User:Bravetheif/Digital contact tracing

Digital contact tracing is a method of contact tracing that takes advantage of mobile devices to determine contact between an infected patient and a user. Although a substantial body of literature on the subject existed as early as 2013,  it came to public prominence during the 2019–20 coronavirus pandemic. Since the initial outbreak, many groups have developed nonstandard protocols designed to allow for wide scale digital contact tracing, most notably BlueTrace and the Google / Apple contact tracing project. When considering the limitations of mobile devices, there are two competing ways to trace contact: GPS and Bluetooth; each with their own drawbacks. Additionally the protocols can either be centralized or decentralized, meaning contact history can either be processed by a central health authority, or by individual clients in the network.

History
Digital contact tracing has existed as a concept for over a decade,  but was largely held back by the necessity of widespread adoption to be effective. Digital contact tracing was first tested in 2015 during an Ebola outbreak in Guinea, where it found some success in mitigating the severity of the outbreak. The concept truly came to prominence during the 2019–20 coronavirus pandemic, where it was deployed on a wide scale for the first time through multiple government and private COVID-19 apps. Many countries however saw poor adoption, with Singapore's digital contact tracing app, TraceTogether, seeing an adoption rate of only 10-20%. Apps were often met with overwhelming criticism about concerns with the data health authorities were collecting. Experts also criticized protocols like the Pan-European Privacy-Preserving Proximity Tracing and BlueTrace for their centralized contact log processing, that meant, unlike with decentralized protocols, the government could determine who you had been in contact with.

Bluetooth contact tracing
Currently all major digital contact tracing apps use Bluetooth, more specifically Bluetooth Low Energy, to track encounters. Typically, Bluetooth is used to transmit anonymous, time-shifting identifiers to nearby devices. Receiving devices then commit these identifiers to a locally stored contact history log.

Bluetooth protocols are predominately favored over their location based counterparts because of their much stronger privacy protections and lower battery usage. Because a user's location is not logged as part of the protocols, their location cannot be tracked. The biggest drawback of using a Bluetooth system is the inability to track patients who may have become infected by touching a surface an ill patient has also touched.

Location contact tracing
No digital contact tracing apps currently make use of GPS, however some implementations do make use of network-based location tracking. This approach has the advantage of eliminating the need to download an app. The first contact tracing protocol of this type was deployed in Israel, however all location based solutions that have access to raw location data have significant privacy problems.

Centralized
When a patient tests positive for infection, a centralized system such as BlueTrace or PEPP-PT requires them to upload their contact history log to a central server, where the health authority would match the identifiers with user records and contact people who came in close contact with the patient.

Decentralized
Decentralized systems such as the TCN Protocol have the user upload to the central server a token that has no intrinsic information, but can then be used by client devices to derive and match contact history identifiers. Because contact logs are never transmitted to third parties, it has major privacy benefits over approaches like the one used in BlueTrace. However this comes at the cost of requiring more computing power on the client side to process infection reports, and does not allow for human-in-the-loop reporting.

Identification
When two devices meet they need an initially anonymous unique identifier that can later be given meaning if a user tests positive for infection. Additionally, identifiers cannot remain static otherwise malicious third parties can observe identifiers over time across a wide area and identify patterns of movement for individual clients on the network.

Ephemeral ID
The majority of protocols make use of Ephemeral IDs, which are strings used to identify clients for a short period of time. While not unique for every encounter, ephemeral IDs make it extremely difficult to track individuals over a period of time longer than the lifetime of the ID. When used in a centralized model, such as BlueTrace, Ephemeral IDs are typically the static user identifier and other data encrypted by a key known only to the server. In a decentralized model they are usually pseudo-randomly generated using a seed known only to the client.

Unique ID
Unique ID protocols generate a new identifier for every encounter. Currently the only protocol using this method is the TCN Protocol. The largest issue with using unique IDs for every encounter is that reports can quickly become extremely large, which, when used in combination with a decentralized model, could lead to extremely large download sizes for clients retrieving reports. TCN overcame this obstacle by instead successively and deterministically generating each new unique ID from the previous. Then, when a report needed to be upload, only the first entry within the report time period was submitted and clients would calculate the rest of the entries locally.