Caution: While reading this article, please consider the fact that it is a mere opinion of technical guys playing around with ideas. We are NEITHER Covid-19 experts nor Pandemie strategists in any way.

At the moment, governments are falling over themselves trying to catch up with the early adaptors of the modern version of “Contact-Tracing” dubbed “Digital Tracing”. It was preceded by the fruitless efforts to promote hydroxychloroquine as a “panacea”. Many seem to forget that a premature deployment of something that cuts into our privacy and as sensitive as a digital contact-tracing app might ultimately tarnish public trust and confidence in technology in an era when we heavily rely on it and need it. Its success is highly dependent on a higher adoption by the populous and being in a position to test over 75%. It must also be supplemented with boots on the ground in the form of manual phone calls by human contact-tracers. None of the approaches to date has outlined such a strategy; they are all more focused on digital (tech) solutions.

For those of you who had never gotten into contact with the term “Contact Tracing” before, I will briefly explain. The concept of contact tracing was born somewhere in the late 18th century, by an English physician by the name of John Haygarth on the northern British city of Chester. The idea is attributed to his pursuit to determine precisely how individuals caught and transmitted smallpox. To do this, he carefully tracked and followed every single case of smallpox within Chester. In the course of this endevour, Haygarth invented what we now know as contact tracing, a potent tool for mapping epidemics and finding individuals who require treatment. His approach has since then been deployed to expedite containment strategies against various contagions, among them the 2009 Flu and the 2003 SARS. He was successful with this concept without any digital assistance, but with a detailed interview which generated data that helped not only identify the source and the routes by which the disease was spreading but narrowed the paths to new infections and thus helped combat the spread.

Now back to the year 2020 and the Covid-19 containment strategy of central federal government, different states within the borders of the same country, partners and other organizations that they work with including public health departments. Having a “Single-Point of Truth” was fundamental to the success of the first contact tracing deployment in the 18th. Century by Mr. J. Haygarth. Digital contact tracing is currently being viewed as a possible magic solution, and it has many privacy experts and privacy-aware citizens ringing the alarming bells. Covid-19 is new, severe and mutative in nature. Scientists do not seem to be in a position to wrap their heads around it as fast as we wish, so we are left with technocrats and techies trying to solve a problem that cannot be solved by a mere digital contact-tracing. During our regular team social conferencing calls, we asked ourselves the questions as to how an effective Closed-Loop contact-tracing would be and what would have to be sacrificed by the populous in terms of privacy to contain the spread of the virus. In this article, I sum up discussions we had in our company about the approach of contact-tracing in its most possible privacy-preserving form and its implementation in mobile apps for it to be a reliable supplement to the boots on the ground, the human contact tracers.

As security experts, we were wary about the modern form of contact-tracing from the word go. The fact that it relies heavily on a digital solution made us conclude that it cannot be as effective as the initial contact-tracing because it lucks on several levels. The gaps in intelligence that can be gathered using different non-integrated digital contact-tracing solutions nullify every positive impact it could have. There would be a scenario in which the central government obtains worthless data from all Cantons because most of those living in the country crisscross the country and it would not be possible to track the next cases if the different apps and institutions were not inter-operating. 

“… an effective modern contact-tracing would have to marry both the traditional contact tracing with the digital contact-tracing to achieve a “Single-Point-Of-Truth” that culls up data from different systems and institutions but infringes privacy…”

The only reasonable approach would be to have apps that seem to target the single Cantons that feed into the same backend. In addition to this, there would have to be an attempt put in place to reduce labour-intensive measures, such as interviewing patients to document their movements and whom they have encountered. In other words, the system would pull data from different institutions, including law enforcement agencies, cell service providers, credit card companies, and more. Any data collected via digital contact-tracing will be lucking in actionable intelligence since not enough data can be obtained digitally without infringing the privacy of users. After solving integration and privacy issues, one would have to come up with an adoption strategy that guaranty higher adoption of the apps by those living within the Swiss borders and those that move into the boundaries during this period. In addition to the digital collection of data, actionable intelligence would only be possible, if enough human contact-tracers can enrich the data through manual phone calls to help identify who may have been exposed and have the majority of the populous tested. Assuming that a higher percentage of the population in Switzerland has Smartphones, this approach would constitute a perfect plan were it not for the privacy issues.

Unusual times call for extraordinary measures and exception handling!

The question as to what information would need to be collected from the devices to be in a position to generate actionable data accurately is something that any privacy-loving populous would object. Let us assume that extraordinary times call for extraordinary measures and the government was to swiftly enact laws and regulations making it compulsory to take part in digital contact-tracing. Those laws and regulations would have to address the topic of central data storage. In our biased security opinion, the central data-storage so much data would put it at risk of it getting exposed. Before enacting laws to expedite data collection, it would be critical to know what data would have to be collected from the devices to obtain supplementary information that can be turned to actionable intelligence.

From a technical point and based on mobile forensics, a combination of the different data will have to be collected from a device to be in a position to detect and triangulate location so that we can put a person at a particular place in a specific time. The depth of information that would offer the possibility of detecting if a person has spent time near known and confirmed Covid-19 patient would include the following:

• Contacts/Address list
• GPS
• WiFi
• IP-Address
• Cellular
• Bluetooth

The collection of the above data touches on the privacy policy of the mobile app and most importantly infringes the privacy of the users. In this case, they will have to either give a known consent or a law be enacted to permit the collection of this data. To accurately determine the proximity to potential exposure, not only will more data of unrelated persons in the contact list be collected, but one will also have to determine how long this information can be stored. Just like in Haygarth’s case, the effectiveness of contact-tracing can only be enhanced by laying out open the information about exposure (How you got exposed and by whom.). Laying out this information increases the complexity of the privacy issue. The reason here being what intelligence can be generated out of the data gathered when aggregated and enriched from other service providers such as credit card companies, Apple Pay, Twint, amongst others such as car and city-bike rentals. And by the way, in my city in Zürich, we still have the eTrotties of the likes of Tier, Circ, Lime and Bird roaming the streets in case the current lock-down is eased.

Cleansed, harmonised and enriched with data from other service providers, our “social graph” and that of everyone with whom we come into contact can be easily created. As of now, there have been some minor push-backs in Switzerland about privacy. A few privacy rights watchers warn that without explicit, legal protections for users, social-graph data could be abused, including for mass surveillance by the federal governments. As a cybersecurity analyst, I fear that this amount of data in its clean, enriched state and at a central place and maybe with private businesses could end up in the hands of hackers via successful breaches or anybody paying top “Schwiizerfranke”.

Clarity from the federal state is a necessity.

As of now, the Swiss federal office has not been transparent in their communication about precisely what they are doing, what they hope to achieve by doing it, and commit to safeguards. As previously mentioned, the reason here is that if such apps end up not working as intended, what happens next might only be known to only the flies on the walls of the offices in which they are being discussed and not the general public. It would be essential to know what happens with the solution because chances of feature creeps by future updates might leave us with an app that runs critical privacy infringing functions that would enable greater surveillance.  

I hope that our government will assume a transparent, open, privacy-preserving approach to digital contact-tracing apps, backed by explicit legal protections for the public. This would be an excellent approach to foster contact-tracing app adoption. The vice-versa would not only put at peril the approval of the apps but potentially risk higher casualties of public health.