COVID-19: Using mobile phones & AI for contact tracing while respecting privacy
2:06PM Apr 3, 2020
Good morning Good afternoon. Good evening. Welcome to the AI for good webinar. We hope that all of you and your families, your friends and your colleagues are healthy and safe. My name is Reinhard Scholl. I'm with the ITU the International Telecommunication Union, which is the United Nations specialized agency for information communication technologies. I will be facilitating this webinar,.
Who is the ITU? mobile phone would not work if it weren't for the ITU because the ITU allocates frequencies to the services that make use of the radio communication spectrum. A lot of you watching this webinar are most likely using a video compression standard which has been standardized by the ITU together with our sister organizations, ISO and IEC. And we assist developing countries in setting up the information and communications infrastructure.
Let me explain a couple of housekeeping rules. So we have enabled via chat and the Q&A facility. If you have a question for the speaker, please use the Q&A icon. Please select that the question be sent to the panelist and the attendees. This way, everyone will be able to see the question. And you can also upvote and downvote questions. I will pick the questions and we'll ask the moderator, the speaker. These questions. The microphone for you has been disabled. We will make the PowerPoint slides available after the webinar.
It's hard to be optimistic these days COVID-19 is likely to cost the lives of millions of people. A returned to what's called normal, maybe years away. And terrible trade offs have to be taken by people countries all over the world, weighing against each other health and death and the economy. One toolbox to fight COVID-19, are information and communication technologies increase are using data and telecommunication networks in order to get a handle on COVID-19. One tool in the toolbox is called contact tracing. The goal of contact tracing is to identify people who have come into close contact with persons that have been infected by the virus.
The handling of personal data has been a hot topic of public focus even before COVID-19. But COVID-19 may add another dimension to the discussion. Is there a trade off not just between privacy and health but privacy and death? Or is it possible to have both privacy and health? The fear is that the short term emergency measures that are being undertaken right now will stay after the madness has passed.
In today's webinar, we will focus on privacy preserving methods. So I'm happy to welcome two speakers to this webinar. Our first speaker is Kurt Rohloff. Kurt is an associate professor at the New Jersey Institute of Technology He is the co-founder and CTO of Duality Technologies. Our second speaker will be Thomas Wiegand. Thomas Wiegand is the executive director of the Fraunhofer for Heinrich Hertz Institute. He is also professor at the Technical University of Berlin. And he is the chair of the ITU WHO Focus Group on AI for Health. Thomas will be speaking about PPEP-PT, which is the international collaboration that was announced a couple of days ago on Wednesday, the first of April. PEPP-PT stands for pan European privacy, preserving proximity tracing, and Kurt will be talking out about privacy enhancing technologies. So let's get started with our first speaker, Kurt, and We'll hand over to you to share your screen.
Kurt, we don't hear you the audio is not enabled. Kurt.
Thank you, Reinhard. Thank you very much. So yeah, thank you very much for the kind introduction. As Reinhard indicated, my name is Kurt Rohloff. I'm CTO and co-founder of Duality Technologies. I happen to be in Metro in New York City right now. So I'm very much feeling the effects of COVID-19 although my family has been safe and healthy so far.
So, um, what we have at Duality Technologies is we are experts and privacy and privacy technologies that we've done deploying commercial And we've been involved with the space for some time. And I've started to look at how one could run security analytics using privacy technologies such as homomorphic encryption. And what I was invited to talk to today was how we might use these technologies and how we've been developing these technologies, particularly to do privacy protected contact tracing, as Reinhard indicated on, and you know, to start at least a little bit lighter. This, in some sense, captures this article from the New Yorker magazine, which is a kind of a classic weekly magazine here in the US, which focuses on you know, cultural comment and whatnot. This is what I always see is a fear of the vision and it's a doctor talking to a patient and the caption saying is that your previous provider refused to share your electronic medical records, but don't worry, I was able to get all your information online anyway. And we see this is, like I said, a fear and a vision, you know, the fear of being we want to protect privacy and make sure only people that need information, getting access to it were approved and information, get access to it. And at the same time, making sure that the people who actually need access do actually get access at the same time. And this is, you know, pushed us into our thinking about how we're developing and modifying some of our products and capabilities and developing technologies to enable contact tracing. And this initial product and capability that we've been focusing on, has been driven by our team in Israel and Duality is international. were split between eastern coast of the US and Tel Aviv. And this is actually an article graphic from the CDC all credit where credit is due, about the need for contact tracing is for those of you who aren't familiar about it. is finding everyone who came into contact with an infectious individual and going back and tracing through who has access and who hasn't. So this basically includes everyone in COVID-19, who was in close proximity for the last 14 days. And we've seen a number of countries that have been looking at this, in our thinking collective thinking is that contact tracing provides a much more quick and effective response than potentially locking down a country if done early enough, and effectively enough.
