Laboratoire Spécification et Vérification

Information technology is enrolled in the fight against the COVID-19 pandemic. Digital certificates of non-contamination, cyber-surveillance of quarantine and lockdown measures, contamination monitoring by contact tracing have already been deployed by some countries, and others are considering them.

Faced with the crisis, the temptation is great to put aside the security and privacy principles that we usually care about. One must however remain aware of potential threats: leaks, malicious exploitation by hackers or rogue states, and improper usage even by our own institutions.

We will be told that all means have been taken to secure the applications, that the data has been anonymized, will remain confidential, etc. Such claims need to be assessed in view of a few main principles that we wish to recall:

• While it is possible to certify some aspects of program security, these theoretical guarantees do not extend to the actual deployments. Daily news is a constant reminder that masses of sensitive data can fall into the hands of malicious parties, without any possibility of reverting or alleviating the damage. In practice, one must expect security breaches and take preventive action to limit their impact.
• Breaches of privacy are difficult to quantify, and specialists have a hard time describing precisely under what conditions a system will respect privacy. In particular, they know that the use of pseudonyms provides little protection.
• Any system impacting the safety and privacy of citizens must be open to public scrutiny. The publication of its specification and source code are necessary prerequisites.
• One of the best ways to limit overuses and abuses is to rely on decentralized systems as a mean of separating powers. Many techniques exist for these purposes, based on cryptography in particular. This also assumes a clear specification of which institutions will be able to use the system, and under what control. It is known that private interests can be tempted to go against the public good, but public institutions may also end up using data outside the initially planned framework.
• The solution to these problems cannot be purely technical. Laws governing the collection and use of private data are of paramount importance, and the current crisis should not become an opportunity to soften them.

The international research community is able to put forward technical solutions that respect the above principles, and we hope that they will be mobilised to good effect in this crisis.