In the fight against Covid-19, an interdisciplinary research team at the Technical University of Munich (TUM) has developed a model for a contact tracing app that protects personal data. The concept is based on an encryption process that prevents the temporary contact numbers (TCNs) of infected individuals from ending up on the phones of their contacts. A prototype is now undergoing testing in cooperation with the ITO Open Source Consortium. The app has also successfully completed the Bluetooth Special Interest Group qualification process.
Researchers around the world are working hard on measures to bring the SARS-CoV-2 coronavirus under control. One approach seen as promising is the idea of slowing the spread of the virus by means of secure digital contact tracing based on a globally compatible app.
Among the research groups working on contact tracing apps is ContacTUM, an interdisciplinary team from the fields of physics, informatics, law, mathematics and medicine anchored by the physicist Prof. Elisa Resconi.
The basic principle of contact tracing is to notify contacts of infected individuals with the help of an app. Mobile phones on which the app is installed exchange constantly changing, randomly generated TCNs (temporary contact numbers) using Bluetooth technology.
These TCNs are collected locally on the devices and stored there for a limited period of around two weeks. In case of a medically confirmed diagnosis of a Covid-19 infection, the individual’s contacts are anonymously notified using the contact tracing app.
The notification mechanism takes either the centralized or decentralized approach. In the centralized approach, the app uploads to a central server the TCNs of every contact person received by the infected individual’s device. The server then uses the TCNs to dispatch messages with the app in order to notify the corresponding contact persons of a potential infection.
The risk of the centralized approach: All of the data are stored at a single location. As a result, there is a high risk of abuse because it becomes possible to de-anonymize and disclose personal contacts as soon as the data on the server can be accessed.
In a decentralized approach, the infected individuals release only the TCNs transmitted by their own device to a server. These TCNs are downloaded from the server by all devices where the app is installed. The check to determine whether any of these "infected" TCNs were previously received now takes place locally on the individual devices. Consequently, the only party with knowledge of possible contact with an infected individual is the contact person himself - and not the central server.
"It’s important to us to ensure that data protection standards are met by design, in other words in the programming," says Prof. Elisa Resconi. That is why Prof. Dirk Heckmann of the TUM School of Governance and Prof. Christian Djeffal of the Munich Center for Technology in Society have been involved in the project from the beginning, contributing their expertise in data protection and IT security.
To develop an app prototype based on this principle, ContacTUM is working closely with ITO , an open source consortium of around 30 international developers who are open and transparent in all of their activities.
A prototype of the app is being tested with the Android operating system. The code is publicly available. "But it will still probably be a few weeks before an absolutely secure and technically flawless app is ready for use," says Kilian Holzapfel.
To ensure that future contact tracing apps worldwide are based on the same decentralized approach to guarantee international compatibility, ContacTUM has submitted a successful qualification request for its decentralized standard to Bluetooth SIG with the express support of leading international IT firms.
In addition, ContacTUM is a member of the TCN Coalition , which was co-founded by ITO. Alongside DP-3T, TCN is one of the major collaborative groups working on a decentralized contact tracing app.
Parallel to the app design work, a team within ContacTUM, led by the physicist Prof. Stefan Schönert and the mathematician Prof. Johannes Müller , has created simulations to identify the conditions under which the app can make a real difference in slowing the spread of covid-19. Based on initial computations, the scientists believe that, for this to be achieved, at least 60 percent of the population would have to install and use the contact tracing app. Their results also showed that the contacts of an infected person’s contacts would have to be notified without delay as well to break the infection chain.