Short description: Method of contact tracing using mobile devices
Proposal for a location-based COVID-19 contact tracing app: Contacts of individual A (and all users of the app) are traced using GPS co-localisations with other app users, supplemented by scanning QR codes in high-traffic areas where GPS is too coarse. Individual A requests a SARS-COV-2 test (using the app) and their positive test result triggers instant notification to users who have been in close contact. The app advises isolation for the case (individual A) and quarantine of their contacts.[1]
Digital contact tracing is a method of contact tracing relying on tracking systems, most often based on mobile devices, to determine contact between an infected patient and a user.[2] It came to public prominence in the form of COVID-19 apps during the COVID-19 pandemic.[3][4][5] Since the initial outbreak, many groups have developed nonstandard protocols designed to allow for wide-scale digital contact tracing, most notably BlueTrace and Exposure Notification.[6][7]
When considering the limitations of mobile devices, there are two competing ways to trace proximity: GPS and Bluetooth; each with their own drawbacks. Additionally, the protocols can either be centralized or decentralized, meaning contact history can either be processed by a central health authority, or by individual clients in the network. On 10 April 2020, Google and Apple jointly announced that they would integrate functionality to support such Bluetooth-based apps directly into their Android and iOSoperating systems.[8]
Digital contact tracing has existed as a concept since at least 2007,[9][10] and it was proven to be effective in the first empirical investigation using Bluetooth data in 2014.[11][12] However, it was largely held back by the necessity of widespread adoption.[13] A 2018 patent application by Facebook discussed a Bluetooth proximity-based trust method.[14] The concept came to prominence during the COVID-19 pandemic,[1] where it was deployed on a wide scale for the first time through multiple government and private COVID-19 apps.[15][16] Many countries, however, saw poor adoption, with Singapore's digital contact tracing app, TraceTogether, seeing an adoption rate of only 10-20%.[17] COVID-19 apps tend to be voluntary rather than mandatory,[18][19] which may also have an impact on the rate of adoption. Israel was the only country in the world to use its internal security agency (Shin Bet) to track citizens' geolocations to slow the spread of the virus.[20] However, cellphone-based location tracking proved to be insufficiently accurate, as scores of Israeli citizens were falsely identified as carriers of COVID-19 and subsequently ordered to self-quarantine.[21] In an attempt to contain the spread of the Omicron Variant, Israel reinstated the use of Shin Bet counterterrorism surveillance measures for a limited period of time.[22]
Apps were often met with overwhelming criticism about concerns with the data health authorities were collecting.[23][24][25] Experts also criticized protocols like the Pan-European Privacy-Preserving Proximity Tracing and BlueTrace for their centralized contact log processing, that meant the government could determine who you had been in contact with.[26][27][28][29]
MIT SafePaths published the earliest paper, 'Apps Gone Rogue',[30] on a decentralized GPS algorithm [31][32] as well as the pitfalls of previous methods. MIT SafePaths was also the first to release a privacy-preserving Android and iOS GPS app.[33]
Covid Watch was the first organization to develop[34] and open source[35][36] an anonymous, decentralized Bluetooth digital contact tracing protocol, publishing their white paper on the subject on 20 March 2020.[37][38][39][40][41] The group was founded as a research collaboration between Stanford University and the University of Waterloo.[42][37][43] The protocol they developed, the CEN Protocol, later renamed the TCN Protocol, was first released on 17 March 2020[44][45][5] and presented at Stanford HAI's COVID-19 and AI virtual conference on April 1.[46][47][48]
NOVID is the first digital contact tracing app which primarily uses Ultrasound. Their ultrasound technology yields much higher accuracy than Bluetooth-based apps, and they are [when?] the only app with sub-meter contact tracing accuracy.[49]
Methodologies
Bluetooth proximity tracing
Bluetooth, more specifically Bluetooth Low Energy, is used to track encounters between two phones. [50][51][52] Typically, Bluetooth is used to transmit anonymous, time-shifting identifiers to nearby devices. Receiving devices then commit these identifiers to a locally stored contact history log. [6] Given epidemiological recommendations, devices store inputs only of the encountered devices for a fixed time, exceeding a threshold (e.g., more than 15 min) at a certain distance (e.g., less than 2 meters). [53]
Bluetooth protocols with encryption are perceived to have less privacy problems and have lower battery usage than GPS-based schemes.[6]:table. 1 Because a user's location is not logged as part of the protocols, the system is unable to track patients who may have become infected by touching a surface an ill patient has also touched.[6] Another serious concern is the potential inaccuracy of Bluetooth at detecting contact events. [54][55] Potential challenges for high received signal strength fluctuations in BLE proximity tracing are line-of-sight vs. non-line-of-sight conditions, various BLE advertising channels, different device placements, possible WiFi interference. [56]
Location tracking
Location tracking can be achieved via cell phone tower networks or using GPS. Cell phone tower network-based location tracking has the advantage of eliminating the need to download an app. Location tracking enables calculating user position with certain levels of accuracy in 2D or 3D. The first contact tracing protocol of this type was deployed in Israel.[57] The accuracy is however typically not sufficient for meaningful contact tracing.[58]
Smartphone GPS logging solutions are more private than Bluetooth based solutions because the smartphone can passively record the GPS values. The concern with Bluetooth-based solutions is that the smartphone will continuously emit an RF signal every 200ms, which can be spied on. On the other hand, digital contact tracing solutions that force users to release their location trails to a central system without encryption can lead to privacy problems.[58]
GEO-QR code tagging
Another method of tracking is assigning a venue or a place to a QR code and having the people scan the QR code by their mobiles to tag their visits. By this method, people voluntarily check in and check out from the location and they have control on their privacy, and they need not download or install any app. Should a positive COVID-19 case be identified later, such systems can detect any possible encounter within the venue or place between the positive case individual and others who might have visited and tagged their visits to the venue at the same time. Such method have been used in Malaysia by Malaysian government and also in Australia and New Zealand by private sector under QR-code visitor check-in systems.[59] In Australia[60][61] and New Zealand,[62] respective local governments have later sought to centralize contact tracing by requiring businesses to use the state's QR-code system.
