The app basically uses Bluetooth Low Energy for the proximity measurements: The app generates temporary IDs, so if two smartphones with the app come close, they exchange their IDs and save the IDs of their respective partner locally and encrypted. If a person is tested positivive for the novel coronavirus, the doctor can ask the person to upload their list of contacts to the Pepp-PT server. The app can then compare its list with the list on the server and notify the user if they had contact with person who has COVID-19.
"The app can then compare its list with the list on the server". So the comparison takes place on each individual's phone ? To do this without leaking privacy, each phone will need to receive all the ids on the server i.e. all ids collected by the phones of people with positive diagnosis. This could require a lot of data to be distributed to a lot of phones.
If the comparison takes place on the server, it will save a lot of bandwidth. But then there will need to be a Tor like network to hide the IPs of the phones doing the requests.
The list on the server could be classified by region and time period (certainly this reduces privacy, but would still prevent tracking individual movements with precission).
This way the phone would need to download just the lists for those regions and periods of the places it has been through.
Suppose Alice is permanently at home with only one caregiver. The system should never tell Alice that she has been in contact with a virus carrier because that will imply that the caregiver tested positive.
Instead, the system should rather tell Alice she may have been exposed to the virus and should get tested. Bloom filters can provide that uncertainty.
Basically what the TraceTogether app in Singapore has already been doing in the past 2 weeks. Not rocket science, but a simple and clever approach still.
I don't know why Singapore GovTech hasn't yet released the source even after they said they intend to do so...
Yesterday they still wanted to publish the source code and architecture as open-source, seems they're already back-pedalling on that though and only want to give access to partners. Personally I think a full open-source approach would be better.
These folks also seem pretty open https://start.ito-app.org/ and cooperate / plan to cooperate with other initiatives.
There's a significant portion of any of these technical rundowns I don't get though. All of them seem to treat BTLE beacons, sprinkled with a bunch of hashing schemes, as some form of magic bullet for privacy. If your crypto was this great you might as well use my GPS with far better location accuracy, does anybody know the reasoning behind this (apart from the obvious "the public wouldn't want that")?
>> A lot of military software is built with tax money.
> And can that be opensource as well. What's your point?
Probably because military software likely contains military secrets that would be useful to an adversary.
A lot of espionage is focused on getting seemingly boring information like the performance characteristics of a radar system. If the radar system is run by software, and the software is made publicly available to anyone, an adversary country could learn what they want from the software (and do other things, like improve their jammers).
The government should definitely get the rights to the source code (and other IP) for military projects they fund, but I think it should still be kept secret (so not "open sourced" under a typical understanding of the term).
> PEPP-PT is purely funded by donations. It is a non-profit organization and completely transparent. Our strict guidelines preclude any influence from donors.
> As the formal organization is not yet established, we cannot yet provide links for making a donation or for downloading the guidelines for a donation. Please sign up below if you would like to be informed when you can support us.
a. They aren't even incorporated. b. Donations aren't public grants for which one has to apply.
The members listed on the page do include public entities such as universities and publicly funded research groups. However, membership to a non-profit organization doesn't necessarily imply that the non-profit needs to comply to policy rules that govern the funding of individual members.
Of course, if the majority of those members are public entities, adhering to open policies would enhance the credibility of such organizations. Even so, open source and open access are easier said then done. For starters, a significant portion of research ends up behind the paywalls of incumbent academic publishers.
Furthermore, you have to ask yourself why such an initiative suddenly springs to life exactly at this time. It's not the first infectious disease that causes a pandemic. The main reason is that it created public awareness in the Western World overnight. No more, no less. And so, there's suddenly an opportunity to rally funding, justify ethical shortcuts and do large scale social and technological experiments that are usually left to the realm of "what if".
The fact that this thing exists now shakes a shiver down my spine, regardless of any well meant intentions.
It’s specifically set up to protect privacy. If governments didn’t care, or had anything near the power and data that conspiracy theorists always assume they do, or felt justified to disregard the law, or empowered to change it, they’d tell Apple & Google to flip the switch and all location matching would happen tonight, in some unlucky eurocrat’s excel table.
> Furthermore, you have to ask yourself why such an initiative suddenly springs to life exactly at this time.
I don’t get this paragraph at all. It’s no mystery why this is happening now and didn’t happen last year: there’s a pandemic on.
I realize you say as much. But somehow, with the “no more, no less” and “technological experiments” you make it sound sinister. Like C-SPAN, but with an iMovie horror sound & lighting preset.
It can't protect privacy. A non-profit isn't a public authority. This initiative is meant to (a) create technology that adheres to existing legislation and (b) lobby - read argue or ask - with politics to use this technology.
