Over the past two weeks, EPFL computer scientists have been testing and refining the smartphone-based system developed by the international Decentralized Privacy-Preserving Proximity Tracing project (DP3T), with the help of the Swiss Army. Their goal: to optimize the app’s ability to alert users after they’ve been in contact with someone contagious with COVID-19, while building trust around the open system.
DP3T is an approach to decentralized, privacy-preserving contact tracing that aims to provide a digital means for humans to stop the spread of the novel coronavirus. The project was initially launched by researchers from EPFL and ETH Zurich, and is now being developed in collaboration with a number of other leading European institutions, as well as software developers Ubique and PocketCampus.
Mathias Payer, head of the HexHive lab in EPFL’s School of Computer and Communication Sciences (IC), explains that recent tests carried out on the EPFL campus were designed to compare the DP3T system’s proximity measurements with data on Swiss Army soldiers’ physical positions. The soldiers were asked to mimic daily activities like shopping or sitting on a train, while their positions were captured and analyzed using specialized cameras from EPFL'S Computer Vision Laboratory (CVLab), led by Pascal Fua.
On April 30th, just a week after the EPFL tests, Payer led a 24-hour field test at a military facility with about 100 soldiers. This time, the soldiers performed routine tasks while the app ran on their phones, and took note of each time they came into contact – defined as “less than two meters for more than five minutes” – with another person.
“We wanted to establish a baseline for how people actually act in different situations,” Payer explains. He adds that an additional challenge was to calibrate the system to work regardless of whether a user’s smartphone was in their hand, in their backpack, etc. “We tested different parameters, such as signal strength and frequency, to ensure that the system generates good information without too many false positives, and without draining your phone battery.”
This signaling system is at the core of the DP3T technology: it uses Bluetooth signals to continuously broadcast random and impossible-to-guess strings of characters between smartphones. All sent signals, as well as those received from nearby devices, are stored on users’ phones for a maximum of 14 days. If a user is diagnosed with COVID-19, their unique character sequences will be added to a hospital list, which other users’ phones will check regularly to see if they ‘recognize’ any of them. If a match is found that indicates a user was near a COVID-19 patient long enough to risk infection, the app will display an alert, asking the user to self-isolate and enabling him or her to get tested as soon as possible.
“Privacy by design”
The idea of using smartphones for proximity tracing has raised concerns over data privacy, as critics argue that such a system could create new opportunities for personal information to be abused, even after the pandemic eases. But the DP3T team is working to ensure that even if a hacker could get their hands on the signal data – which will be stored only on users’ smartphones, rather than a centralized server – it would be useless to them.
“This is privacy by design: we wanted to create a system that respects the need of citizens, which is not just to stop the coronavirus, but also to preserve freedom. So, we are building an app that cannot be used for anything other than contact tracing – it cannot be used to know location, identities, or activities,” says Carmela Troncoso, head of EPFL's Security and Privacy Engineering Lab (SPRING).
She adds that the system is also designed to dismantle itself organically as soon as the app is uninstalled from a smartphone, which will delete all stored signal data, thus placing control of the system in the hands of users.
As the parameter tests of the DP3T system are completed, all results will be published online to encourage continuous feedback and refinement. A beta version of the DP3T app is anticipated by mid-May; however, the researchers emphasize that the rollout of the app for use by citizens is ultimately within the purview of the Swiss government.
In the meantime, the DP3T team is working to ensure that the system will be ready to welcome a forthcoming application program interface (API) from Apple and Google, which is still under development.
“This is all happening in parallel. We have an app that works using our protocol, and that is compatible with Apple and Google’s protocol. As soon as that protocol is available, we will switch to it, as it will simplify integration with iOS and Android devices,” Payer says.
About the DP3T project
At EPFL, the team working on DP3T includes Alfredo Sanchez, Apostolos Pyrgelis, Carmela Troncoso, Dominique Quatravaux, Edouard Bugnion, Daniele Antonioli, James Larus, Jean-Pierre Hubaux, Ludovic Barman, Marcel Salathé, Mathias Payer, Pascal Fua, Sylvain Chatel, Theresa Stadler, and Wouter Lueks.
At ETH Zurich, the team working on DP3T includes David Basin, Dennis Jackson, Jan Beutel, Kenneth Paterson, and Srdjan Capkun.
Elsewhere in Europe, developers include Bart Preneel, Nigel Smart, Dave Singelee, and Aysajan Abidin (KU Leuven); Seda Gürses (TU Delft); Michael Veale (University College London); Cas Cremers (CISPA Helmholtz Center for Information Security); Reuben Binns (University of Oxford); and Ciro Cattuto (University of Torino / ISI Foundation).
In Switzerland, the project is being coordinated by the National COVID-19 Science Task Force of the Swiss Federal Council, and is officially supported by the Swiss Federal Office of Public Health (FOPH).
Internationally, DP3T has been listed as one of several privacy-preserving, decentralized approaches to contact tracing in a joint statement endorsed by some 300 scientists from over 25 countries.
This article was first published on 1 May by EPFL.