Anonymous COVID-19 contact tracing using physical tokens

A detailed system description can be found on this website.

Several countries are trying to develop contact tracing apps to be used on smartphones. Although there is strong momentum behind smartphone-based solutions, it also becomes apparent that they have several drawbacks. It is therefore wise to investigate alternatives. When looking at tracking and tracing in logistics, such an alternative might be anonymous COVID-19 contact tracing using physical tokens.

Such a system can avoid several of the key obstacles that smartphone apps face regarding security, privacy and technology. A system using physical tokens is easy to use, secure, anonymous, and can use standard technology avoiding lock-in. Therefore, researchers, innovators, entrepreneurs, industry players and policymakers are invited to contribute to the option of an anonymous COVID-19 contact tracing system using physical tokens.

GET IN TOUCH!

MOTIVATION

Contact tracing is an important and recognised part of any strategy to prevent and monitor the outbreak and spreading of infectious diseases. Manual contact tracing is very labour intensive and can only cope with a very limited number of cases. However, viruses spread exponentially, making manual contract tracing quickly impossible and leave no other options than lockdown. Digital technology can help since it allows early detection and is able to take over the labour-intensive task of tracing contacts.

The promise of automated contact tracing has led to contact tracing apps to be used on smartphones. However, it becomes more and more clear that smartphone apps have several drawbacks. There are technical drawbacks (effectiveness, security), acceptance drawbacks (privacy) and sovereignty drawbacks (smartphone operating systems are controlled by Apple and Google).

Alternatives often come from looking for solutions in other domains. A domain to look for tracing solutions is logistics. Tracking and tracing technologies for logistics using physical tokens is well developed and deployed and it makes sense to investigate the application of these technologies for COVID-19 contact tracing. Dual use is a well-known innovation principle: many consumer products find their roots in technology developed first by the defence or aerospace industry.

Before outlining how a system using physical tokens might look like, let’s first address the two essential societal questions raised with respect to contact tracing.

  • Will security and privacy concerns prevent tracing apps from being accepted by users?
  • What are the exact rights and roles of authorities, citizens, and tech firms?

Security and privacy are valid concerns. There is a lot of security technology available, also in smartphones. At the same time, one has to acknowledge that the complex software and hardware environment of smartphones with multiple apps makes it more difficult to prevent security issues with smartphone-based contact tracing apps. Also, when it comes to privacy, anonymisation technologies exist, but also here one has to acknowledge that smartphones contain personal information, are always on and as a result their location can be traced.

Regarding the rights and roles of authorities, citizens and tech firms, one observes that for smartphone solutions authorities depend on mobile operating systems from Apple and Google, which makes certain deployments more cumbersome.

TRACING USING PHYSICAL TOKENS

Physical tokens only require the minimal functionality for contact tracing which has, for the specific purpose of contact tracing, advantages over smartphone apps

  • they are small, robust, cheap, and consume little energy
  • their proximity technologies could include Bluetooth, but also the more accurate UltraWideBand
  • their simplicity, single application, and ‘not always on’ allow for high levels of security

Being able to use the more accurate UltraWideBand on physical tokens may also address another challenge that is identified with smartphone solutions, that of the accuracy of Bluetooth.

Next to that, physical tokens are proven technology in the logistics domain with established players and well-functioning ecosystems.

The system should allow both for local as well as gradual deployment, which means that after testing and piloting in restricted locations, such as factory plants or even ports, larger deployments can be foreseen in areas at risk. Further gradual deployment could be in cities, regions and even country-wide as well as cross-border.

Physical tokens will have to be produced and distributed. Setting up production and distribution of physical tokens will take time, however, based on the existing production and supply ecosystems, countries should be able to bring physical tokens to their citizens in relevant time.

CONTACT TRACING PURPOSE AND REQUIREMENTS

In order to design a system using physical tokens for COVID-19 contact tracing, let us recap the purpose of contact tracing and determine the essence of what contact tracing should do.

To effectively contain virus outbreaks, it is essential to quickly reach (possibly) infected individuals in order to prevent them from spreading the virus. Speed is essential given the exponential spreading of viruses. Reaching individuals that have been in contact with persons tested positive is an essential part of the overall approach. Once these individuals have been reached, they can get themselves tested. Thus, contact tracing is only part of the overall approach to contain virus outbreaks. Given that manual contact tracing is labour intensive, institutions and authorities are looking for technological solutions.

