On 24 April 2020 ICT4Peace wrote an open letter to the Swiss Federal Councillor and Minister of Health Alain Berset regarding the possible deployment of a “Decentralised Privacy-Preserving Proximity Tracing Protocol (DP3T)”. The letter in German can be found here, and a google translation in English here. Along with the letter, ICT4Peace submitted the Report by Beatriz Botero Alcira of ICT4Peace on “A Human Rights Centric Framework to Evaluate the Security Risks Raised by Contact-Tracing Applications“.
In the letter, ICT4Peace invited the Minister to consider applying the following privacy policies, when introducing this new app.:
- Deletion and Data Minimization: As little information as is needed should be collected. Back-end operators should have no access to any personal information, and collected information should be automatically deleted once it is no longer needed, meaning that information should only be stored during the incubation time of the virus, about 2 weeks.
- Restricted use: The information collected and/or shared to with trusted authorities should only be used for reasons directly related to addressing the public health crisis. It must be explicitly kept out of reach of criminal law enforcement authorities, intelligence agencies, and immigration authorities. Furthermore, the commercialization of this information must be forbidden.
- Transparency: Individuals must at all times have a means to know, easily and in a clear manner, how their information is being used when governments or other trusted authorities have had access to it (i.e. because they have authorized a message signaling potential contagion).
- Consent: Whenever possible, a person testing positive must consent to any data sharing by the app. The decision to use a tracking app should be voluntary and uncoerced. Installation, use, or reporting must not be a precondition for returning to work or school, for example.
- Roll-out strategies: Publicly and privately sponsored strategies must include from the beginning parameters regarding when an application will be discontinued in different places as well as when it is closed down completely. This could be, for example, when the WHO declares that the pandemic is over, when certain areas are declared Covid19 free, when universal testing is made available or when a vaccine is developed. At the moment, exactly what this threshold is is absent both in the Apple and Google and the DP3T protocols.
- Anti-discrimination and voluntariness: Vulnerable groups are often disparately burdened by surveillance technology. They are also often “frontline workers” who are the most exposed. They may also often lack access to the Internet or smartphones. Participating in contact-tracing networks like the ones analyzed here should never be required to enjoy other fundamental rights, such as the right to work, education or participating in a social program. An exception could be made if those programs or activities provide a viable and dignified alternative (such as work from home, education from home, and paid sick-or quarantine leave). For the same reason, governments should also never condition the enjoyment of a fundamental right to opting in to any of these applications.
On 8 May 2020 the Ministry of Health replied with this letter in German (a Google translation into English can be found here):
“Dear Mr. Stauffacher,
We thank you for your letter with recommendations from ICT4Peace regarding the planned application for proximity tracing (Swiss PT App).
We would like to address the issues raised, such as data collection and deletion, limitation of the scope and duration, transparency and voluntariness.
The requirements of the Federal Data Protection and Information Commissioner (EDÖB) and the national ethics committee NEK were taken into account in the technical implementation and legal regulations. The Swiss PT app is technically based on the so-called DP-3T concept of EPFL (Decentralized Privacy Preserving Proximity Tracing) and thus on the principle of “privacy by design”.
The system ensures that only the data that is necessary for the operation of the overall system is saved in each component. The app only runs on the users’ mobile phones, the code management
front end for validating the positive test result on devices of the authorized medical personnel. The overall system with these components is entirely under the responsibility of the BAG. This decentralized function through the structure serves in particular to protect data.
The data will be destroyed as soon as it is no longer needed. For example, the data that is only relevant for the period of possible infection is continuously deleted after 21 days. The use of the Swiss PT app is also limited to the duration of the crisis.
The installation of the app and its use are voluntary. The Bluetooth function can be switched on or off at any time and a user who has tested positive can decide whether he or she wants to inform the other users anonymously about the positive test result via the Swiss PT app.
The aim of the Swiss PT app is to inform people that they may have been infected. Automatically and anonymously. Users who have been notified in this way can contact the hotline specified in the app and clarify the next steps. Privacy is
maintained throughout. If notified app users have Covid-19-specific symptoms, they should avoid contact with other people and contact their doctor. This solidarity towards society can break the chain of infection.
We hope that we were able to carry out the aspects mentioned with this information and remain with best regards,
Michael Gabathuler Innovation Department
Federal Department of Home Affairs EDI Federal Office of Public Health BAG Executive staff”