Ultrasound
Using ultrasound is another way to record contacts. Smartphones emit ultrasound signals which are detected by other smartphones. NOVID, which is the only digital contact tracing app with sub-meter contact tracing accuracy, primarily uses Ultrasound.[49]
CCTV with facial recognition
CCTV with facial recognition can also be used to detect confirmed cases and those breaking control measures.[63] The systems may or may not store identifying data or use a central database.[64]
Reporting centralization
One of the largest privacy concerns raised about protocols such as BlueTrace or PEPP-PT is the usage of centralised report processing.[65][26][27][66][28][29] In a centralised report processing protocol a user must upload their entire contact log to a health authority administered server, where the health authority is then responsible for matching the log entries to contact details, ascertaining potential contact, and ultimately warning users of potential contact.[6]
Alternatively, anonymous decentralized report processing protocols, while still having a central reporting server, delegate the responsibility to process logs to clients on the network. Tokens exchanged by clients contain no intrinsic information or static identifiers. Protocols using this approach, such as TCN and DP-3T, have the client upload a number from which encounter tokens can be derived by individual devices.[67] Clients then check these tokens against their local contact logs to determine if they have come in contact with an infected patient.[68] Inherent in the fact the government does not process nor have access to contact logs, this approach has major privacy benefits. However, this method also presents some issues, primarily the lack of human in the loop reporting, leading to a higher occurrence of false positives;[6] and potential scale issues, as some devices might become overwhelmed with a large number of reports. Anonymous decentralised reporting protocols are also less mature than their centralized counterparts as governments were initially much more keen to adopt centralized surveillance systems.[69][70][68]
Ephemeral IDs
Ephemeral IDs, also known as EphIDs, Temporary IDs[71] or Rolling Proximity IDs,[72] are the tokens exchanged by clients during an encounter to uniquely identify themselves. These IDs regularly change, generally ever 20 minutes,[6] and are not constituted by plain text personally identifiable information. The variable nature of a client's identifier is needed for the prevention of tracking by malicious third parties who, by observing static identifiers over a large geographical area over time, could track users and deduce their identity. Because EphIDs are not static, there is theoretically no way a third party could track a client for a period longer than the lifetime of the EphID. There may, however, still be incidental leakage of static identifiers, such as was the case on the BlueTrace apps TraceTogether and COVIDSafe[73][74][75][76] before they were patched.[77][78]
Generally, there are two ways of generating Ephemeral IDs. Centralized protocols such as BlueTrace issue Temporary IDs from the central reporting server, where they are generated by encrypting a static User ID with a secret key only known to the health authority.[6] Alternatively, anonymous decentralized protocols such as TCN and DP-3T have the clients deterministically generate the IDs from a secret key only known to the client. This secret key is later revealed and used by clients to determine contact with an infected patient.[68]
During the unfolding COVID-19 pandemic, reactions to digital contact tracing applications worldwide have at times been drastic and often polarized.
