Digital contact tracing is a method of contact tracing relying on tracking systems, most often based on mobile devices, to determine contact between an infected patient and a user. It came to public prominence in the form of COVID-19 apps during the COVID-19 pandemic. Since the initial outbreak, many groups have developed nonstandard protocols designed to allow for wide scale digital contact tracing, most notably BlueTrace and Exposure Notification. When considering the limitations of mobile devices, there are two competing ways to trace proximity: GPS and Bluetooth; each with their own drawbacks. Additionally the protocols can either be centralized or decentralized, meaning contact history can either be processed by a central health authority, or by individual clients in the network. On 10 April 2020, Google and Apple jointly announced that they would integrate functionality to support such Bluetooth-based apps directly into their Android and iOS operating systems.
History
Digital contact tracing has existed as a concept since at least 2007, but was largely held back by the necessity of widespread adoption to be effective. A 2018 patent application by Facebook discussed a Bluetooth proximity-based trust method. The concept came to prominence during the COVID-19 pandemic, where it was deployed on a wide scale for the first time through multiple government and private COVID-19 apps. Many countries however saw poor adoption, with Singapore's digital contact tracing app, TraceTogether, seeing an adoption rate of only 10-20%. Apps were often met with overwhelming criticism about concerns with the data health authorities were collecting. Experts also criticized protocols like the Pan-European Privacy-Preserving Proximity Tracing and BlueTrace for their centralized contact log processing, that meant the government could determine who you had been in contact with. Covid Watch was the first organization to develop and open source an anonymous Bluetooth digital contact tracing protocol, publishing their white paper on the subject on. The group was founded as a research collaboration between Stanford University and the University of Waterloo. The protocol they developed, the TCN Protocol, was first released on.
Methodologies
Bluetooth proximity tracing
Bluetooth, more specifically Bluetooth Low Energy, is used to track encounters between two phones. Typically, Bluetooth is used to transmit anonymous, time-shifting identifiers to nearby devices. Receiving devices then commit these identifiers to a locally stored contact history log. Bluetooth protocols with encryption have privacy protections and lower battery usage. Because a user's location is not logged as part of the protocols, their location cannot be tracked. As a result the system is unable to track patients who may have become infected by touching a surface an ill patient has also touched. Another serious concern is the potential inaccuracy of Bluetooth at detecting contact events
Location tracking
Location tracking can be achieved via cell phone tower networks or using GPS. Cell phone tower network-based location tracking has the advantage of eliminating the need to download an app. The first contact tracing protocol of this type was deployed in Israel,. Smartphone GPS logging solutions are more private than Bluetooth based solutions because the smartphone can passively record the GPS values. The concern with Bluetooth based solution is that the smartphone will continuously emit an RF signal every 200ms which can be spied on. On the other hand, digital contact tracing solutions that force users to release their location trails to a central system without encryption can lead to privacy problems.
Reporting centralization
One of the largest privacy concerns raised about protocols such as BlueTrace or PEPP-PT is the usage of centralised report processing. In a centralised report processing protocol a user must upload their entire contact log to a health authority administered server, where the health authority is then responsible for matching the log entries to contact details, ascertaining potential contact, and ultimately warning users of potential contact. Alternatively, anonymous decentralized report processing protocols, while still having a central reporting server, delegate the responsibility to process logs to clients on the network. Tokens exchanged by clients contain no intrinsic information or static identifiers. Protocols using this approach, such as TCN and DP-3T, have the client upload a number from which encounter tokens can be derived by individual devices. Clients then check these tokens against their local contact logs to determine if they have come in contact with an infected patient. Inherent in the fact the government does not process nor have access to contact logs, this approach has major privacy benefits. However, this method also presents some issues, primarily the lack of human in the loop reporting, leading to a higher occurrence of false positives; and potential scale issues, as some devices might become overwhelmed with a large number of reports. Anonymous decentralised reporting protocols are also less mature than their centralized counterparts as governments were initially much more keen to adopt centralized surveillance systems.
