Presenter
James Petrie
Technical AI Governance Researcher
In an age where reliable computer security is critical, Foresight Institute proudly announces Covid Watch as the winner of the inaugural 2023 Norm Hardy Prize for its significant contribution to the field of usable security. This prize celebrates work building upon the vision of the late computer scientist, Norm Hardy, best known for identifying the confused deputy vulnerability. His most significant contribution to the field was KeyKOS, a capability-secure operating system that ran on commodity hardware, as well as creating core parts of capability-secure languages and protocols. Hardy underscored the necessity of building inherently secure systems complemented by interaction designs that enable users to operate these systems securely and intuitively.
Project Summary and People
Covid Watch designed and prototyped the first decentralized digital contact tracing system during the COVID-19 pandemic. Their system works by having devices share seemingly random codes with other nearby devices and then store these codes locally. People who test positive can choose to notify their contacts by publishing the codes they recently shared, and other devices can detect exposures by downloading “infected” codes and checking their local records for matches. This design allows people to receive exposure notifications quickly and automatically without also enabling mass surveillance. The group was founded by Tina White, James Petrie, Rhys Fenwick, and Zsombor Szabo, and eventually became a nonprofit with more than 50 active contributors. In February 2020, Tina published a blog post calling for a mobile app that uses location data to provide users with a personalized COVID-19 risk assessment. James reached out to share his work on a privacy-preserving way to send exposure risk information using a decentralized architecture. In early March 2020, Rhys translated this design into the first blog post on decentralized digital contact tracing. Zsombor implemented the first prototype of this system and proposed a modification to iOS BLE that would allow it to work more reliably. Many other volunteers helped with the design, implementation, epidemiological modeling, logistics and communications needed to build this technology, including collaborators from CoEpi and the TCN Coalition. Covid Watch open-sourced their code [TCN protocol: https://github.com/TCNCoalition/TCN] and published a white paper describing the technology. The proposed design – including decentralized architecture and BLE broadcasting specification – was shared with Apple in March 2020. In April 2020, Apple and Google announced the Exposure Notification system, which allowed around 100 million people to use decentralized digital contact tracing to help slow the COVID-19 pandemic. As we celebrate this significant milestone, Foresight Institute also looks to the future, where the long-term goal of the Norm Hardy Prize is a set of design principles and tools that encourage developers to create interaction designs that make it easy for people to use secure systems securely.