The harsh reality is that authorities can happily ignore or cherry pick from such efforts, and that they are free to change or deprecate legal frameworks is such is deemed necessary "in the public interest".
This initiative sounds nice, but I don't read anywhere how they tie into the longstanding efforts of human rights organizations such as Human Rights Watch.
That's why I feel this is a technological experiment. It simply doesn't even consider the social impacts: there's no mention whatsoever of social research or leveraging existing social research.
My government (Norway), seems to be going (link in Norwegian https://www.simula.no/news/digital-smittesporing-apper-i-and... ), for a solution where they keep all the data on their servers, and privacy be damned.
The upside they argue for with this, seems to boil down to them then having a lot more data to look at.
Having an app to help tracking infections, is something I would install. But what my government seem to be going for, no way.
Way to intrusive and all encompassing.
I haven't found Simula, which is building the Norwegian app, on the list of partner of PEP-PT. So this is probably a saner initiative.
I'm torn on this matter. A part of me wants to believe that a fully acknowledged state of emergency privacy exception, organizationally siloed and bounded by well defined purpose and expiry, could be less erosive in the end than than something that tries hard to dance along the borders of regular privacy expectations and sets the new "acceptable" by precedent.
Immediate reaction: I'm sorry they settled on blue-tooth induced proximity. It seems likely to be a poor approximation of "epidemiologically relevant proximity". I would like to see research supporting the efficacy of this approach. I suspect they would conclude they need a geolocation-based approach. This will make privacy even more difficult.
If you're in "epidemiologically relevant proximity" you're almost surely also in bluetooth proximity. Quarantining a few more people than necessary is not a big deal and totally worth the privacy tradeoff imho.
Is that true? I'm more worried about false negatives on connections. Two concerns (as a layperson):
1) Transmission via surfaces is thought to be important (afaik). You don't have to be in the same place at the same time to transmit.
2) My bluetooth seems pretty slow and unreliable when connecting to my headphones. Is it reliable for logging ~50 proximities during my trip to the supermarket?
They are working on a more formal study of this but indications are that the viruses that other teams have found on surfaces may be "dead" (in the sense that they cannot actually replicate anymore and therefore are not bioactive relatively soon after leaving host organisms).
Video only in German, sorry, sure this will get publicized internationally if the study confirms the indications.
This totally contradicts another study [1]. They found that the virus is "viable and infectious in aerosols for hours and on surfaces up to days (depending on the inoculum shed)."
Thank you for the hint (in the reference [1], the measurement done as in [2], which states "Collected aerosols were analysed by quantitative real-time polymerase chain reaction (qRT-PCR) and by virus titration"), although I then don't get why the paper [1] writes that the viruses are "infectious".
They should do a dead-simple PoC to demonstrate this actually working with Bluetooth. Just make a stupidly simple test app, get 100 volunteers to install the app, have them all wear masks etc. while walking around randomly in the same big room for half an hour.
Then see what the false negative rate is - unless the average number of "others seen" is close to 100, this isn't going to work.
Because it's an obvious sticking point, everyone's had trouble with bluetooth not recognizing the same ol' headset, the burden of evidence is on the developers. And if they have done the test and not published the results, I'm twice as skeptical.
1) That would be difficult to solve. If we used position reporting, and considered an area infected for a few days after an infected person arrived, it would most likely lead to unmanageable amounts of false positives.
2) Scanning is mostly just listening and waiting for other devices to send beacons. With one discoverable device nearby, it might take a moment to hear anything. With 50 devices nearby, you scan should be spammed with results.
You might have missed a few devices if you were unlucky and moved out of range before they got a successful beacon through. However, in that case you could use second-hand proximity to find the "lost" contact through some of the successful ones.
Surfaces can be cleaned easily and should be cleaned frequently. (Eg on public transport.)
Furthermore any kind of app will only reach a subset of the population. (Senior citizens are unlikely to install this app.)
Yes, bluetooth drivers are a horrible hellscape of cyberspace, but it's probably because connecting to a sink/source (speaker/mic/camera/whatever) sets up the corresponding audio/media/etc channels too, and the interaction of the relevant components (pairing, PIN, kernel modules, gstreamer or who knows what) is what requires a very fragile dance. I have no idea how broken the BLE part is.
Firechat doesn't seem that bad and it uses Bluetooth too.
