Centralized check-in apps reignite debate around digital contact tracing in Switzerland

During the pandemic, the public as well as the private sector have worked on digital tools for contact tracing. Private companies developed a variety of check-in apps for venues such as restaurants, bars, and clubs. In contrast to the SwissCovid app, those check-in apps collected data through a centralized architecture. This form of data collection in combination with insufficient checks on the private companies' use of the data raises questions regarding citizens' privacy and data security.

In Switzerland, a plethora of check-in apps help perform contact tracing in venues such as bars, clubs and restaurants. Owners are required to collect visitor data by law, but the Federal government has yet to provide a nationwide solution.

Private entities were quick to fill the gap, through a centralized architecture that has immediately proven controversial. And yet, some cantons are in the process of creating "a legal basis for the central storage of contact data", reveals a report in Republik.

The reason these check-in apps are controversial is that their architecture stands in stark contrast with that of the country's exposure notification app, SwissCovid, the product of a heated debate over privacy-preserving contact tracing solutions. In fact, SwissCovid relies on a decentralized structure, whereas the 16 check-in apps listed by the GastroSuisse Association and already in use in thousands of venues are built according to a centralized architecture, the "Swiss Contact Tracing Database" (SCTdb). The initiative is lead by Jean-Paul Saija, co-CEO of Mindnow, and is joined by "influential representatives of the catering industry", writes Watson.

The SCTdb central database stores all check-in data collected through the apps. Whereas SwissCovid's proximity data are said to remain on users' phones, never to be shared with Federal or cantonal health authorities, data collected in the SCTdb will be provided to some cantons: those that agree to "pay when they want to access the database for the purpose of disease control", according to Watson.

Cantons are also developing their own solutions. A report by Republik reveals that the canton of Bern started requiring the use of check-in apps to record visitors' data on May 10. Under this model, a central database is directly operated by the canton, gathering all information provided by restaurants and other venues. And while Bern is the first canton to create a legal basis for centralized contact tracing in Switzerland, others are about to follow suit, the report claims.

The Federal government also confirmed that it is working on updating the SwissCovid app with a check-in function (the NotifyMe app based on a protocol named Crowd-Notifier), even though it is not meant to replace private check-in apps.

Nonetheless, private check-in apps remain problematic, writes Republik, lacking security testing and independent checks on data protection risks. Also, the source code was not published for any of them: "How the data is collected and transmitted is up to the companies as long as they end up on the canton's servers on a daily basis", reads the article.

The CH++ Association strongly criticized the idea of normalizing centralized contact tracing in a written statement arguing that central databases expose to the risk of "catastrophic data loss", while at the same time providing leeway for "function creeps" ("further uses of the data for other purposes remain possible at any time") and "cantonal apps chaos". Decentralized contact tracing for events should be preferred instead, the association argues, as shown by examples in Germany, the UK and New Zealand.

For more entries on contact tracing technology, see the project Tracing the Tracers by AlgorithmWatch.