Contact tracing technologies and protocol
May 29, 2020
On this page
Content summary
Explaining TAD’s « Contact Tracing Technologies » chart
PURPOSE:
To provide a brief overview of TAD’s Contact Tracing Technologies excel file.
ISSUE:
The contact tracing excel spreadsheet compiled by TAD is a complex, multi-tab spreadsheet, which needs further explanation.
BACKGROUND:
In an effort to keep up with the fast-changing technologies, protocols, and applications being used in digital contact tracing, TAD produced a multi-tab excel spreadsheet.
Contact tracing technologies tab
The first tab focuses on contact tracing technologies by describing the accuracy, tracing method, purpose, and privacy dimensions of three digital contact tracing technologies: Bluetooth, GPS, and Bluetooth-GPS combined. This tab also identifies the differences between location tracking (GPS) vs proximity tracing (Bluetooth).
Contact tracing Protocols tab
Focuses on contact tracing protocols, and describes their underlying technology, relationship with consent, contact matching process (centralized vs decentralized), use of rotating unique identifiers, data retention periods, and safeguards, amongst other features. Each row is accompanied by a brief description of its content. This highly detailed content is provided for the following protocols: Apple/Google, PEPP-PT, DP-3T, BlueTrace/OpenTrace, TCN, MIT SafePaths, and PACT.
Provincial Applications tab
Provides further detail on Canadian apps that have been developed thus far. The only public app adopted by a provincial health authority is ABTraceTogether; however, the Commissioner also requested that MILA’s proposed app be added to this file. Both apps are shown beside each other. The tab describes each app, where it is being used, when it was launched, which protocol it uses, who created it, who uses it, and what information is required to use it.
For additional definitions: please review the Contact Tracing Backgrounder briefing note and the INDU Q&A documentation.
Contact tracing technologies
| Technologies | Accuracy | Tracing method | Purpose | Privacy |
|---|---|---|---|---|
| Bluetooth Low Energy | Accurate | Determines user interactions, Based on Bluetooth beacon exchanges and signal strength | Contact Tracing (proximity) | In general, there is no personal identifiable information disclosed. The information collected is usually anonymized using cryptographic algorithms. |
| Bluetooth Low Energy + GPS | Accurate | Determines user interactions Based on Bluetooth beacon exchanges and signal strength and determines user location using GPS coordinates | Contact Tracing (proximity) + Location Tracking | Privacy can be impacted when aggregating geolocation information. |
| Geo-tracking using GPS | Less accurate | Determines user location using GPS coordinates | Location Tracking More suited for Quarantine Compliance |
Privacy can be impacted when aggregating geolocation information. |
Location tracking vs Contact Tracing (Proximity Tracing)
Location tracking—using GPS and cell site information; location tracking is not well-suited to contact tracing because it will not reliably reveal the close physical interactions that experts say are likely to spread the disease. Instead, developers are rapidly coalescing around applications for Proximity tracing, which measures Bluetooth signal strength to determine if two smartphones were close enough together for their users to transmit the virus.
