Carmela Troncoso becomes a new scientific director at the MPI for Security and Privacy

From developing the SwissCovid tracing app to her work with the Red Cross, her aim is to understand and mitigate the impact of technology on society

January 08, 2025

During the COVID-19 pandemic, contact tracing apps became a widely used tool to maintain public health. These apps were meant to alert people if they were in close contact with someone who later tested positive for the infection with coronavirus. The biggest challenge of creating such apps was to make sure that they could not be used to harm users and populations, in particular by using data collected for contact tracing for other purposes. Privacy expert Carmela Troncoso led the team that developed the Decentralized Privacy-Preserving Proximity Tracing protocol, for short DP-3T, which ensured that data leaving people’s devices contained no information about their whereabouts or their social contacts. This privacy ensured that using the apps would not add any risk for users.

“A lot of people ask me if I am sad that the app is no longer used. I always reply that this is exactly why I consider this app the biggest success of my career.”, says Troncoso. The app was designed to minimize data usage and ensure that no inferences about a user’s habits could be made. This approach eliminated any incentive to further develop the app for a different (commercial) purpose. A number of studies showed that the apps were effective at preventing the virus spread and the fact that the app disappeared quickly proves that the design fulfilled its intended purpose of protecting the privacy of users.

Troncoso’s work on privacy-preserving technologies does not end with the SwissCovid app. Her group collaborated with the International Consortium of Investigative Journalists to develop a software called Datashare Network. This software allows journalists to search each other's sensitive document collections without the need to publish these documents and protects their identities, thus mitigating the risk of harm. She also has a longstanding collaboration with the Red Cross, providing scientific expertise to digitalize their processes, like the process of humanitarian aid distribution via biometric data, ensuring that digitalization brings no additional risks to aid beneficiaries. She also continues to engineer privacy-preserving systems aimed at protecting users from harm.

Her research also critically analyzes existing and new technologies that claim to protect users and their data. For example, she has shown that synthetic data does not provide better protection than traditional anonymization techniques and that decentralization of machine learning does not result in added protection for users. Another important aspect of her work is informing the public about the capabilities and limits of technology. During the pandemic, she was featured in numerous interviews where she presented the privacy-preserving aspects of her work. She actively participated in providing an expert opinion on the limits and dangers of technologies proposed to tackle the distribution of Child Sex and Abuse Material via client-side scanning.

Carmela Troncoso will join MPI-SP in March when she will start her work as a scientific director of the institute, leading the SPRING (Security and Privacy Engineering) Lab. “I am very excited to join MPI and start many collaborations within MPI-SP and the Max Planck Society as a whole.”, says Troncoso.  “The richness of profiles of my colleagues is a perfect complement to my society-oriented research, and it will help my lab develop more deployable privacy-preserving technologies that can help digitalize the world without harming people and communities, in particular those that are in the most need such as refugees or journalists.”


 

Go to Editor View