Unified research on privacy-preserving contact tracing and exposure notification
This document has been created to share information across the numerous projects that are creating mobile apps to help contact tracers that their work is solidly ´ in the work that public health care is doing around the world. This document aims to collate questions, statistics and experiences to ensure that apps are relevant and secure.
Initial authors: Mitra Ardron, Peter Eckersley, and volunteers from Covid Watch and stop-covid.tech
Subsequent authors: many!
Distribution: please feel free to circulate widely to relevant parties
Editing policy: please feel free to make constructive additions to this doc!
TABLE OF CONTENTS
Information on the COVID-19 contact tracing workflow 1
Questions that App Developers have for Contact Tracers 3
Questions that Contact Tracers have for App Developers 5
Questions that App Developers have for other App Developers 6
Notes on types & sources of data 6
Notes on Privacy Preservation 7
Secure Authentication of Diagnoses 8
Relevant projects & Circulation list 9
Application Developers 9
Major Tech Companies 15
Projects and products based on existing location data records 15
Notes & summaries of projects 16
Teams at tech companies working on these questions 23
Technical papers and materials 23
Media Coverage of Location Tracing and related privacy issues. 26
Other Links relating to privacy and Location tracking 27
Information on the COVID-19 contact tracing workflow
App developers should begin by reading a bit about the contact tracing workflow. Some resources are included here; please expand if you know of other high quality sources:
* Wikipedia on contact tracing.
* In summary: a public health worker will typically have a phone conversation with each diagnosed patient to retrace the preceding weeks of that person’s life, identifying individuals the patient was in contact with, in order to notify them to isolate and potentially seek testing.
* Contacts are typically grouped into close contacts and casual contacts; for COVID-19, most of the emphasis is on close contacts because transmission rates are substantially higher for close contact.
* Aside: diseases vary in how much of their transmission is caused by “superspreading” events, where a large number of people are infected at a single event. COVID-19 superspreading events have been reported; when contact tracing discovers a likely superspreading event, one would want to isolate and test all attendees at such an event, including casual contacts.
* At the most thorough end of the spectrum, contact tracing can produce very detailed data like Singapore's or Taiwan's. But not all jurisdictions have that level of resourcing, and many might not need or choose to publish or even record this level of information for privacy reasons.
* Depending on the jurisdiction, apps might have multiple goals:
* 1. Make an existing, effective, contact tracing operation more accurate by finding more close contacts (who were unknown to or forgotten by patients)
* 2. Allow the deployment or scaling of a contact tracing operation that otherwise would be unable to respond sufficiently to an outbreak
* 3. Perform the same actions as contact tracing via an private alert system, giving the guidance contact tracers would give to exposed users, but anonymously and automatically, separate from traditional contact tracing (Covid Watch, CoEpi)
* Note that an alternative to objective 2 is to hire more human contact tracers. Australia for example has been onboarding thousands of tracers per day, and this may be an effective destination for stimulus funds. In such a situation, the goal is not to automate but enhance the accuracy of that effort[a]
* ECDC guideline6s and algorithm for contact traceryess
* A few examples of resources for contacts and the public in general:
* Australia distributes information to identified close contacts (note that some epidemiologists have publicly disagreed and recommended masks for all exposed individuals, or everyone in crowded spaces)
* New Zealand’s information for the public on COVID-19 contact tracing
* Los Angeles’s information for close contacts
* Casual contacts are more often advised to isolate fully if they develop symptoms (eg New Jersey advice)
* Are there any videos of contact tracing interviews? (in the meantime, you can watch the Hollywood dramatised version from the film Contagion or interviews with Singaporean contact tracers)
Questions that App Developers have for Contact Tracers
Q: Do some or all contact tracers use Google Maps Timeline or similar tools with patients? If other tools, which ones? What are their strengths and limitations?
In at least several jurisdictions, the answer seems to be `no’. We’re looking to hear from any that are doing this.
Q: For contact tracers (and epidemiologists): what are the current statistics about transmission for different distances, durations[b][c][d], and types of contacts?
There are some published statistics from Taiwan;[e] note that they did not include testing of asymptomatic contacts. This page has a good review of the literature up to mid-April. This analysis of data from China (besides Hubei) in January and early February 2020 shows that 99.7% of traced infections occurred indoors, though this may be biased by the cold winter weather in most of China at that time. Some of the literature on SARS transmission may also be indicative.
Q: Specifically, what’s the minimum duration of contact that we should consider important[f]? What’s the maximum distance?
In a number of jurisdictions’ interview procedures, “close contact” means greater than[g][h] 15 minutes face-to-face or the sharing of a closed space for more than two hours with a confirmed case without recommended personal protective equipment (PPE). On aircraft the heuristic of ± 2 rows is used. [i][j][k][l][m][n]
Large scale digital exposure notification technologies should consider collecting their own data over time on transmission probability as a function of distance and time of exposure.
Q: How do you deal with fomites (objects which carry infection) in public places?
A: Short answer from an epidemiologist: with COVID-19, the transmissions occur, but too diffusely to contact trace; instead, this risk needs to be mitigated by general sanitation (handwashing, avoid touching faces) and cleaning of venues where cases were confirmed. It is recommended that apps always loop through a public health agency to manage the notification process for venues, but for apps that don’t or can’t for some reason, notifying the venues directly may be an option.
(Note that the time window for cleaning to be useful is fairly tight, probably 3 days at most from the time the patient was in a location, with the benefits skewed towards the beginning of that time -- so the usefulness of sending cleaning alerts depends on the speed of testing, or the ability of a tracing process to notify businesses based on symptoms rather than a positive diagnosis)
Q: If fomites are important, and we could illustrate this using a map accurate enough to show businesses and restaurants where confirmed cases have very recently been, then what things would be important to communicate with that map? Simply "avoid red zones for x number of days?" Or are there other important things to communicate?
A: Short answer from an epidemiologist: the map is unlikely to be helpful, since by the time you’re showing it it’s [almost always] too late, and if it’s not too late, sterilizing the area is the best solution.[o][p][q]
Q: How does this answer change if instead we are only able to show location data accurate to neighborhoods?
A: Speculative answer from a technologist: if this were to be helpful, it would have to be because it was making the app interesting to use (and increasing coverage for short-range retrospective proximity tracing) and reinforcing messages that people should stay home, rather than because it was helping to avoid being exposed in specific places.
Q: Besides distance and duration of contact, which could be measured by bluetooth, what else strongly influences transmission?
There is plausible speculation that less severe infections might have a lower probability of transmitting the virus, but this has not been properly measured.
Q: What would it take for contact tracers to consider bluetooth contact tracing more than a speculative technology? What should an app developer be able to show?
See questions from contact tracers in the section below
Q: How accurate would the distance and duration of contact measures need to be? Can you put a number on this, a guess or a max?
Some jurisdictions are using “15 minutes face to face” as a heuristic, less than that would be a casual contact
Q: If an app user is alerted that they’ve had significant contact with someone who tested positive for COVID-19 during their infectious incubation period, what anonymous automated messages should we send them?
From Covid Watch: Our privacy-preserving system is designed to alert people early who could *choose* to call their public health agencies, not for contact tracers to track them down directly. We’d like to know what automated messages are best to send in this case. What do we instruct people to do? Currently: Call this # to inquire about testing, start wearing a mask outside, and self-isolate. [r][s]
Questions that Contact Tracers have for App Developers
Q: from one jurisdiction’s public health officials: can you reliably identify close contacts for us? Not just the same cafe or restaurant, but who was actually close to the patient for some time?
Covid Watch Respons