The Challenge of Proximity Apps For COVID-19 Contact Tracing
Contact tracing protocols
| Contact Tracing Protocols (CTP)Footnote *. The content of this chart has been solely extracted from the technical documentation that the developers of these protocols have published on their official sites. TAD did not conduct any testing or analysis of these protocols. |
||||||||
| Criteria | Descriptions | Apple/Google | PEPP-PT | DP-3T | BlueTrace/ OpenTrace |
TCN | MIT SafePaths | PACT: Private Automated Contact Tracing |
|---|---|---|---|---|---|---|---|---|
| Sources (Links) | The information sources include the links to the technical documentations published by the developers of the Protocols. |  |
 |
 |
 |
 |
 |
 |
| Underlying technology | Contact tracing technology | Bluetooth LE | Bluetooth LE | Bluetooth LE | Bluetooth LE | Bluetooth LE | GPS | Bluetooth LE |
| Consent is required when uploading records | Interaction records will only be uploaded to the servers if the user consents. | YES | YES | YES | YES | YES | YES | YES |
| Centralized CTP | Centralized CTP uses a central server that manages, processes, and stores information which can increase the risk of vulnerability to malicious actors by having to breach only the central server to gain access to information. | NO | Centralized contact tracing capabilities |
NO | Centralized contact tracing capabilities |
NO | NO | NO |
| Decentralized CTP | Decentralized CTP allows devices to manage and control information independently and allows individuals to pool the information when they want/need thereby decreasing the risk of vulnerability and information accessible to a malicious actor. Decentralized CTPs are considered to be a privacy enhancing solution since there is minimum collection of information. | YES | Decentralized proximity data collection | YES | Decentralized proximity data collection | YES | YES | YES |
| Rotation of Bluetooth identifiers and proximity IDs | The rotation of Bluetooth identifiers used for tracing interactions can be considered a privacy enhancing solution. | YES | YES | YES | YES | YES | NO | YES |
| Frequency of proximity ID rotation | The frequency of rotation of the identifiers can be challenging for third parties attempting to track of users. | Every 15 minutes | Not specified | Not specified | Every 15 minutes | Not specified | GPS logged every 5 minutes | Not specified |
| Data retention period on device | Duration of time which the collected proximity IDs are retained on the mobile device. | 14 Days | 21 Days | 14 Days | Not specified | Not specified | 28 days | Not Specified |
| Data retention period on server | Duration of time that the server retains the interaction identifiers after users that have tested positive upload the interactions IDs. This also aims to identify the data retention time on centralized solutions that collect all user interactions on the back-end server. | Not specified | Not specified | 14 Days | 21 Days | Not specified | Not specified | Not specified |
| Contact matching on server | The contact matching process is handled by the back-end server using a randomly generated keys/tokens to compare and cross match to find potential exposed users to send notifications in event of contact with a positive tested user. | NO | YES | NO | YES | NO | NO | YES |
| Contact matching on device | The contact matching process is managed by the mobile device using a randomly generated key/token as a handshake with other devices to create a list in case of contact with infected user to create notification. | YES | NO | YES | NO | YES | YES | NO |
| Encryption at rest | A design to prevent unknown entities from accessing, modifying or stealing data on device. Prevents data visibility. | YES | Not specified | YES | YES | Not specified | Not specified | Not specified |
| Encryption in transit | Used to protect data during communication from device/server or server/device. Encrypts the data before sending, authenticating at endpoints, decrypting and verifying on arrival. | YES (SSL/TLS) | YES (TLS) | YES (TLS) | YES (TLS) | Not specified | YES (TLS) | Not specified |
| Geolocation tracking | The ability to approximate position of particular devices on a mapping system. This is possible by using GPS coordinates. | NO | NO | NO | NO | NO | YES | NO |
| Privacy from third parties | The CTP is designed to provide privacy from third parties passively monitoring Bluetooth interaction, in order to identify or track individuals. | YES | YES | YES | YES | YES | YES | |
| Positive results are anonymous to users | Positive results are not known unless user has a PIN from a health authority to send to compare potential users that have come in contact and are at high-risk. | YES | YES | YES | YES | YES | UNCLEAR | YES |
| Exclusive for Covid-19 contact tracing | The protocol is exclusively to be used with the intent to help minimize the spread of Covid-19 and will be dismantled after the pandemic is no longer a threat. | The system will be dismantled after the pandemic | Not specified | The system will be dismantled after the pandemic | Not specified | Not specified | There is a COVID-specific version, but this project existed before. | The system will be in a dormant state but can be redeployed for future pandemics |
| Personal information collected | Any information that is not an anonymous unique ID that could potentially identify an individual. | NO | NO | NO | Cellphone Number | NO | NO | NO |
| Cryptographically anonymized identifiers | Cryptographic encryption and/or hashing algorithms are implemented to prevent the identification of individuals. Link: CSE guidance for Cryptographic Algorithms |