Despite holding the promise to drastically reduce contagion and allow for a relaxation of social distancing measures, digital contact tracing applications have been criticized by academia and the public alike. The main issues concern the technical efficacy of such systems and their ethical implications, in particular regarding privacy, freedoms and democracy.[25][90][91]
The US non-profit, ForHumanity, called for independent audit and governance of contact tracing[92] and subsequently launched the first comprehensive audit[93] vetted by a team of global experts, known as ForHumanity Fellows[94] on privacy, algorithmic bias, trust, ethics and cybersecurity. NY State Senate Bill S-8448D, which passed in the Senate in July 2020, calls for independent audit of digital contact tracing.[95]
Independent audit and governance
Voluntary adoption of digital contact tracing has fallen short of some estimated thresholds for efficacy. This has been referred to as a "trust-gap"[96] and advocates for digital contact tracing have endeavored to identify ways to bridge the gap. Independent Governance suggests that contact tracing authorities and technology providers do not have adequate trust from the traced populace and therefore requires independent oversight which exists on behalf of the traced for the purposes of looking after their best interests.[citation needed]
Independent audit borrows from the financial accounting industry the process of third-party oversight assuring compliance with existing rules and best-practices. The third party auditor examines all details of digital contact tracing in the areas of ethics, trust, privacy, bias and cybersecurity. The audit provides oversight, transparency and accountability over the authority providing the digital contact tracing.[citation needed]
Technical feasibility
The technical feasibility and necessity of digital contact tracing is the subject of debate, with its major proponents [97] claiming it to be indispensable to stop the spread of pandemics, as COVID-19, and its opponents raising points on its technical functioning and adoption rate by citizens. The conflict between the opt-in voluntary usage by citizens in many countries and the necessity of an almost universal adoption rate is unresolved. According to a study published in Science,[1] an adoption rate of around 60% of the total population is needed for digital contact tracing applications to be effective. In countries where this was made voluntary, like Singapore, the adoption rate remained below 20%.[98][97] Also, the efficacy of using Bluetooth technology to determine proximity is subject to scrutiny, with critics pointing out that false positives could be reported due to the inaccuracy of the technology. Instances of this are interference by physical objects (e.g. two people in two adjacent rooms) and connections being made even at 10–20 meters distances.[99][54][55]
System requirements
Smartphone-based digital contact tracing applications have system requirements such as Android/iOS version, bluetooth enabled, gps enabled. The system requirements facilitate maintainability and technical effectiveness at the cost of the adoption rate. Smartphones stop receiving software updates a few years after release (2–3 years for Android, 5 years for iOS). Improvements to this ecosystem would benefit the adoption rate of future digital contact tracing applications.[citation needed]
Ethical issues
Other than having doubts about the technical effectiveness of smartphone-based contact tracing systems, publics and academia are confronted with ethical issues about the use of smartphone data by central governments to track and direct citizen behaviour.[100] The most pressing questions pertain privacy and surveillance, liberty, and ownership. Around the world, governments and publics have taken different positions on this issue.[citation needed][101]
Privacy
On privacy, the main problem about digital contact tracing regards type of information which can be collected from each person and the way related data is treated by companies and institutions. The type of data which is collected, and the approach being used (centralized or decentralized) determine the severity of the issue. In other words, a privacy-first approach that sacrifices data for privacy or a data-first approach that collects citizen data in exchange for private information from citizens.[102] Moreover, critics point out that claims of anonymity and protection of personal data, even if made by institutions, cannot be verified and that individual's user profiles can be traced back in several cases.[103]
Surveillance
Closely related to privacy, comes the issue of surveillance: too much personal data in centralized governmental database could set a dangerous precedent on the way governments are capable of “spying” on individual behaviour. The possibility that a wide-ranging adoption of digital contact tracing could set a dangerous precedent for surveillance and control has been abundantly treated by media and academia alike.[103][100] In short, the main concern here relates to the tendency of temporary measures, justified by an emergency situation, to be normalized and extended indefinitely in a society.[104][105] Concerns of normalizing exceptional surveillance practices were raised Israel, where existing cellphone surveillance measures used for counterterrorism purposes were employed for COVID-19 contact tracing purposes.[106]
Environment
Electronic waste may result from the need to purchase a new smartphone to meet the system requirements of smartphone-based digital contact tracing applications.[citation needed]
↑Bahri, Shamshul (2007-01-01). "Enhancing quality of data through automated SARS contact tracing method using RFID technology". International Journal of Networking and Virtual Organisations4 (2): 145–162. doi:10.1504/IJNVO.2007.013540. ISSN1470-9503.
↑Altuwaiyan, Thamer; Hadian, Mohammad; Liang, Xiaohui (May 2018). "EPIC: Efficient Privacy-Preserving Contact Tracing for Infection Detection". 2018 IEEE International Conference on Communications (ICC). Kansas City, MO: IEEE. pp. 1–6. doi:10.1109/ICC.2018.8422886. ISBN978-1-5386-3180-5.
↑Shubina, Viktoriia; Holcer, Sylvia; Gould, Michael; Lohan, Elena Simona (2020). "Survey of Decentralized Solutions with Mobile Devices for User Location Tracking, Proximity Detection, and Contact Tracing in the COVID-19 Era". Data5 (4): 87. doi:10.3390/data5040087.
↑Flueratoru, Laura; Shubina, Viktoriia; Niculescu, Dragos; Lohan, Elena Simona (2021). "On the High Fluctuations of Received Signal Strength Measurements with BLE Signals for Contact Tracing and Proximity Detection". IEEE Sensors Journal22 (6): 5086–5100. doi:10.1109/JSEN.2021.3095710.
↑Guinchard, Audrey (2021-01-02). "Our digital footprint under Covid-19: should we fear the UK digital contact tracing app?". International Review of Law, Computers & Technology35 (1): 84–97. doi:10.1080/13600869.2020.1794569. ISSN1360-0869.
↑Cahane, Amir (2021). "The (Missed) Israeli Snowden Moment?". International Journal of Intelligence and CounterIntelligence34 (4): 694–717. doi:10.1080/08850607.2020.1838902.