So we see as a major challenge and a major aspect of contact tracing is it takes a network and it's a major major data sharing challenge. It's intended to be a less painful step and strengthen our collective response. But it is a very, very private, privacy sensitive in that it mixes both medical And location data, medical being the information about whether someone has been tested positive or not. And location data about where someone actually is then physically might be operating. And so the challenge is, generally how do we enable contract tracing? meaning how do we share the appropriate data and access to the appropriate data and analytics on the data while actually protecting privacy at the same time. And our strong thesis is that this is not an either or capability. It's you have to have both, while enabling contact, tracing, well, protecting privacy and not totally sharing data. And so as part of that, we see this pain point about the mixture of privacy regulation, security, analytics, and even some aspects of cloud computing, to enable secure, digital collaboration, and there's a few aspects of that related to privacy regulations, IP concerns have been barriers and they should be barriers, particularly when dealing with highly highly sensitive information. And so for example, data owners don't know, for example, folks who have location data like the major tech firms, Telecom carriers, things like that. And health agencies have been hesitant to share data due to privacy regulations. And we see this particularly in the US in a number of jurisdictions and rightfully so, that a lot of the Telecom carriers have been very, very hesitant to share data because of privacy concerns and regulation. We also believe that it is nearly impossible in any large or large country, large geographic area to get adequate individual opt in, which is basically to have individuals you know, opt in on a carrot on an interval person by person basis to enable data sharing, and this has also slowed responses in some ways. The unfortunate reality Is that many countries, many countries have felt the need to remove privacy laws after initial delays. And so you kind of beginning in some sense, the worst of both where you're not getting an effective early response, and you're also getting the removal of privacy laws, and which is, of course, suboptimal, you know, obviously, people's health and well being are high importance. And we want to, of course, protect protect people as much as possible. And so then we come to the question about how do we make it acceptable for data owners and health agencies to work together by sharing data, and collaborating on data actually, more to the point how to collaborate on data.
So we see this combination of secure data analytic collaboration, so not necessarily sharing data, but collaborating on data data to combine aspects like cloud modern data mining, model sharing, data sharing, enabling investigations, while still protecting privacy regulations, security and any kind of business secrets, for example, that the telecom carrier might have. So we see the need of a privacy solution, enabling secure collaboration between data owners, custodians and model owners. And investigators using privacy enhance technology, basically to balance so that there isn't necessarily a trade off a zero sum game between privacy and data utility, where the goal is to basically to get maximum utility and maximum privacy also from data and so on. And so enter into the room the concept of privacy enhancing technologies. And so I'm going to give a brief overview of various privacy enhancing technologies. So also called pets, PETS um that are part of the toolbox we could use to address these different problems. And one thing that I wanted to particularly focus on is the aspect of homomorphic encryption how we've been particularly been using it as a case study here in Duality Technologies. So one that is, you know, there are a number of privacy technologies and I do focus on four of them. One in particular that you could purchase, for example, commercially right now is secure hardware enclaves. So this is for example, the Intel SGX technologies where basically is a special part of the silicon on a chip, which allows you to basically secure secure away an aspect data, so basically makes the data on a chip accessible to any process outside of the secure hardware, and allows applications to run on sensitive information. Typical use cases including running applications on sensitive data on dedicated hardware, in less trusted environments, such as a cloud and so forth. Everything comes with its drawbacks, of course. Nothing is a panacea and drawbacks of secure hardware and enclave such as SGX include aspects of being hardware dependent, requiring software modifications, and some of the early versions of it have demonstrated been to hav been demonstrated to have been susceptible to potential attacks. Another technology that's currently in increasing use right now is the concept of secure multi party computation, which allows parties to perform a joint computation on individual inputs without revealing underlying data. And so the concept is that you'll have multiple participants 2, 3, 4, 5, so on and so forth, each with their own data set, and then they want to run some joint analytics on this shared data set. So secure multi party computation, also called MPC or SMC allows parties to perform joint computations on individual inputs without actually revealing the only underlying data. Typical use cases include the benchmarking or shared shared analytics between collaborating parties where aggregated output is adequate. There are a number of drawbacks like this like like any of the technologies, the output is known about all parties. And sometimes this could be an issue, for example, with healthcare cases that because of privacy concerns, even sharing an error output is problematic. deployments are often complex, meaning all the participants have to be online and on high bandwidth links. It typically requires intensive communication between parties often driving high costs. There are a number of good solutions out there both open source academic and commercial for secure multi party. And, you know, for those of you that are interested, I highly encourage you to look at them.
Another technology is differential privacy, which is a way of generating aggregated data and then randomly generating noise, therefore limiting each party's ability to reverse engineer individuals inputs. And so this is basically adding a level of statistical noise to a data set. And so this low level allows aggregated data analytics where where individual precise results are not needed. For example, in census data here in the US, differential privacy is sometimes problematic for medical applications because it lacks clinical precision. For for applications, some applications, meaning that results aren't directionally correct but not necessarily precise. And a limited number and type of computations can be run due to added noise. The one that we'll be focusing on particular is this notion of homomorphic encryption. For those of you that aren't familiar with it, it provides an ability to take data, encrypt that data, run analytics on that data while encrypted without sharing keys. And enabling end to end encryption and analytics. So that data is encrypted at rest, in transit, and in use and computations can be performed on on the actual encrypted data while it is encrypted. It's also somewhat malleable in that it could be combined with other approaches such as secure multi party, and very enabling various hardware type approaches. Also, we found that it's quite good where cases where flexibility and computation is desired, where you don't necessarily want to have or need to can have all the participants online at all the time and while also satisfying regulatory compliance, but also running on generic hard generic hardware and commercial off the shelf hardware not necessarily having specialized enclaves. It has had a drawback that it is not as generally performance but is very good for batch style computation, or where you could run computations where You can have a slightly slower response without the bandwidth considerations. All right. So in terms of the technologies themselves, we put together a short cheat sheet for these. And also, like I said, one of the drawbacks of more for crypto is is I can't necessarily be used for line speed type computations, but it's quite good for batch. And these various benefits and trade offs with technologies as I presented them right now. We in our proof of concept in our capability epic focusing in Homer for crypto, so I'm going to particularly dive into that. And the notion of competent computing on encrypted data is that a data owner will encrypt its his or her sensitive data using a public key. Set it up once encrypted to to a cloud environment. For example, In the data to a computation service like a generic cloud, and then run computation on that data while it is encrypted, get back and encrypt the results and the computation is run without sharing any decryption keys or anything like that, the computation is run and encrypted result is returned. And then that information is then decrypted. And the bob somewhat black perceived black magic result is that the ending result of the computation is in the clear and is the same computation. The same result as if the computation would or had had been run on the data in the clear also. So we've been looking at how to use this for contact tracing in a privacy protected manner, with the goal being to identify individuals exposed to COVID-19 based on location and time without exposing PII personally identifiable information and using homomorphic encryption to enable organized organizations to to run analytics well, data is encrypted also. So to collaborate extract insights data without exposing sensitive information. And so the results of this and I'll dig into this a little bit more, but the schematic of the data flow is that take a query, which has information about a perceived infectious individual, send that the individuals information, encrypt individuals information, send it to up to a data location provider, run analytic on the encrypted computation to identify who is co located, and return information to a health agency, which could then decrypt results and identify individuals who had been exposed. So we have this running currently at scale, several hundred thousand participants. And
so it's available for example, municipal level interactions and things like that. And so the contract tracing capability that we have right now is developed as a secure plus query capability to provide privacy protected contact tracing, to enable both sharing and viewing information pertaining to the absurd there's a typo to expose individuals. So we run this through a multiple multiple query, where the input to a first query is a unique identifier, such as a phone number email, of an identified infected individual, and the date range of when they might have been infectious, such as, for example, getting tested. And then individuals identified who have been affected. And so then trying to identify how long they had been infectious, whether it's for five days or 14 days before. And then getting from the results of that query, getting location information, date and date ranges and time ranges where the mobile device that the individual had possessed, was located and so That the privacy of this is that when the query is sent to, for example, the mobile phone carrier, the mobile phone carrier does not receive any information any medical information about who was infectious or not. And so the health agencies get information about the location, back back tracing capability, location data, of the effects individuals are and the P healthcare authorities cannot see information about the individuals they're not querying on also have we then run a second query with the location dates and times where the mobile devices have been pinged? So that individuals at the same place and same time as identified as the affected individual can be identified, and so that the location data providers cannot see the PII of the time and place location of the infectious individual and the Health Care Authority similarly, cannot see the PII related to the unexposed individuals also. This can then be used for action going Forward of using it to contact individual individuals hotline exposed and require the request or require the quarantine as national laws allow. And so we have several sweet screenshots of how we've had this working in demo. And sorry, in prototype. And so the first concept is we start up with a screen that allows a generic interface for health individuals to enter information about individuals, which can then be sent off for a query type operations with a data provider and then get these results which are decrypted locally with various timestamp information about where the individual's location had been. And similar set of operations for the second stage of that also, so that the healthcare agency can then follow up with the with the information to provide perfect and proper protection to society. So I saw there was a couple questions coming About the underlying technology, what it actually is and where it comes from. We're particularly using the palisade homomorphic encryption library. It is a general source general purpose open source not ascription Library built from a consortium of contributors including duality MIT, Raytheon, Lucent government systems, Intel and a few more, which was heavily funded by DARPA and other parts of the rd infrastructure of the US government. But it is open source and released on the two clause BSD license. And it supports the major standardized homomorphic encryption schemes. And we feel it's very, very important to use standard schemes, no proprietary crypto, it feels very important to use open source implementations of crypto with which I've been vetted by third parties, which is particularly why we like the palisade homomorphic encryption library. truth in advertising, I'm heavily involved with it, but I encourage other people look at it also. And also this is also another engagement with ITT, where we've been looking at privacy standards associated homomorphic encryption. And I've defined an industry standards consortium body to analyze the security and trustworthiness of the underlying schemes, which has had fairly wide reach so far. I encourage you to get involved through homomorphic encryption.org. And you see the link right there on this slide. And if you're interested in the technology, please do go for it here. We do have a very broad participation. And I believe we're going to be having a virtual meeting hosted by the ITU in several months. So thank you very much of here. I'll pause my slides and then move forward from questions which Reinhard I believe you'll be moderating.
Yes, thank you, Kurt. Thanks very much for this overview of privacy enhancing technologies. You mentioned that you're currently and I was just is called maybe a prototype. And we currently have several hundred thousands of users. So who is your user? This is not an app. And right now there are like a plethora of apps available for contact tracing, but your clientele is so who exactly?
right. So we focus on enterprise level engagements. And so this would be, for example, data location businesses where there's advertising agencies that have a lot of lots of data telecoms, which have Lysa data, government entities, which often have the healthcare concerns, the thought being that everyone wants to respect privacy, but everyone also wants to support the fight against COVID-19. And so how we can do that without removing privacy and respecting privacy, and so allows the government agencies to get access about infectious individuals which they would be able to under under local regulation. But at the same time not getting access to all the movement and personal PII information of individuals with which they should not have access to. And so we allow them this is we see as a major, major aspect of privacy technologies, as enabling collaboration, and enable these organizations move much more quickly, while still protecting privacy.
And thank you, Kurt. And the big, big issue is trust. whenever it comes to data, people or companies or governments are never quite sure how much you can trust that the data are really safe, that they're not being abused, that there is not a malicious use that being sold. So how can someone looking into some independent organization they're looking into that to make sure that all the data privacy regulations have been observed.
So this of course, varies from country to country from jurisdiction to jurisdiction. Obviously, data is driven by by some aspects is driven by collection point at some, some aspects is driven by storage point. At some level also, you know, fortunately unfortunately, data is very portable. I know that different countries have different regulations associated with oversight associated with data. So, I it would be very hard for me to generalize that. I know my personal experience about us us is even a bit fractured, fractured in that regards because of the various states and government agencies. And so, my but my understanding is that generally there are in the US some fairly stiff regulations associated with privacy, particularly with health data and things like that. It's of course, as I'm sure you're very aware in the European Union there is there is also frankly, as someone who is like a sinner, myself an expert or at least protection practitioner privacy technologies, I personally have a hard time Keeping track of the individual privacy regulations even in the major countries, because they do change so often, but what we found is that, generally if there's a very strong pet technology, privacy enhancing technologies, generally This allows even much quicker collaboration even between jurisdictions, because if, you know, come up with some, like a very strong technologies allows you to satisfy regulations much more broadly, to enable rapid collaboration particularly in the case of for example, international travel, which is one of the reasons that COVID-19 has spread so aggressively.
Okay, thank you, you know, and for all the companies maybe also with within your own company, that use technologies to for for contact tracing, are there sunset clauses somehow built into these systems? You know, once the crisis is over, then that no data are used for further, whatever. So how do you make sure that things stop once they're not needed anymore?
Right, right, right. Well, you know, a certain aspects of reality is that once data is exposed is exposed, and there's very little limitations when you have, if one is not going to respect privacy and regulation, then when someone has data, there's very little you can do. One of the reasons that we've been pushing on the protocols that we have for these interactions is that data doesn't have to be shared in the clear it's only encrypted information is actually shared, so that the participants don't actually share the data. So after the emergency has passed, the actual non non required data you know, obviously, some data is required to share such as the the information about locations of infectious individuals, but the information about non affected or non exposed individuals never leaves the never leaves the location of the the premises of the data owner. So that is fully removes that risk of having data taking on life, the zone after the emergency passes.
What about the standardization of privacy enhancing technologies, are there global standards, and you mentioned the homomorphic encryption effort, which is currently a consortium, which are looking into whether this could turn into a globally accepted specification. Maybe you can add a couple of words to that. And also with respect to the other technologies that you mentioned, are there standards activities are going on?
Sure. And we see, you know, this notion of secure collaboration, this notion of privacy technology, it's all driven by trust. And so what we found that when people decide whether to adopt a privacy technology or not, it is really driven by a trust argument, and which is one of the reasons that we are such strong advocates for only using open academic results of that have gone through the peer review. process in terms of crypto schemes, why we advocate only the use of open source technologies, so they could be open and exposed and validated. And also why we are very, very supportive of international standardization processes for privacy security settings either other kinds of activities. So it allows for both collaboration, interoperability, and a short notion of trust during collaboration, which is, of course required for collaboration. You know, this has been a big thrust for us in the homomorphic encryption community to build this international consortium and engage with major organizations, both businesses, academics, international bodies, such as the ITU, as you go forward on this. I know that other privacy technologies have also had similar areas such as, such as the zero knowledge proofs community, the secure multi party community, and I believe there are others for other organizations. And we're starting to see broader uptake uptake of these technologies, specifically because of the engagement of it. international standards bodies and the international standards bodies has been helping to promote these privacy technologies, which is why we're so very happy to always engage with organizations such as the ITU to promote the use.
How widely are these technologies deployed in the market? You had the slide where you mentioned these four different privacy enhancing technologies. So how, how widely?
Sure. So what we're seeing is that a lot of these technologies are now being commercialized on you know, I think, you know, several years ago, they were perceived as being more of research products and research projects as much as anything. What we're seeing right now is that there is a very healthy commercial ecosystem being built being built up around these technologies. I personally am a fan of that because it takes open source technologies and of course, helps to broaden this deployment in use and then fostering of open source also, you know, Part and parcel of that is the adoption of these technologies by government by enterprises. You know, we Duality of our business around it. And we are, we we are very happy with the way things are going. We also see that the number of competitors in the market, both from startups and from large businesses that have their own solutions. I believe that if you basically went to every, every one of the major tech firms, and even you know, some of the smaller companies, every single one of them has a group that's either building using or, or investigating privacy enhancing technologies. So my internet intuition is that it's pretty widely deployed across the tech firms right now.
Okay, good. Thanks very much. Kurt. We will collect all the questions that we get in this webinar, or perhaps we could send it to you and there may be a couple of questions that we could add the after the where we can add the responses after the webinar. Perhaps yo could take a look at them.
Gladly, Oh, thank you.
Thanks very much. Would you will you be staying on for the second presentation?
Yes, I will gladly. Thank you.
Okay, great. Thanks a lot, Kurt. So this was Dr. Kurt Rohloff. from Duality.
So we go to Germany we go to Berlin. Thomas, welcome to this webinar. So, can we enable the Thomas you can hear me?
Yes, I can hear you.
Oh, excellent. How are things in Berlin?
Okay. You are working from home?
Yeah. Okay. Almost everybody except for the team that's doing the field tests. They are having protective masks. That's actually 5050 soldiers are currently Doing a field tests was
Thomas you need to get a little bit closer to the microphone so that people can hear you well.
So it went through the press on Wednesday, first of April. It was cited in lots of newspapers or articles. It's called PEPP-PT. The pan European privacy preserving proximity tracing. I guess it's an international initiative and you're one of the participants or leaders within this initiative. So we are very happy that you have found the time for webinar Thomas and we will hand over to you now
Okay, are things working?
I don't see these slides yet from Thomas.
Can my colleagues perhaps let me know?
We cannot hear Thomas we cannot see him. Can we please?
Thomas Thomas. Okay. We don't hear you.
Let me just call Thomas, not sure that he will be answering
So I just spoke to Thomas on the phone and let him know that we can't hear him. So let's see whether we get this fixed.
Stop trying to fix it. We know there is no sound Thomas notice there is no sound
We heard you before.
Yeah, maybe, maybe if you leave or and then join again. Note sure wether that's an option.
I think maybe Thomas is reconnecting
Okay, we're waiting. So stay online place. We hope that this can get fixed.
So maybe we can get that's a good idea. Maybe we can get Kurt. Kurt back. Can we maybe get you back and we'll britch Okay, lovely. Hello. There are lots of contact tracing apps on the market. There's, I saw a website that's listing all kinds of applications that are being used to fight COVID-19. Have you taken a look at them? Do you have any comments on how they differ? Are there any favorites of you?
Yeah, so I've been, I looked at a few of them, um, and you're putting me on the spot because I don't like to play play play favorites. So publicly. Okay. Um, but no, i think i think you know, one thing I'm very heartened by when I see this is that we all want to help, right? This is very much a global problem, you're starting to see a global response. And it seems to my my perception is that there are a number of organizations that all have their own technologies, their own commercial products, which they are attempting to modify. in many different ways, and I see this a few different ways and a few different times. And there are folks who just basically just want to help. I have heard, I have seen everything from both basically folks that are setting up just bare bones databases where folks can basically upload their their infectious state information and things like that, which some people are perfectly fine sharing that very kind of drastic information. I've seen other you know, zero knowledge proof based techniques for validating the actual body of data information.
And, of course, the folks from
My, my, from Thomas's organization, and the group that they have over there. I have the old ones that I've seen. I'm probably the big fan of the one from Thomas's organization is I think, very well professionally done. I think that they have some really Very high quality technologists behind it. And I'm really happy to see this broad support that they're getting also. So looks like Thomas might be back now actually. Okay.
couldn't give a better introduction to Thomas. Let's try that again. Thomas, can you hear us?
Yes I can hear you. Can you hear me?
Oh, yes, we can hear you.
You know, like, it's it's very strange that we are relying on Bluetooth technology for for the proximity measurement and the Bluetooth technology just kept just preventing me from talking to you. So.
Okay, but you'll get a very you got a great introduction by by Kurt as he said, I asked him, What are your favorite apps? He says, he likes what PEPP-PT is trying to do. So Thomas, if you can get a bit close to the mic because you don't have a head set, okay.
All right. So, let me start. Again, so PEPP-PT is stands for Pan-European Privacy Preserving Proximity tracing. We are a team of about 130 people from eight countries, at least as of Wednesday, I haven't counted how many people are not participating and helping from how many countries I think we've been contacted by 10 more countries. Let me start with proximity tracing as a term from those PEPP-PT terms. So So, the term social keep social distance, social distancing, in our view is not the right term, it should be physical distance, because what really matters for this problem that we tried to support solving is that people keep a physical distance. And that physical distance is actually an indicator for a higher risk of exposure of a virus transmission. And we are basically Providing measurements for that physical distance.