The system anonymizes IDs using cryptographic hashes | The system anonymizes IDs using encryption (AES) | The system anonymizes IDs using cryptographic hashes HMAC-SHA256 | The system anonymizes IDs using encryption (AES-256-GCM) | The system anonymizes IDs using cryptographic hashes (SHA256) | The system hashes the GPS traces (SHA256), encrypts them (AES-256) and stores the data locally. | Not Specified |
| Quarantine compliance | Upon a positive result it adds the ability to ensure user is complying with quarantine directives. | Not implemented | Not implemented | Not implemented | Not implemented | Not implemented | NO | Not Specified |
| Accessed by Public Health Authority | Health Authorities are the only group with the ability to access information. | YES | YES | YES | YES | YES | NO | Not Specified |
| Development Stage | Phase 1 Launched May 20, 2020. Phase 2 still in development | Still in Development | Still in Development | Launched | Still in Development | Still in Development | Still in Development | |
| Adoption | Jurisdictions that have adopted the protocols or have expressed interest in adopting the protocols. Note: As of today (May 20, 2020), this information is accurate and up to date. Please keep in mind that jurisdictions views have been changing lately, as protocols evolve. |
Germany, Italy, Netherlands | Not Specified | Switzerland, Austria, Estonia, Finland and Germany | Singapore, Australia, Czech Republic, Canada (Alberta) | Not Specified | Not Specified | Not Specified |
| Developed By | Organization or Group that collaborated to create the protocol. | Google, Apple Inc. | Fraunhofer Institute for Telecommunications, Robert Koch Institute, Technical University of Berlin, TU Dresden, University of Erfut, Vodafone Germany, French Institute for Research in Computer Science and Automation (inria) | EPFL, ETHZ, KU Leuven, TU Delft, University of Oxford, University of Torino/ISI Foundation | Singapore Government Digital Services | CovidWatch, CoEpi, ITO, Commons Project, Zcash Foundation, Openmined | MIT, Harvard, The Mayo Clinic, TripleBlind, EyeNetra, Ernst & Young and Link Ventures | Massachusetts Institute of Technology, ACLU, Brown University, Weizmann Institute, Thinking Cybersecurity, Boston University |
| Additional comments | The developers claim that it is possible to implement other solutions to avoid the collection of cellphone numbers. | There are three versions of this protocol; the data in this column is based on documentation about the third (beta) version, but might quickly become out of date as the projeect changes. This is the foundational protocol for MILA's proposed app. MILA's app adds a "risk model" feature, which adds complexity to the architecture. |
Proposed to integrate with Apple My Find. Adding an extension to My Find will take the existing chirps fro contact tracing and will not be encrypted. | |||||
Provincial applications
| Description | AB TraceTogether | MILA | COVID Shield - Shopify | Pandemik - Mimik | |
|---|---|---|---|---|---|
| Description of Application | The design of the application and what it's intended purpose is. | Designed to help with recording contact tracing connected to positive cases of the coronavirus. | This is a privacy-preserving, location-tracing app spear-headed by academia at MILA. In addition to location-tracing, the app is meant to help users assess their risk of COVID-19 infection and provide them with recommendations to change their behaviour.[REDACTED] | COVID Shield consist of a 3-tier platform that includes a mobile app, a backend server and a web-based portal (optional). COVID Shield comes with the ability to be distributed and managed at a federal, provincial or territorial level and can be configured to each situations guidelines. In which ever capacity COVID Shield is deployed, it will still be able to connect to a centralized backend server. | Pandimik is a mobile application built on Mimik’s hybrid cloud computing platform. The application tracks and records contact history on mobile devices, without storing information on any public server. Pandimik alerts users when it detects that a user may have been exposed to Covid-19. |
| Deployment | The province the application will be used in. | Alberta | Quebec | Provincial, Territorial and/or Federal | Provincial, Territorial and/or Federal |
| Status | Is the application available for public use or is it still under development. | Launched May 1 | In-development (ongoing) | In-development; Waiting for sponsorship with Public Health Authority | In-development; Waiting for sponsorship with Public Health Authority |
| Protocol Used | See Contract Tracing Protocols. | Bluetrace/Opentrace | [REDACTED] | Apple/Google | Proprietary protocol |
| Actors | People or groups that will have access to information. | Government of Alberta | [REDACTED] | Not specified | Not specified |
| Information Required | When installing the application does the app ask for specific information. | Phone Number | [REDACTED] | No information required, only access to technologies needed for the Apple/Google Exposure Notification Technology | Mimik indicates that after installing the app, users are required to create an account. Nevertheless, no reference has been provided regarding the information required during the account creation process. |
| Users | Who is the intended user-base. | Albertans | Canadians [REDACTED] | Canadians | Canadians |
| Sources for information | The information sources include the links to the technical documentations published by the developers of the Protocols. | Alberta.ca | MILA | COVIDShield | Mimik |
| Additional Comments |
- Date modified: