Interview with Davide D'Amico, engineer, member of the AIDR board of directors and MIUR executive
Hello dr. D'Amico, we are going through a complex moment for the coronavirus emergency, although there have been improvements in the number of hospitalized patients lately. As AIDR you were among the first to propose a technological solution for the containment and monitoring of infections, what prompted you to create this SOS ITALIA app?
“AIDR is a non-profit association aimed at spreading digital culture in our country in which various professionals, companies, officials and public managers participate. Given the particular moment of emergency and the expertise of the associates, including internationally recognized companies, we had the idea of trying to put together the multidisciplinary skills of AIDR to achieve something useful for our country, and it is thus born SOS ITALIA. "
There are several solutions that have been presented to the Ministry of Innovation, there is talk of over 300 app projects for emergency management. What do you think the advantages of the SOS ITALIA app are?
“The app we designed has a great strength which is to be developed in partnership with SIELTE, which is one of the national identity providers recognized and certified by AGID. So, the main advantage is that the app is natively integrated into SPID and is open-source software. Furthermore, this also guarantees us a scalable infrastructure, capable of managing large numbers of transactions and adequate user support, in terms of help desk, in case of problems. Then this synergy with a SPID provider made it possible to immediately design a solution that would reduce the data requested during access, limiting them to those actually useful for the application's functionality, applying the "privacy" in a concrete and effective way by design ". Obviously, we have also provided for other access methods such as OTP and via social media, but above all, if SOS ITALIA is chosen, it is said that it will be activated and will depend on the political decision-makers. "
On social media there have been many discussions that have also highlighted strong concerns regarding privacy. Why and how did you solve this problem?
“We can't hide behind a finger. When it comes to the traceability of user data, movement control, one enters the subject of personal data protection, which in this case is also sensitive data on which special attention must be paid. Having said that, we must not think that privacy is a block to the development of technological solutions that protect the right to health. We have a strong need for data to be able to manage the emergency, because data can be used, even at a macro level, to be able to make decisions based on an objective knowledge of the context.
Especially in an emergency like this, if it is true that we must not exceed with data, it is equally true that we cannot have it. We must therefore use the rules provided by the GDPR and the related methodological indications, to create software applications that respect the principles of citizens' data protection. In this sense, as I have already said, we have used development methods that consider "privacy by design" and the analysis of the risks on the data collected, identifying particular anonymization solutions and the possibility of defining the upstream conservation timing. "
What do you mean by anonymity?
“For example, everyone does not need to have access to user data and travel. It is possible to encrypt the data with a public key and keep them (in a government or supplier database), leaving then, in case of need for an eventual contagion of an individual, for example to a health authority (which has the relative key private and in charge of data processing for the purpose of reducing contagion and safeguarding the health of citizens) the task of deciphering travel data and taking any necessary actions. In fact, if we really have to say the whole fact of thinking immediately about the issue of privacy, it guarantees not only a protection of citizens' data rights, but also a better design and development of the software application to the full advantage of quality, also as regards security, the latter being very hot these days. SIELTE from this point of view gives us ample guarantees also for the experience gained in the SPID field. "
From what we saw in the demo of the SOS ITALIA app there is also the possibility to fill in a digital self-declaration of the movements through a digital form with "QR CODE" which can then be shown to the police. At the moment, however, the certification is on paper.
"You have seen well, we have provided a digital function for filling in the self-declaration, a solution that we have come to know today has also brought France into play. We know equally well that in Italy it is not expected at this time. However, we must think of reducing the timing of the checks by the police and reading a "QR CODE" on a citizen's mobile phone and clicking a button that certifies the control carried out by the authority, it is an operation that really lasts a few seconds and also helps to reduce any traffic that may be created for these checks. Furthermore, in our opinion, having a digital platform helps to ensure the treatment, place and timing of retention of citizens' personal and sensitive data, in compliance with the privacy law. "
We still don't explicitly talk about returning to normal but we talk about gradually reopening the country after the first 10 days of May. At what point will the app serve?
"He did well to ask me this question, as AIDR and SIELTE, together with their partners, have been studying the different scenarios of returning to normal for days and are doing it also looking at what the countries far away from us such as China have achieved and South Korea. I can't anticipate them much, the theme is extremely complex. Let's say that it is necessary to activate features that ensure social distancing, at least in a first phase, by providing all that information useful to make citizens waste little time or to reduce unnecessary travel. The key word is to aggregate services, from healthcare to financial and commercial ones. Activate effective management of the rows in the commercial establishments (why not also by booking the time and date of entry through the app, with priority, for example, which privileges the distance of residence from the commercial establishment). The other theme is to monitor the state of health continuously (self-diagnosis and diagnosis at the territorial level closest to the citizen's home). Here the topic is more complex and we hope that even in the field of medical sensors, answers can be obtained as soon as possible. The secret is to face the post-emergency considering the cultural, social and regulatory aspects as well as the behavior of individuals in our country, which are very different from those of Asian countries. As AIDR, however, we hope to be able to make a contribution in this direction and that is why we continue to commit ourselves looking to the future before the present. "