Ian Bolland spoke to Luca Mastrostefano, CEO of COVID Community Alert, a not-for-profit organisation that has developed an app to help with contagion control.
The app anonymously monitors the devices that get near you. If you have been close to an infected person you will be notified and get clear instructions on the next steps to follow.
How it works:
- Every mobile device has a unique and anonymous numeric ID, that can be read at distance using the Bluetooth LE technology.
- COVID Community Alert continuously scans your surroundings and collects the IDs of the phones near you, storing them in a secure centralised cloud database. No interactions between the users and the app are needed.
- Medical and emergency authorities daily update the database with the IDs of the devices belonging to confirmed Coronavirus infected individuals.
- If you have been in the proximity of an infected person during the last 14 days you will be notified and get clear instruction on the next steps to follow, also depending on the estimated exposure to the virus from the infected person.
Mastrostefano tells us more:
Tell us about the COVID Community Alert project.
COVID Community Alert is an Open-Source service that allows the monitoring of interactions among mobile devices in a totally anonymous fashion. This will help reduce the spread of the virus by alerting people at risk and sending them a clear set of instructions to help them to reduce contagion and receive treatment as soon as possible.
We are able to monitor 91-99% of interactions between mobile device users, in comparison to 71% of interactions that can be monitored by other European solutions. Importantly, we also ensure full anonymity of users and interoperability among countries.
How does the app control contagion?
We have designed a mobile app and a technological platform, compliant to the European legislation and to the EU GDPR, which enables de-identified contact/exposure information of users to be efficiently collected in a fully anonymous way. After a COVID-19 case is diagnosed, the exposure of people with the infected patient can easily be tracked back and analysed. This allows the medical and emergency management authorities to take the correct actions to alert people who may have been in close contact with an infected or suspected/asymptomatic patient. While existing solutions rely on sensitive data based on geolocation, our open-source framework does not expose personal information, because we only use the anonymous data exchanged by the Bluetooth low energy (LE) handshaking protocol of smartphones. Our solution does not use any private or sensitive data to run any of the analysis and it does not allow people to locate infected patients. The aim of this project is to give authorities the right tools to enforce the best strategy to limit outbreaks of COVID-19, or potential future outbreaks, by allowing them to deploy solutions at scale
What went into its development?
We are a group of volunteers from all around the world. We are working with recognised health institutions and research centres. We put in hard work and collaboration, working remotely, and now we really want to make sure the world knows that there are solutions available, that we can protect citizens without having to compromise their privacy.
The interoperability among countries is essential to protect people when the lockdown is over.
We'll have people from all around the world travelling from a country to country and we need to be able to create a worldwide protocol that can accommodate all the different scenarios we could face: in the US the iPhone market share is higher than 50% and all the proposed solutions in Europe don’t work for iOS.
The implementation is comprehensive of the full stack:
- Infrastructure
- Backend
- Roaming protocol
- iPhone and Android user applications
- iPhone and Android doctor applications
- Virologist Internal Panel
We also provide the open-source code and the support to deploy the infrastructure on servers owned by each country.
Each open-source component can be changed and adapted to different regulation or use cases that might differ from country to country.
How is this data obtained?
The app monitors the Bluetooth Low Energy iBeacon that is advertised by other mobile devices on which the app is installed. The only information transmitted is an anonymised token that will be used to understand whether an individual has been exposed to an infected patient, or a suspected patient who is asymptomatic.
Thanks to the anonymous data we collect, we can infer the likelihood of a user to be asymptomatic. We count how many times a COVID Community Alert app user has had interactions with positive patients. Based on his/her time and distance of exposure, we can accurately detect if his/her probability of being infected is high. If this probability is high, it’s likely that the user will either contract the virus or he/she already has it and he/she is asymptomatic. In both cases we suggest the user to self-quarantine.
Bluetooth signals are known to be very noisy. Our mobile applications log surrounding Bluetooth signals every second and aggregate them every three minutes, computing the median of all the values logged into this timeframe. This operation allows us to remove noise and have sufficient granular information to run analysis on the exposure time. Using the median over these three-minute slots we can detect if the users were close to each other without having outliers signals affecting the registered distance. The distance measured by the RSSI (Received Signal Strength Indicator) of the Bluetooth signal is usually affected by a percentage error - the greater the distance the bigger the error. Under the two metres radius measured with Bluetooth signals post-processed with filters or other aggregation functions, do not differ much from the real distance. Signals can be further cleaned by collecting the so-called RSSI-at-1-meter for each device. We decided not to explore this solution since the error of the measurements under two metres of distance is usually low. We will ask the open source community to contribute with these measurements to reduce the residual error in the near future.
We allow selected virologists from each country to define arbitrary levels of risk, based on the duration and the distance of the exposure with confirmed/suspected patients and other variables of the person at risk, such as his/her daily interactions number. This will allow us to anonymously notify people at risk with a tailored set of instructions. Moreover, we can identify people that might be identified as “hubs”, given their high number of daily interactions and advise them to self-quarantine to not put other people at risk.
Do people have to sign up in some way?
No. No login is needed. We don’t collect any mobile numbers, names, surnames.
Would the main source of data come from doctor/clinician input?
Interaction data come from users’ devices and are completely anonymised. After studying multiple solutions available on the market, we agreed that the best way to proceed was to have the notification to people that might be at risk come from the medical staff. The reason behind this is that if everyone has the ability to notify people, en masse, this is a slippery slope to spread panic. We allow only selected medical staff to notify patients whenever they think it’s necessary.
What can this technology be used for beyond this pandemic?
We have smartphones and IoT devices everywhere. We observed multiple epidemics in recent years and believe that with an open-source solution that is 100% privacy-preserving, we would also be able to help for future scenarios.
At this moment our mission is to promote a global solution by providing the right set of tools to fight against Coronavirus.
Anything else to add?
We are working with a team distributed across multiple countries and two continents and we’re creating a secure world-standard to tackle this problem.
This project has already been identified as the backbone for a constellation of other services:
- Shielding: we are integrating projects that will help to protect vulnerable people by reassuring them that only people who have not been infected, or who are fully recovered and not infectious, will take care of them.
- Genetic evolution of the virus: this is adding to the open-source project the possibility for doctors to add details of the genetic information about the virus detected in patients, in order to study its evolution through time and its geographic spread, as well as how its genetic features affect different types of people.
