Lessons from SwissCovid

Back to the program

 

Title: Lessons from SwissCovid

Speaker: Serge Vaudenay, EPFL

For the Talk slides Please click here
For the talk Video on YouTube please click here

Date: September 08, Tuesday

Time: 11:15 – 12:15 (Israel time, UTC+03:00)
09:15 – 10:15 (UK, UTC+01:00)
04:15 – 05:15 (EDT UTC-04:00)
18:15 – 19:15 (AEST UTC+10:00)

Abstract: SwissCovid is the Swiss automated contact tracing app based on the Google-Apple Exposure Notification system, inspired by DP-3T. In this presentation, we give an unofficial comment about problems which were encountered with it. We review security and privacy issues: false exposure notifications can be maliciously injected; people who report using SwissCovid essentially go public; people using SwissCovid can be traced. We discuss about encountered problems: compliance issues, non-inclusiveness, the lack of attractivity, the involvement of Apple and Google, and the strong opposition by people. We list goals of DP-3T which have not been met in SwissCovid. We question the effectiveness of this tool to reduce the pandemic.

Short Bio: Serge Vaudenay entered at the Ecole Normale Supérieure in Paris in 1989 with a major in mathematics. He received his PhD in computer sciences from University of Paris 7 – Denis Diderot in 1995. He subsequently became a research fellow at CNRS (National Center for Scientific Research in France). In 1999, he was appointed as a Professor at the EPFL, where he created the Security and Cryptography Laboratory.

He works on cryptography and the security of digital information. Most of his work relates to security analysis and provable security of cryptographic algorithms and protocols, specially in symmetric cryptography, post-quantum public-key cryptography, RFID protocols and distance bounding. He wrote an Essay on cryptography (in French, published by PPUR) and a textbook on cryptography (published by Springer). He was program chair of many research conferences and workshops. In 2007-12, he was an elected director of the IACR (International Association for Cryptologic Research).