We use Bluetooth low energy on these phones. And it does not matter at all, where you met, it doesn't matter who you met, the virus doesn't care about that. It just cares about two people getting to close his hat and having droplets as a carrier to transmit to and so what we decided is to basically come up or use this mechanism of Bluetooth Low Energy. The passive scan which basically is running on your phone when you have enable Bluetooth every three four milliseconds. And we are basically be we are sending broadcast messages out using the passive scan. And this broadcast messages are only a short distance like four or five meters. They contain a randomized cohort that is created in a way and it's uniquely mapped to this app. So the app knows what cohorts it creates. And then, if the proximity is press given for a long enough period of time, the phones basically no lock. They're each other's proximity by basically writing the randomized ID into a local file, which is encrypted. And we basically based on that, too, there's 21 days, looking back, and then the next day comes, the 22nd day is removed. So we have a sliding window where we lock this proximity and it's completely encrypted on the phone and if nothing happens, nothing happens. And, and we can hopefully use that to go on with our new normal life. But hopefully, the lockdown can be can also be released a little bit on this technology. So what if something happens? Somebody is tested positive for the virus in most European countries, they will be notified by the health authorities. And it's actually they are they know it from the labs, the testing labs and the testing that would basically trigger a mechanism to provide a authorization for a user of the app to start a process. This authorization is like a TAN and the banking activity as we know it, and basically once it's used, it's burnt and this TAN allows to use By put it to bring it into the phone. And that can be mechanisms to make the user flow better than somebody typing something in and to upload data to the server. And the data would relate to the way the user produced its own random information. And its own random IDs and like the seat or it would contain the proximity history. And there were two ways then to go on from there. And one way to go on from there is to essentially upload the proximity history from the phone. The server knows how to map the proximity history to IDs of the app and the app is no different. This mechanism is very simple. It provides the minimal amount of health information being sent around because you would basically be only sending information to those who are in close contact and everybody else would get just dummy message. We, we make sure that it's privacy preserving in various ways now that explain that later. The other option is you use the seat of, of the app of the phone of infected person you uploaded, you convey that seed and every other phone could then essentially reproduce the random IDs that the phone of infected person who has seen and that way you could check on your phone whether you have been in close contact and don't assume that one has the benefit that the server would not know. The other hand, health related information is being conveyed, actually broadcast it to all users. So both that message has happened out, they can be made compatible.
We are basically providing them both. We are making sure that privacy is preserved according to GDPR rules for that. First of all, the big question is can health health information be with a reasonable efforts, the maps back to real person that must be avoided under all circumstances. So if there's a simple way of attacking this approach, the health information which is basically, for instance, the status of a positive test, or the status of being in contact to a person has been positively tested, and then information were able were possible to be met back to a real person that would not be accordance with GDPR. And so in order to make sure that that's not the case, we have basically two mechanisms. One is that we do not use any personalized information in the system whatsoever nothing, no location, no phone number, no name, no Mac ID no geolocation, nothing. This one mechanism another mechanism is that all communication is obfuscated by. So, if you want to send a message to 200 people, you are actually sending a message to 200,000. And basically, within that, also the infinite traffic, you will not be able to determine whether the traffic if somebody sniffers the traffic, that there's a health related information being transmitted. And the last aspect I want to mention is the aspect of the pan European PEPP-PT. So, what we have built into the system is a country code these randomized these days Basically contain a country code which every so the uploads of the data from the fall of infected person that goes to a trust service. And a trust service basically, can decrypt this randomize IDs to the extent that one byte is contains the cat records. And the rest remains encrypted. And by that, the server would basically know which country to send the randomized data. And then that randomize as you will be handled in the other country. And so it's a bit like mobile phone networks on the first GSM network where you would basically have the feature of roaming so we have roaming into the system and I guess that's a very fundamental European idea. We, we are living with the fact that there's cross country travel and leaving telecommunications engineer appear to be very clear that needs to have roaming in the system. So these are the features. We're currently doing field tests with an army barracks here in Berlin 50 soldiers are basically going through certain societies like scenarios and doing. We are measuring with phones with different positions of the phones with different types of phones and basically have been working on calibrating various phone types against each other. We have been working on assessing whether the phones Yeah, pocket or whatever it is, and for that, and we've done that for the for the most popular films, and we hope that we will have a system available that would be shipping in the second week of Easter.
Thank you. Thank you, Thomas. Didn't hear the last sentences when you said it shipping it. You said second week of April or Easter? Easter.
Okay, which is 16, 17, 18 is April. Okay. Okay.
The PEPP-PT. That's not an app, that's rather a platform on which anyone could develop an app.
Yes. But what we are providing is also an app implementation, so that everybody can I mean, speed is of essence, speed is the critical one. Because everyday it costs a lot of money and lockdown. And we are providing also an app reference implementation and the back end reference implementation. So that can be taken over or people can just use parts of it as they like as they find it most useful to integrate in their country.
And the app will also go live around Easter.
Well, that is it. Country based decision, we are European team, and we provide this technology. And then if country x decides to use the portions of the details, we want all of the two parts of it. We only ask that they keep interoperability and preserve privacy in their design, then we will basically, they could then use that and ship the app for that country when they're ready to go.
