Prof. Peter Ryan has been a member of the Research Luxembourg COVID-19 Task Force Work Package on e-health solutions since the beginning of the pandemic. In April, Ryan and his team were awarded a 6-month fast-track grant from the FNR for their research project on the efficacy and privacy implications of COVID-19 contact-tracing apps. The project is meant to assist policy makers as they search for the best technological solutions for emerging from “lockdown”.
As soon as people began to talk about using apps to do it. Many people are already coming up with different ways of implementing this same basic contact-tracing-app idea — so there’s no need to reinvent the wheel and come up with yet another one. Yet there are many privacy and security considerations to keep in mind when designing an app that will inevitably collect and share a lot of personal data. I think that I am well placed to take a step back and offer an objective, scientific evaluation of the options that are emerging because of my research background. I have spent the past fifteen years working on secure voting systems, an area where IT security concerns and public trust intersect, just as they do with contact tracing apps.
"If the majority of the population doesn’t trust and won’t use an app, then it doesn’t work. Simple as that."
Prof. Peter Ryan, SnT Tweet
The biggest, most important difference between the many options is whether the data they aggregate is centralised or decentralised. The first approach stores the data in one central location, pushing information from a phone to a central database where the information is processed and notifications are dispatched. Decentralised apps instead keep data locally on a phone and process it in a distributed way, perhaps by pushing information directly from phone to phone.
Generally, decentralised systems are more private, and big centralised databases, like a credit-card company’s for example, are a juicy target for hackers. But it is really important to note that the distinction is not clear cut. It is really more of a spectrum than a single black-or-white, yes-or-no characteristic that each app has. It is possible for one key feature of an app to be decentralised, while others are centralised. Or the other way around and everything in between. Each approach comes with advantages and drawbacks. And that’s really what this research project is about. We are looking at the landscape of apps and rigorously evaluating the available options.
Our first step is to examine whether the app and the technology it uses could even work. For example, we will examine whether using Bluetooth to determine proximity is actually effective and reliable. Secondly, we will evaluate the privacy and security implications of the app. This is where the centralised-vs-decentralised question plays a big role. Thirdly, we will evaluate whether a particular system could actually work in our context here in Luxembourg, possibly proposing some adaptations if necessary.
"A system that gracefully balances these two qualities could become a powerful part of our public health infrastructure going forward."
Prof. Peter Ryan, SnT Tweet
Yes. About 45% of the Luxembourgish workforce are frontalier, so they commute internationally. That’s really unique and it means that we need to do contact tracing across not just one international border, but three. So whatever system for contact tracing we develop, we need to ensure that it can interoperate with the systems our neighbours implement. If our app cannot work across international borders, it simply cannot be effective. This is why it is so important that we really thoroughly consider our options before committing to any one solution.
Yes, that’s actually a big part of my research too. We believe that the system with the most public support will be one that is simple to explain and easy to use. Because of this, we anticipate that the most trusted system will be one that keeps the information disclosure to the minimum required to be effective, and requires minimal trust in the authorities to manage the data responsibly. This is analogous to the design of secure voting systems, with privacy preservation baked into the technology itself. To explore these questions, we will be working with researchers in Germany who are already planning surveys to determine the systems people trust the most. We’ll be taking all this into consideration because usability and understandability are really important. If the majority of the population doesn’t trust and won’t use an app, then it doesn’t work. Simple as that.
We will be cooperating with our friends and colleagues around the world who are creating really promising systems. These include the DP3T app developed by Kenny Paterson at ETH and Bart Preneel at UC Leuven and people at EPFL; the PACT app lead by Ron Rivest at MIT; the Epione app developed by Dawn Song at UC Berkeley; as well as an app called StopCovid that has been examined by Vannessa Teaque in Australia. We’ll also be evaluating apps produced by teams right here at SnT too, such as the PriLok app that our Critix Group is developing, as well as Stephane Bordas’ Pangolin app. In the end we will be able to offer a truly international and comprehensive view of the field.
We need to consider the degree to which the system can be dismantled once the crisis has passed, and also how easily it can be reinstated should there be a second wave or another pandemic. Those two elements create tension that needs to be carefully managed for an app to be a viable option in the long-term. Yet a system that gracefully balances these two qualities could become a powerful part of our public health infrastructure going forward.