I wonder if there would be a way to do something like this but using WiFi access points that are available. The phone could track access points as they come into range (don’t need to connect) and time stamps and cross correlate with others. Seems a bit less intrusive and wouldn’t require Bluetooth but obviously there wouldn’t be as much coverage.
sharing a timeline of access points and timestamps is somewhat similar to a timeline of gps coordinates and timestamps. there is a lot to infer from such data and can potentially reveal the identity of the person who got sick and shared their data
The proximity tracing does not have to be perfect, just like social distancing or face masks do not have to be perfect. They just need to be effective enough to reduce R < 1.
Austrias Red Cross is developing such a tool (but with ultrasonic communication with speakers / mics) instead of bluetooth) at the moment. It seems that it is going to be free software (open source).
Privacy is still an issue with several of these Bluetooth-based solutions, and it can only alert about exposure through proximity, not through e.g. surface contact. There are other approaches being suggested as well. E.g. https://www.healthcast.nl
Well I don't understand how situations like toilet use, where many aerosols are created, could be safely recorded. (Don't forget that the virus is in the stool.)
Also note that this air is often piped somewhere else, hence you would need an airflow analysis.
It doesn’t have to be perfect. If this stops just one in four infections, and masks, washing hands, and distancing each do the same, R0 goes from 2.5 to 0.8 and we win.
South Korea managed to control the spread by endless testing and then contact tracing and notification and quarantine.
They didn't lock down the cities. They did it and continue to do it without locking down.
They are staying flat now because they continue to do that.
This is a tool to help that second part of contact tracing. No one is saying it's a replacement for social distancing, but it enables us to relax it if there's a way to stop detected infections spreading.
That's because they caught it early, and because they have the factories so they could ramp-up test production very fast to the level required to contain the spread. Those are not universal circumstances.
well no, you write about surfaces (also called fomite transmission). Aerosols are a totally different topic. Please see the historic, massive outbreak of SARS-CoV-1 in Hong Kong Amoy Gardens. There, the aerosols from stool caused a massive outbreak in the whole building and several neighboring buildings.
Ah yes, you are right, my previous comment is not applicable here.
A relevant datapoint here is the case of Webasto in Germany. The woman who infected employees of Webasto and thereby unwittingly created one of the first clusters in Germany was traveling, ate in restaurants etc. Yet the only known infections happened with her colleagues at Webasto, ie those with whom she sat in proximity close and over an extended period.
That indicates that infection „requires“ (or is favored) by extended proximity. It may also indicate that infection by aerosols is more „difficult“ and droplets may be more relevant —> masks!
I am writing this not to say all-safe but to caution against overexcitement/-anxiety/panic. Caution is good but it seems infection is not as easy or fast as mainstream media are touting atm.
This requires a to completely trust people to carry along their cell phone ("oops I forgot it"), and to trust people carrying their OWN cell phone ("Let me visit some enemies with the cell phone of my coughing friend to make them go to quarantine as soon as my friend is tested positive").
well, one may "forget" it on purpose to avoid being quarantined after seeing someone else who gets tested positive later on. This could be even used as a countermeasure to the second point above.
Another reason: "lets meet at a corona party, no cell phones permitted".
As I understand this, the approach here is to bet on personal responsibility. This technology cannot be used to enforce quarantines as the authorities have no access to the data.
Basically, we have to stop 2/3 of infections to get an R<1. If 2/3 of the population use the app honestly and we keep up some other measures (no indoor events where people are in close contact, wearing masks while shopping, no visitors in nursing homes and hospitals, etc.) then this might be enough to contain the virus until we have a vaccine.
Stuck in lock-down, we started a hack to volunteer contact information to keep your friends & family informed if you fall ill. Couple of weeks later, we joined an online Hack and got global support. Then we launched: https://contacttracing.app/en/
Totally non-commercial; we're relying on the generosity of cloud providers @neo4j and @digitialocean.
I reached out pepp-pt (catchy name) to see if they wanted to contribute. Come put time and energy into our hack.
You need lots of coverage for these things to work, plus you need reliable reports of all infections. Governments have access to both these datasets through mobile carriers and it s gdpr-compliant, so they can start tracing spread today
perhaps even too small distance bc it might not connect two persons sitting on opposite sides of a bus/airplane/... while they could still transmit the virus between them (less likely, but still)
The app basically uses Bluetooth Low Energy for the proximity measurements: The app generates temporary IDs, so if two smartphones with the app come close, they exchange their IDs and save the IDs of their respective partner locally and encrypted. If a person is tested positivive for the novel coronavirus, the doctor can ask the person to upload their list of contacts to the Pepp-PT server. The app can then compare its list with the list on the server and notify the user if they had contact with person who has COVID-19.
Source for the summary (before I found the site at the top): https://www.spiegel.de/netzwelt/apps/corona-warn-app-fuer-eu...