Technology-Enabled Contact Tracing

The Problem we are solving

Extensive, aggressive and timely contact tracing is so far the only alternative to full lockdowns to control the spread of the SARS-CoV-2 virus causing the COVID-19 disease. The contact tracing approach has proven its efficiency in South Korea which shows no exponential growth of new infections (as of 03.04.2020) and has not entered full lockdown even though South Korea was one of the early virus hotspots.

Manual contact tracing is difficult, resource-consuming and imprecise. It is based on the memory of the infected individual, who may be in a critical condition and can’t give out information, people forget things, and sometimes people who had contact with an infected person can’t be contacted as their contact information is not known.

The AntiCOVIDSoftTM platform (application for iOS / Android + back-end to process information) solves this issue and makes tracing almost automatic.

How it works

Once a person installs the app, it starts running in the background. The user can turn off the app running in the background, but the next time he/she starts it, the app will complain that it was not ‘on’ and was not tracking. The user will be given motivational messages (‘Let’s save lives together’) to keep the app running in the background at all times. This fosters accuracy of data, as users are expected to forget turning the app on manually every time they leave their home.

Background features

While running in the background, the app will perform the following actions:

  1. Advertise on Bluetooth the particular Bluetooth ServiceUUID (e.g. AntiCOVIDSoftDevice).
    It will also accept connections from other devices to share its anonymised ID.
  2. Record
    1. GPS position + accuracy (as frequent as updates are provided)
    2. Information about Bluetooth devices found nearby (not only AntiCOVIDSoftDevice), as frequent as practical given battery life considerations.

      IMPORTANT NOTE: No information is sent or stored on the server at this stage.
      All data is (a) stored locally to preserve the user’s privacy; and (b) it is anonymous.

  3. Once in a while, the app sends to the server a pull request to receive the list of IDs of newly reported infected persons, with information about the bounds on their GPS-position for the last N weeks.

    If a user was in contact with an infected ID which was registered over the Bluetooth or QR code (see below on QR codes), he/she is flagged as ‘at risk’. If no QR-code based or Bluetooth based contact was made, then GPS tracks are analysed for proximity, the app selectively pulls tracks interesting for it from the server and compares the user’s track to the infected track locally to look for potential intersections and suspected exposures.

Foreground features

While in the foreground the app shows some infographic which can be interesting to the user: A map with numbers of infected people per location, the user’s own track (can be switched off for privacy purposes), tracks of infected people (those which were pulled by the app from the server).

Additionally, users can create ‘digital handshakes’ by scanning QR codes on any device generated by the other device. While such ‘handshake’ is being sent over the central server, it is encrypted with a one-time AES 256 bit symmetrical encryption key, which is encoded in QR-code, so the server does not know which user IDs established the contact and privacy is preserved – the fact that a contact was made is stored locally.

A QR-code enabled digital handshake is not a direct ‘competitor’ for Bluetooth distance measurements, as the culture of QR-code handshakes will drive the adoption of the app (people who don’t have an app will be invited to install after scanning the QR code).

Community engagement features

We plan to provide users some information about COVID-19 (general news, no medical advice which requires license or is regulated) and warn them if they are suspected to have been or be exposed to COVID-19. Local governments and medical authorities will be invited to provide country-specific or areas-specific information and updates, we will also provide to medical authorities tools to contact those users that are identified as ‘exposed’ (i.e. they will be able to send messages to the user devices, we will NOT share their contact information). Governments will pay us a fee for such customised access / service, and this is the monetisation route for the service. People will also be able to report that they have recovered from COVID-19 or tested immune to it (based on serology anti-bodies testing), and we are planning to provide for some community engagement for such persons (aka ‘immunity passport’) allowing selective restrictions softening for those who are immune. Details on this sort of community engagement will come at a later stage.

Challenges

  1. Users are extremely privacy sensitive. Contact tracing requires users to surrender a certain degree of privacy, and it is paramount that users believe that their data is not misused.

    How we address it: We have the vision that if we make the code of our app open-source, coupled with the fact that nothing (except digital handshake using QR-code, which is end-to-end encrypted) is sent to the back-end server except with user consent when he/she falls ill and reports it, it will allow us to gain trust and momentum.

  2. Contact-tracing technology shall be working across borders. There is a trend with all jurisdictions coming up with their local solutions with varying quality. This means that if a user who has an app sponsored by government A meets a user who is using an incompatible app sponsored by government B they can’t trace this contact.

    How we address it: We will make our back-end, our user-id format, QR-code format and our Bluetooth specifications open to anyone. Our code will be open-source so our ‘competitors’ can look how exactly it is implemented, they can use specifications, code and back-end itself as they please to register contacts with users of our app under the condition that they provide us the ability to register contacts with their users.