countries like Germany, which pursued a central approach in the beginning, switched to a decentralized approach according to the “Swiss model”. In addition to the technical and privacy criteria, the Federal Council will need to stand united behind the app with a broad alliance of civil society, economy and science.
Open questions remain: How can we ensure the fairness of the app, how can we prevent the digital divide from widening or avoid discrimination of people who do not want or cannot use the app? What if it is not the state, but for example shops, that make it mandatory for their customers to use the app? Another point is the international compatibility: On 20 April, 43 contact tracing apps were available globally – would we have to switch to a local app when crossing the border?
The situation around Covid-19 is continuously evolving and even though science can base its recommendations on data sets and models, it is an unprecedented crisis and predictions are difficult to make. Time is crucial and all necessary means should be explored to get back to normality. To ensure that our freedom and our democratic systems are not restricted, this should happen in a responsible manner. The use of a contact tracing app must remain on a voluntary basis and be understood as one measure among many, as part of a larger strategy. Measures should be based on scientific evidence and be evaluated on the way. Communication, coordination and trust is key. The “Swiss solution” values strong privacy and data security aspects. And isn’t it a paradox: Most of us use many different apps and devices in our everyday life, sharing our data and information without a second thought, with our personal data often being commercially exploited by others.
We can only speculate on what the long-term impact of the use of the proximity app will be on our society and democracy. Waiting would be the wrong strategy. Switzerland should test new solutions, within the bounds of its unique democratic system, where inclusion, cross-sector collaboration and a pragmatic solution-oriented approach is part of its success story. Yet, a broad societal discussion on the long-term effect and proportionality of proximity tracing apps should take place.