When researchers gather around lunch tables, at conferences, or in bars, there are some topics that are more or less compulsory. The discussions are about the ho- less management of the university or the lab where they are working, the lack of funding for important research, politicians' inability to grasp the potential of a p- ticularly promising ?eld, and the endless series of committees that seem to produce very little progress. It is common to meet excellent researchers claiming that they have almost no time to do research because writing applications, lecturing, and - tending to committee work seem to take most of their time. Very few ever come into a position to do something about it. With Simula we have this chance. We were handed a considerable annual grant and more or less left to ourselves to do whatever we thought would produce the best possible results. We wanted to create a place where researchers could have the time and conditions necessary to re?ect over dif?cult problems, uninterrupted by mundane dif?culties; where doctoral students could be properly supervised and learn the craft of research in a well-organized and professional manner; and where entrepreneurs could ?nd professional support in developing their research-based - plications and innovations.

This open access book describes Smittestopp, the first Norwegian system for digital contact tracing of Covid-19 infections, which was developed in March and early April 2020. The system was deployed after five weeks of development and was active for a little more than two months, when a drop in infection levels in Norway and privacy concerns led to shutting it down. The intention of this book is twofold. First, it reports on the design choices made in the development phase. Second, as one of the only systems in the world that collected population data into a central database and which was used for an entire population, we can share experience on how the design choices impacted the system's operation. By sharing lessons learned and the challenges faced during the development and deployment of the technology, we hope that this book can be a valuable guide for experts from different domains, such as big data collection and analysis, application development, and deployment in a national population, as well as digital tracing.

This open access book answers two central questions: firstly, is it at all possible to verify electronic equipment procured from untrusted vendors? Secondly, can I build trust into my products in such a way that I support verification by untrusting customers? In separate chapters the book takes readers through the state of the art in fields of computer science that can shed light on these questions. In a concluding chapter it discusses realistic ways forward. In discussions on cyber security, there is a tacit assumption that the manufacturer of equipment will collaborate with the user of the equipment to stop third-party wrongdoers. The Snowden files and recent deliberations on the use of Chinese equipment in the critical infrastructures of western countries have changed this. The discourse in both cases revolves around what malevolent manufacturers can do to harm their own customers, and the importance of the matter is on par with questions of national security. This book is of great interest to ICT and security professionals who need a clear understanding of the two questions posed in the subtitle, and to decision-makers in industry, national bodies and nation states.