So are you planning a big marketing campaign? And how many people need to download the app so that this is going to be helpful?
So there has been there has been some just a science paper published by crystal Frazier, from Oxford University and steam. And that paper shows that when 60% of the population have the app, it's Already a very big effect. But it's also shows that a 50, 40, 30% have the app and will upload the history of their seat, then it would also be a very, very big effect. And the more they have it, the better. That's kind of the thing. If you haven't, then the chances are very low that you might encounter somebody else who has the app. So then
we're going to do a poll later among the attendees of this webinar to see who would who would use it so we'll we'll wait a little bit with a small Huh, can you say a bit more about the the parameters they're being used to proximity is defined as being two meters.
So so when we started obviously been very skeptical about the ability of Bluetooth to to be used as a distance measurement. I mean, mobile phones are not made for just measurements. And if you try that with point wise approach like for this moment how far to the other phone? What's the distance and you can download apps for that, that would basically find my bluetooth device, you would see how much the received signal strength is actually burying on a single point in time. Now, this is, but this is that the problem we're trying to solve, we're trying to solve a classification problem, which is have two people being in close proximity, let's say within two meters over 15 minutes. And that 15 minute interval can also be stretched apart. It doesn't have to be coherently it can be scattered over the day. You can also ask the question about one minute and 50 over maybe a shorter time, but at the end of the day, we're talking about five or more minutes of measurement time. Which we can basically reduce the noise, the signal house. And then basically, we would solve that classification problem and report the false positives and false negatives. And so to some degree it is described in more simple way that is a distance measurement problem. But to be clear, it's actually a classification problem, how close you are to somebody over a given period of time.
And it seems logical that the longer you are in proximity of someone, the more likely you are to get infected as well. They're very high rates. In the medical community, the doctors and nurses have very high higher death rate and among the population, so that's probably because they're just too to expose site. I guess you could you could build some probably Distribution into your into your app that that takes count of, you know, how long you have been maybe exposed to someone or how far you have been away from someone or somebody for example, if there seems to be evidence that Corbett 19 or that the virus could also be transmitted through aerosols. So that would complicate things even further. Any thoughts on that?
So, yes, so, so there's a button that you can provide which relates to the dimension of data for research. And if you donate your data for research, then your proximity s3 will also contain the actual measurements that are that are used in this classification task. And you will also be agreeing to basically provide the anonymous match by whom you may have been With whom you may have in contact. And then when later turns out that you have been test positive, we can use real transmission cases because only two or 3% are tested positive out of the contact persons. And we can basically use based on this research data to probability estimates based on the measurement data, how when suspend suspected real time special cases happen, and we can use techniques like AI and machine learning
Thank you Thomas. The initiative is called pan European. But the idea would be that this turns into a perhaps eventually a global standard. How could people in developing countries use use that?
So, we have already received the grants by Botnar Foundation, three and a half million Swiss Francs. And they have the outreach team that is actually providing support and help for coming from normal countries, not European countries that wants to basically also implement the system. And they get support with regards to treating the app in the country like the user interface, just it's in principle. They also want to get the get support for the hosting of the back end. If you can't host it, there will be an offer to host it somewhere else for them. They will also get financial support for the campaign to advertise in their country if that is something that's needed. And for that, there will be also another foundation created for this PEPP-PT Foundation and that foundation will be put in law Very, very soon. And we have a number of donors lined up to support their activity. We are abiding to WHO rules when it comes to accepting donations. And we will then have this outreach program for every country that basically also signs up to the to the concept, which is between countries so you can travel roaming. And the second thing is
let me ask the same question that I asked Kurt. Are there sunset clauses built into the apps? How can people be sure that once the disasters over that data are no longer monitored, taken?
So you can uninstall the app? It's gone. And you can just answer Yeah, okay, okay. You're solid, free choice and you haven't started with free choice and when And it's got. Okay. Okay. Also, we also considering to provide the certification process where the app can actually use the PEPP-PT logo. So that would basically mean that there should be that we haven't yet figured it all out. I'm sure. But we think that it's a good thing to also have a way to make sure that if it's implemented in some country, that that implementation, that instance, actually is privacy preserving.
Okay, so let's collect a few more questions. But let's now start the poll. We're trying to see whether that works. We're trying to start a poll where we ask the attendees here, whether they would use PEPP-PT, whether they would use an app that implements or that spilled on the PEPP-PT platform. So we'll leave this up for you. You can give your In here, just yes or no. And we let it run for 30 seconds or so. And then we'll see what what people say to us in the future, it might be necessary that you somehow if you would like to enter a mark supermarket or whether you would like to get on a train or board an airplane that somehow you have to show proof that you don't pose a danger to your fellow citizens. So they are no apps. In some Asian countries, they use a traffic signal system. If it's green, if it shows green on your app that it means are safe. And if it's red, that means you have to stay in quarantine for two weeks. I guess I'm going to suppose that will become necessary. This, the apps could easily implement such a mechanism if that were needed. Is that correct? Or have you ever thought about this? Next,
we have we have looked at all the digital solutions that are out there. And we decided specifically to come up with PEPP-PT. Because we think that that's the right way to go.
