SwissCovid: EPFL researchers put proximity tracing app to the test
In early 2020, EPFL computer scientists tested and refined the smartphone-based system developed by the international Decentralized Privacy-Preserving Proximity Tracing Project (DP3T), with the help of the Swiss Army. Their goal: to optimize the app’s ability to alert users after being in contact with someone contagious with COVID-19, while building trust around the system.
DP3T is an approach to decentralized, privacy-preserving contact tracing that aims to provide a digital means for humans to stop the spread of the novel coronavirus. The project was initially launched by researchers from EPFL and ETH Zurich, and was developed in collaboration with a number of other leading European institutions, as well as software developers Ubique and PocketCampus.
Mathias Payer, head of the HexHive lab in EPFL’s School of Computer and Communication Sciences (IC), explained that tests carried out on the EPFL campus were designed to compare the DP3T system’s proximity measurements with data on Swiss Army soldiers’ physical positions. The soldiers were asked to mimic daily activities like shopping or sitting on a train, while their positions were captured and analyzed using specialized cameras from EPFL’S Computer Vision Laboratory (CVLab), led by Pascal Fua.
Just a week after the EPFL tests, Payer led a 24-hour field test at a military facility with about 100 soldiers. This time, the soldiers performed routine tasks while the app ran on their phones, and took note of each time they came into contact – defined as “less than two meters for more than five minutes” – with another person.
“We wanted to establish a baseline for how people actually act in different situations,” Payer explains. He adds that an additional challenge was to calibrate the system to work regardless of whether a user’s smartphone was in their hand, in their backpack, etc. “We tested different parameters, such as signal strength and frequency, to ensure that the system generates good information without too many false positives, and without draining your phone battery.”
This signaling system is at the core of the DP3T technology: it uses Bluetooth signals to continuously broadcast random and impossible-to-guess strings of characters between smartphones. All sent signals, as well as those received from nearby devices, are stored on users’ phones for a maximum of 14 days. If a user is diagnosed with COVID-19, their unique character sequences will be added to a hospital list, which other users’ phones will check regularly to see if they ‘recognize’ any of them. If a match is found that indicates a user was near a COVID-19 patient long enough to risk infection, the app will display an alert, asking the user to self-isolate and enabling him or her to get tested as soon as possible.
“Privacy by design”
The idea of using smartphones for proximity tracing has raised concerns over data privacy, as critics argue that such a system could create new opportunities for personal information to be abused, even after the pandemic eases. But the DP3T team is working to ensure that even if a hacker could get their hands on the signal data – which will be stored only on users’ smartphones, rather than a centralized server – it would be useless to them.
«This is privacy by design: we wanted to create a system that respects the need of citizens, which is not just to stop the coronavirus, but also to preserve freedom.»
“This is privacy by design: we wanted to create a system that respects the need of citizens, which is not just to stop the coronavirus, but also to preserve freedom – it cannot be used for anything other than contact tracing – it cannot be used to know location, identities, or activities,” says Carmela Troncoso, head of EPFL’s Security and Privacy Engineering Lab (SPRING).
She adds that the system is also designed to dismantle itself organically as soon as the app is uninstalled from a smartphone, which will delete all stored signal data, thus placing control of the system in the hands of users.