Estonian companies and government authorities join forces to develop a new mobile application to stop the spread of Coronavirus
During these challenging times, governments around the world have sought solutions that would help reduce the spread of COVID-19 and enable them to reopen their respective societies. Some countries have had success using mobile applications for contact tracing. These applications help health care systems notify people who might have been infected, enabling them to take swift steps to avoid infecting others. While useful, contact tracing solutions must not become tools to spy on one’s population, which is why privacy considerations must take central stage when designing them. Together with other European countries, Estonia has chosen a privacy-preserving path to contact tracing, a key element of which is the principle of decentralisation that underpins several Estonian e-state solutions.
Building on these foundational values, nine Estonian companies (Bytelogics, Cybernetica, Fujitsu Estonia, Guardtime, Icefire, Iglu, Mobi Lab, Mooncascade, Velvet) and several government institutions are currently developing a decentralised, privacy-preserving contact tracing application. Within this system, designed to fully adhere to recent EDPB recommendations, no entity will be able to store all tracing data and use it for any other purpose besides contact tracing. When asked about the development, Priit Tohver, Advisor for Digital Services Innovation in the Ministry of Social Affairs, confirmed: “We should not create a tool that enables large scale data collection on the population but rather one which, in line with the principle of data minimisation, should only be used to reduce the spread of the virus. These kinds of apps should not become a general data gathering tool for any government.“ He added that “although gathering larger datasets could certainly be useful for epidemiological modelling, it is highly unlikely it could ever achieve the kind of public acceptability and uptake in our country that a decentralised privacy-preserving approach could.”
Estonia’s app shall be based on the DP-3T protocol developed by leading privacy experts. This approach would also be in line with the contact tracing API recently announced by Apple and Google, which the Estonian app would seek to integrate with. The contact tracing system, which will be compatible with both iOS and Android devices, will be implemented on an opt-in basis, meaning individuals have to actively confirm that they wish to participate and contribute to this solution. The app itself is based on on-board radios on a given device and transmits an anonymous ID over short-range Bluetooth. The application analyses, what IDs the individual was in contact with over the last 14 days, and only if a certain threshold of distance and time between two devices is recorded, a match is deemed confirmed.
“In Estonia we are indebted to all the hard work that has already been put into developing contact tracing apps around the world. It is clear, however, that without integrating with the Apple and Google API, these solutions will never achieve their full potential,” said Tohver. “Fortunately the approach supported by the API aligns well with our privacy-preserving principles.”
This mobile application will help us in an entirely new way. It is unlikely that any infected person could remember all their contacts and interactions from the days prior to their diagnosis. Such an app would therefore complement our already ongoing manual contact tracing efforts. All involved parties find it important to emphasise that the app will be available for people to use on a voluntary basis. And who knows – seeing as the users’ privacy will be guaranteed, with sufficient uptake there is also the possibility that this application can help us avoid similar crises in the future, be it with COVID-19 or any other similarly hard to tackle infectious diseases.