Report on the “COVID-19 Tracking Technology” Session

Report | GFCE V-Meeting “COVID-19 Tracking Technology” | 15 May 2020

The world has changed due to the COVID-19 pandemic. The use of technology is playing an important role in our response. Several countries are exploring the possibilities of the use of an app with contact tracing technology that tracks the spread of the Covid-19 virus. In this meeting several countries were invited to share their insights and lessons learned on such a tracking app. The session was chaired and moderated by Mr. Richard Harris,Principal Cyber Security Policy Engineer at the MITRE Corporation.

To kick-off the meeting,Mr. Gopalkrishnan S, Additional Secretary, Ministry of Electronics & Information Technology of the Government of India, introduced the Indian COVID-19 tracking mobile application “Aarogya Setu”. The app is launched since almost 40 days now and is connected to the  GPS of an (anonymized) device ID. Mr. Gopalkrishnan S elaborated on the challenges and learnings regarding the development and launch of the app. He highlighted that a very clear data sharing and access protocol was published, as the app has to meet all the norms of privacy, and data should be handled responsibly.

NextMs. Gun Peggy Knudsen, Executive Director of the Department of Health Data & Digitalisation, Norwegian Institute for Public Health, spoke about Norway’s contact tracking app that is available since mid-April. The app collects blue tooth and GPS data. Ms. Gun Peggy Knudsen explained that developing such an app in a very short amount of time is challenging, therefore they keep learning and adjusting, while there should still be a healthy debate on privacy issues. With 700.000 active users the app is still in its early days, and the relatively few new COVID-19 cases make the validation phase of the app challenging.

Mr. Roger Lim, Senior Policy Advisor at the Netherlands Ministry of Health, Welfare & Sports, elaborated on the process in The Netherlands of developing a national contact tracing technology application. Mr. Roger Lim explained that international and national proposals for the development of such an app were received, for which 7 apps were selected for an “appathon” mid-April. The strict selection criteria for the app, with a focus on privacy and information security, were non-negotiable. For example, GPS may not be used and data should be fully anonymized. None of the 7 apps were proved to be ready for national use. As a result, the new way forward with the national app is being reconsidered. This is currently being done with the set-up of a new program that takes up 4 actions that were decided upon by the Minister.

Following this, Mr. Daniel Seiler, Deputy Chief of the Office of the Special Envoy for Cyber Foreign and Security Policy, Swiss Federal Department of Foreign Affairs, spoke about the development of Switzerland’s tracking app that makes use of Bluetooth low energy only. Mr. Daniel Seiler highlighted that the aspects of privacy, security, transparency, voluntariness and the safe storing of (anonymized) data through a decentralized system, were crucial from the beginning. Switzerland is in close collaboration with Google and Apple to further improve the app. The app is currently in a pilot phase and is expected to launch in June.  

Mr. Lim Soon Chia, Director of the Cybersecurity Engineering Center at the Cyber Security Agency of Singapore, highlighted the importance of organizing (GFCE) meetings like this one in order to learn and share experiences. Singapore was among the first countries to release a national COVID-19 related contact tracing app based on a low energy Bluetooth solution. Mr. Lim Soon Chia stressed the importance of the two key considerations of their “TraceTogether” app: privacy and cyber security. Since mid-April, Singapore also started using other contact tracing apps that monitor people entering selected public venues, e.g. malls and supermarkets, and will be extended to all operating businesses to allow employee’ and visitors’ entry. With these apps, Singapore hopes to restore the economy, while ensuring the safety of its citizens.

On behalf of the Government of the United StatesMs. Susan May, Branch Chief for International Affairs, Stakeholder Engagement Division at the U.S. DHS Cybersecurity and Infrastructure Security Agency, explained the developments and different initiatives regarding contact tracing apps cross the county. At the state level, some states are already moving forward with their own initiatives and have already employed contact tracing technologies using Bluetooth and GPS to combat COVID-19. At the federal level, a landscape analysis to combat COVID-19 is being conducted. Together with all relevant stakeholders and agencies involved, including Google and Apple, the US’ contract tracing technology is being improved.

Mr. Pedro Lizana, Chief Technology Officer at the Digital Government Division of Chile, spoke about Chile’s “Coronapp” that was released four weeks ago. The main purpose of this app is to inform users and keep track of (potential) COVID-19 symptoms. For example, the app helps users to stay in a certain radius in order to prevent avoid large groups of people or long waiting line. The next step for this app is a contract tracing feature. When Chile starts developing this feature of the app, main focus will be on privacy and to get the necessary confidence and trust of its users.

The last speaker of this session, Ms. Jemima Hodkinson, Programme Manager at the Cyber Department of the UK Foreign and Commonwealth Office, explained the development and challenges of United Kingdom’s contract tracing app. Followed by examples of Australia, Norway, Singapore, the app uses Bluetooth low energy and stores data anonymously at a secure lock on the phone. The app is currently being tested on an UK island, the Isle of Wight. Ms. Jemima Hodkinson highlighted that “trust” is key to get people download the app. Therefore, privacy, security, ethics, but also communication to users is important. Next to this, regarding inclusion, it is important to make sure that also individuals who can or do not want to use this tool, are also protected.

The session ended with questions by, and an interactive discussion amongst, the participants.