Ephemeral IDs
Ephemeral IDs, also known as EphIDs, Temporary IDs or Rolling Proximity IDs, are the tokens exchanged by clients during an encounter to uniquely identify themselves. These IDs regularly change, generally ever 20 minutes, and are not constituted by plain textpersonally identifiable information. The variable nature of a client's identifier is necessitated for the prevention of tracking by malicious third parties who, by observing static identifiers over a large geographical area over time, could track users and deduce their identity. Because EphIDs are not static, there is theoretically no way a third party could track a client for a period longer than the lifetime of the EphID. There may, however, still be incidental leakage of static identifiers, such as was the case on the BlueTrace apps TraceTogether and COVIDSafe before they were patched. Generally, there are two ways of generating Ephemeral IDs. Centralized protocols such as BlueTrace issue Temporary IDs from the central reporting server, where they are generated by encrypting a static User ID with a secret key only known to the health authority. Alternatively, anonymous decentralized protocols such as TCN and DP-3T have the clients deterministically generate the IDs from a secret key only known to the client. This secret key is later revealed and used by clients to determine contact with an infected patient.
During the currently unfolding COVID-19 pandemic, reactions to digital contact tracing applications worldwide have been drastic and often polarized, especially in European countries. Despite holding the promise to drastically reduce contagion and allow for a relaxation of social distancing measures, digital contact tracing applications have been criticized by academia and publics alike. The two main issues brought up concern the technical efficacy of such systems and their ethical implications, in particular regarding privacy, freedoms and democracy.
Technical feasibility
The technical feasibility and necessity of digital contact tracing is currently subject of debate, with its major proponents claiming it to be indispensable to stop the spread of pandemics, as COVID-19, and its opponents raising points on its technical functioning and adoption rate by citizens. First of all, the conflict between the opt-in voluntary usage by citizens in many countries and the necessity of an almost universal adoption rate is unresolved. Indeed, according to a study published in Science, an adoption rate between of around 60% of the total population is needed for digital contact tracing applications to be effective. In countries where this was made voluntary, like Singapore, the adoption rate remained below 20%. Second, the efficacy of using Bluetooth technology to determine proximity is subject to scrutiny, with critics pointing out that false positives could be reported due to the inaccuracy of the technology. Instances of this are interference by physical objects and connections being made even at 10–20 meters distances.
System Requirements
Smartphone-based digital contact tracing applications have system requirements such as Android/iOS version, bluetooth enabled, gps enabled. The system requirements facilitate maintainability and technical effectiveness at the cost of the adoption rate. Smartphones stop receiving software updates a few years after release. Improvements to this ecosystem would benefit the adoption rate of future digital contact tracing applications.
Ethical issues
Other than having doubts about the technical effectiveness of smartphone-based contact tracing systems, publics and academia are confronted with ethical issues about the use of smartphone data by central governments to track and direct citizen behaviour. The most pressing questions pertain privacy and surveillance, liberty, and ownership. Around the world, governments and publics have taken different positions on this issue.
Privacy
On privacy, the main problem about digital contact tracing regards type of information which can be collected from each person and the way related data is treated by companies and institutions. The type of data which is collected, and the approach being used determine the severity of the issue. Moreover, critics point out that claims of anonymity and protection of personal data, even if made by institutions, cannot be verified and that individual’s user profiles can be traced back in several cases.
Surveillance
Closely related to privacy, comes the issue of surveillance: too much personal data in centralized governmental database could set a dangerous precedent on the way governments are capable of “spying” on individual behaviour. The possibility that a wide-ranging adoption of digital contact tracing could set a dangerous precedent for surveillance and control has been abundantly treated by media and academia alike. In short, the main concern here relates to the tendency of temporary measures, justified by an emergency situation, to be normalized and extended indefinitely in a society.
Environment
may result from the need to purchase a new smartphone to meet the system requirements of smartphone-based digital contact tracing applications.