And just I don't want to be comment on those other apps.
Okay. Good. Do we have a result from our poll? Let's see whether that worked. Okay. All right. So we have 82%. Who said yes, they would use PEPP-PT. And we have 18%. Who said no, they would not use that. So I could not vote here as a moderator. I would have voted yes. It would be interesting to know why people said no. Perhaps some people I would be interesting if they put something in the in the chat, perhaps to see where they're at. They why they say they would not use that
Is there an independent legal oversight of of the mechanism that they have built into the system.
So, what what we are doing is we are working with some countries in Europe already. And their data protection and Information Security offices are advising us and they have full access to the entire code. And that is a very unusual process for many of these offices because usually they have, they need to have a national project to, that they can look at and procedures but they see the timeliness that's necessary the urgency and also the aspect that the European is to work together to provide the result very fast and high quality So they basically are advising us, then there will be the transfer of the software into the national wrong. And at that point, they can even also provide a public opinion about it. So they have full access to all document and all software. And as we speak that process is going on.
I mean I checked my phone, my bluetooth, my smartphone and I don't have Bluetooth enabled. Hmm. So I have to make sure that I do enable that.
Okay. It was also mentioned that the application or the platform that you have for similar to Singapore is traced together. But I think the the difference if I read this correctly, the differences that it's across countries it can be used.
Well, I think there are other differences. One is that We only broadcasts over the passive scan over short distance the London keys. The colleagues in Singapore, I think they could connect this for iOS. I think the Singapore system also requires you to write your phone number to provide your phone number. Can you be directly connected to the health offices if the system shows a warning? our conversations with people involved in the legal system in Europe told us that when you get when you get when illegal action is following in Europe from a measurement like speed of traffic or other measurements. Those measurement systems need to be very carefully calibrated. And the accuracy needs to be extremely well documented. Most our phones have not been built as distance measurement systems. So what we do will have noise, there will be tolerances, it will not be perfect. And based on that basic basing on a noisy measurement to some degree, legal action where you would buy orders and people accounting is not you can combine that, it has to go on the go. So, there needs to be much more accurate measurements and you can do with Bluetooth on the mobile phone.
Okay. And I started the webinar by saying it's really hard these days to be optimistic. But one thing that's really encouraging during this COVID crisis is the collaboration among the scientists and they really share quickly all the issues Science, all the data, all the all the modeling. And I think your platform is also another example of collaboration among scientists and engineers. Can you say a few words on that? Yeah.
So it's not, this is not a competitive approach. Not at all we need to solve this problem. And if, if there's a different solution coming along, and if we can very easily swap it, and it's better, we must do so. It's not that this design or whatever, is so important, if we wouldn't immediately swap it with somebody else. It's not about credit. It's not about competition, we should all forget about that we need to solve this problem.
Okay. So when when would you be able to say that the PEPP-PT initiative is Successful?
Well, let me put it that way, what we can do is we can deliver a technical system, basically a measurement system, network measurement system. And we can basically make measurements according to specifications. Right? We can provide how accurate the classification works to positive false positive false negatives, etc. And that's what we will deliver now, to bridge the hypothesis to the consequence that if it's used quick enough, maybe we can be very fast after lab results positive, trigger the system notify everybody that then this classification then results in people volunteer voluntarily either putting themselves into counting or affecting the health offices or going to a doctor is that that combination of things actually will then reduce the R 0 of the virus of the epidemic that is successful within all those boundary conditions. So what we can do as our part is we can deliver a technical system and provide accuracy measurements with it. This works as good as the following results, and then the next step needs to be taken.
Okay, thanks very much, Thomas. I think we all wish you and your collaborators, a lot of success. I'm sitting with my colleagues here in Geneva, locked down in Geneva. So we'll pay attention whether we see an advertisement by the Swiss authorities that this is available, and it will really be it would be a miracle If assent if, if that's going to work and if it could help reduce the infection rate and kill with it and at the end, are you going to input that as a standards proposal into the ideal?
Yeah, we will publish the protocol pretty soon. And we would I think it should become an ITU standard.
Oh, okay, great. Thanks a lot. Okay, Thomas and both also Kurt. Thanks a lot for having joined the webinar today are all super busy and we really really very much appreciated and happy Thomas that it worked despite the bluetooth glitch but at first really, it was the perfect opening
to show that the task what we are ahead that we are solving.
Okay, good. Thanks a lot, and thanks a lot to the attendees. So we are going to end this webinar. Let me just point out we have the air for good global summit, which will take place from the 21st to the 25th of September, if COVID allows, COVID does not allow that the event will take place online. I had also mentioned at the beginning, Thomas is the chair of the group ITU WHO are working on AI for health, on how to come up with a benchmarking framework to test the equality of AI models. So perhaps you might be interested, participation is free, you don't have to be a member of any thing, anyone. So thank you for joining today. And hope to see some of you next time. Thank you very much and we're going to end this webinar.