Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FrenchKit - Contact Tracing & Exposure Notification

FrenchKit - Contact Tracing & Exposure Notification

Ddc294f25a19a5c979deabbac498e020?s=128

Mathieu Hausherr

October 02, 2020
Tweet

Transcript

  1. Mathieu Hausherr (@mhausherr) Contact Tracing Exposure Notification API & StopCovid

  2. Test - Trace - Isolate

  3. French brigades Nous constituerons des brigades chargées de remonter la

    liste des cas contacts, de les appeler, de les inviter à se faire tester en leur indiquant à quel endroit ils doivent se rendre, puis à vérifier que ces tests ont bien eu lieu et que leurs résultats donnent lieu à l’application correcte de la doctrine nationale. https://www.gouvernement.fr/partage/11519-declaration-du-premier-ministre-sur-la-strategie-nationale-du-plan-de-deconfinement-a-l-assemblee
  4. Tracking I meet Antoine D. I meet Bertrand E. I

    meet Christophe F.
  5. GPS Naive solution Not privacy safe Google owns part of

    this data https://policies.google.com/privacy
  6. Tracing We don’t need to know where, neither the name

    of your contact. We need only contact details. We just remember: I meet A.D. last Monday morning, less than a meter during one hour.
  7. Bluetooth Tracing

  8. Basic principle Phone generates different ids (ephemeral) every 30 minute

    and broadcasts this id by BLE Other phones save for each phone in the nearby the ephemeral ids plus some meta datas (date, duration, …) https://github.com/DP-3T/documents
  9. Architecture Which data gets out of your phone? Health authority

    Covid+ Potential contact
  10. Centralized architecture Health authority as a referent Health authority Covid+

    Potential contact Anonymized contacts Am I at risk ?
  11. Centralized architecture Health authority as a referent Health authority Covid+

    Potential contact Anonymized contacts Am I at risk ? Potential Risk: log contact graph
  12. Decentralized architecture Divide and rule Health authority Covid+ Potential contact

    Anonymized « I’m sick » Anonymized health datas (i.e. all anonymized « I’m sick »)
  13. Decentralized architecture Divide and rule Health authority Covid+ Potential contact

    Anonymized « I’m sick » Anonymized health datas (i.e. all anonymized « I’m sick ») Potential Risk: intercept medical datas
  14. Manual processing - French Brigade What we actually do Health

    authority Covid+ Potential contact Medical datas Contacts Positions? Medical datas Contacts Positions?
  15. Manual processing - French Brigade What we actually do Health

    authority Covid+ Potential contact Medical datas Contacts Positions? Medical datas Contacts Positions? Risk Risk Risk Risk Risk
  16. How it works? Which data gets out of your phone?

    Centralized Decentralized Brigade Positions No No Sometimes Contacts Anonymized on server No Yes Medical datas No Anonymized on server Yes
  17. Apple & Google

  18. Historical announcement Apple & Google logo on the same document

    Common API iOS 13.5+ / Android 5+ https://www.apple.com/covid19/contacttracing
  19. What? No apps = nothing is imposed Configurable by states

    according to 4 criteria = Apple & Google are not doctor Decentralized system is mandatory https://developer.apple.com/documentation/exposurenotification/enexposureconfiguration
  20. https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ExposureNotification-FrameworkDocumentationv1.2.pdf

  21. Before notification struct ExposureKey { let keyData: Data let rollingStartNumber:

    ENIntervalNumber let transmissionRiskLevel: ENRiskLevel } After notification struct Exposure { let date: Date let duration: TimeInterval let totalRiskScore: ENRiskScore let transmissionRiskLevel: ENRiskLevel let attenuationValue: ENAttenuation } https://developer.apple.com/documentation/exposurenotification/building_an_app_to_notify_users_of_covid-19_exposure
  22. Who? States Health focused NGOs Company deeply credentialed in health

    issue Medical or educational institutions https://developer.apple.com/news/?id=03142020a
  23. iOS 13.7 / iOS 14 End of apps / directly

    in iOS system Answer to complexity of app strong adhesion to the system https://developer.apple.com/documentation/exposurenotification/supporting_exposure_notifications_express
  24. Sovereignty

  25. Can we build an app without this API?

  26. iOS Background mode Apps can scan but cannot broadcast Workaround:

    Android apps act as iBeacons and wake up the iOS apps https://blog.human-friendly.com/ios-bluetooth-low-energy-in-the-background
  27. Android Background mode BLE can only be called from a

    Foreground service Foreground services need a Notification to start PRIORITY_LOW or more https://developer.android.com/guide/components/services
  28. France

  29. Team INRIA Inserm / Santé Publique France / Anssi Capgemini

    / Dassault System / Lunabee Studio / Orange / Withings http://videos.senat.fr/video.1751258_5f67d6eebeeab.audition-de-m-xavier-bertrand-ancien-ministre-des-solidarites-et-de-la-sante
  30. Stats 2,5M downloads 1M uninstall/ 300k re-install 5100 tested case

    declared 307 contact cases found 268 notifications sent http://videos.senat.fr/video.1751258_5f67d6eebeeab.audition-de-m-xavier-bertrand-ancien-ministre-des-solidarites-et-de-la-sante
  31. The future Un autre élément, plus structurel, est le caractère

    « taiseux » de l'application. Elle ne dit pas grand-chose, et au fond, vous ne savez pas si elle fonctionne quand elle est dans votre poche. « … » nous envisageons de revenir dessus afin de permettre que l'utilisateur soit plus en contrôle de ce que fait son application. http://videos.senat.fr/video.1751258_5f67d6eebeeab.audition-de-m-xavier-bertrand-ancien-ministre-des-solidarites-et-de-la-sante
  32. Cost Private companies worked for free during lockdown Since the

    launch (June, 2nd) hosting + dev ~100k€ / month https://minefe.infos.st/lecteur_video/keypub/e63f66b6867114c05e91/id/fba989a550fba140563ec02b91ff3e/type/pr/lang/fr
  33. Germany

  34. Stats 18,3M downloads 3613 hotline call ? notifications sent 68,8

    M€ / 15M€ for dev https://www.spiegel.de/international/germany/lots-of-work-but-little-utility-germans-disappointed-by-coronavirus-tracking-app-a-7c30191e- b225-4c37-917d-41dc2a6078a1 2,5M downloads 5100 tested case declared 268 notifications sent < 380k€ for dev
  35. Singapore UK

  36. Open source

  37. DP-3T ROBERT StopCovid Exposure Notification

  38. Debates

  39. We, the developers Debate aboute privacy, open- source, costs, CNIL

    conclusions Global distrust « don’t use this app » Technically app is at least ok First time we discuss about apps in senate
  40. Jean Castex position Wrong message for population Already traced in

    a non- anonymous way by French secret services (I hope) https://www.france.tv/france-2/vous-avez-la-parole/1952579-emission-du-jeudi-24-septembre-2020.html
  41. Conclusion Do I use StopCovid? Yes Should you use StopCovid?

    Yes Is it the best technical solution? Yes and No
  42. Tomorrow improvements? UWB Build over BLE Rely on U1 chips

    Precise relative position https://developer.apple.com/documentation/nearbyinteraction
  43. None