The purpose of any technological contact tracing solution is to reach (possibly) infected individuals in order to inform them so they can get themselves tested and if needed go into quarantine to avoid further spreading of the virus. This is key to the design of a contact tracing system. The role of the contact tracing system is only and exclusively to reach individuals that have been in contact with infected persons. Not more. This principle of focussing on the essence is key and well known as Occam’s razor. As a consequence, there is for example no need for the tracing system to know the identity of citizens. Which is a key ingredient in achieving anonymity and thus user acceptance.

There is broad consensus on the so-called non-functional requirements any technological solution should fulfil. These are anonymity, voluntariness, transparency, security, temporality, and interoperability.

To summarize, the challenge is to have a system that allows to quickly inform (possibly) infected individuals that they have been in contact with an infected person while observing the aforementioned non-functional requirements.

THE INTUITION BEHIND A CONTACT TRACING SYSTEM USING PHYSICAL TOKENS

To get some feeling for a contact tracing system using physical tokens, consider the example of a lottery. Participation is voluntary. The incentive to participate is to win a prize. Lottery tickets have a serial number and are distributed via shops. Purchase of a lottery ticket is anonymous; it is not known who has purchased which ticket. Winning ticket numbers are publicly published, and participants are responsible themselves for claiming their prize upon presenting their ticket.

OUTLINE OF A CONTACT TRACING SYSTEM USING PHYSICAL TOKENS

A more detailed description of a contact tracing system based on physical tokens can be found here. Now follows a summary of the essentials.

Key characteristics of the system: voluntary participation; simple and small physical token; easy to use; intuitive user interface; no other information on the token than contact information, and this contact information never leaves the token; anonymous token distribution, no personal data on token and no registration of the token user.

The token itself is a small coloured device of at most the size of a matchbox. It will have a unique securely stored serial number, storage to register proximity contact with other tokens, and the ability to receive and process information about tokens for which infection of the user was determined. It will have a simple and intuitive interface that resembles a traffic light that is only visible on request:

  • GREEN: NO INDICATION OF AN INFECTION
  • RED: ACTIVE INFECTION (determined by a test)
  • YELLOW: GO TAKE TEST (been in contact with an infected person)

Tokens can be carried in pockets, as bracelets, necklaces, etc.

A specific system will have a registry of token identifiers for which infection of the user was determined (status indication RED). No other information will be stored in this system registry.

Tokens are produced by a manufacturer that securely stores an identifier in the token. Initially all tokens have status indication GREEN.

Tokens are distributed via designated distribution points, which for example in cities might be supermarkets or possible other outlets, where individuals can randomly pick from boxes filled with tokens.

Tokens should be carried when people are in areas where the system is deployed. When people meet closely for a certain time, their tokens will register the contact moment. This contact information never leaves the token!

Only when a token user is tested positive at a test centre, the identity of their token will be placed in the system registry.

On regular intervals, a list of recent infected token identifiers in the system registry is broadcasted and every token will compare this list with the contact list it has stored. Only if a match is found the status indicator will switch to YELLOW. In this case the user is advised to, for example, contact a general practitioner or a COVID-19 test centre. This, however, is voluntary, and people may decide to ignore the advice.

THE AVAILABILTY AND COSTS OF TECHNOLOGY TO BUILD SUCH A SYSTEM

Tracing using physical tokens is deployed in logistics, and the needed functionality for contact tracing is mature and available, such as low energy small size tokens including RFID, Bluetooth Low Energy, or the more accurate UltraWideBand, as well as IoT broadcast such as LoRa. The needed low footprint, low energy, processing, storage, communication, and security (hashing and encryption) technologies are in principle available. It is an important requirement to have a small-size, low power, low cost solution. Using existing state-of-the art technology it is expected to be possible to have a matchbox size token with approximately 1-year battery life at a ballpark cost of around €5.

Technology production and deployment of the tokens should be feasible by existing actors from semiconductor and equipment industry, telecommunication providers, producers of ultra-wideband tokens, embedded software developers, and of course institutions or authorities and distribution supply chains, such as for example for supermarkets. Given that most of this is in place, it is expected that this can be mobilised in reasonable time.

The more people use such system, the better it will work. It is therefore important that a significant part of people use the token. In case of deployment in a city or region, the distribution via supermarkets makes the tokens easily accessible, and additional distribution channels can easily be added. Except for ease of access, the tokens should be actively promoted by explaining their usefulness, the way they work, and how security and privacy are addressed. Finally, of course, the main motivation to use a token should be to contribute to fighting virus outbreaks, as well as to protect one’s own health through early detection of possible infection.


In order to investigate anonymous COVID-19 contact tracing using physical tokens, innovators, entrepreneurs, industry players and policymakers are needed for their creativeness, technology and supply chain expertise as well as support for piloting and further deployment, and thus are invited to join and support this initiative.