Decentralized Privacy-Preserving Proximity Tracing
Decentralized Privacy-Preserving Proximity Tracing (DP-3T, stylized as dp3t) is an open protocol developed in response to the COVID-19 pandemic to facilitate digital contact tracing of infected participants.[4][5] The protocol, like competing protocol Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT), uses Bluetooth Low Energy to track and log encounters with other users.[6][7] The protocols differ in their reporting mechanism, with PEPP-PT requiring clients to upload contact logs to a central reporting server, whereas with DP-3T, the central reporting server never has access to contact logs nor is it responsible for processing and informing clients of contact.[1] Because contact logs are never transmitted to third parties, it has major privacy benefits over the PEPP-PT approach;[8][9] however, this comes at the cost of requiring more computing power on the client side to process infection reports.[10]
Not to be confused with Pan-European Privacy-Preserving Proximity Tracing.Developed by
- École Polytechnique Fédérale de Lausanne
- ETH Zurich
- KU Leuven
- Delft University of Technology
- University College London
- Helmholtz Centre for Information Security
- University of Torino
- ISI Foundation
- INESC TEC[1]
April 4, 2020[2]
Android & iOS smartphones
~10 m (33 ft)[3]
The Apple/Google Exposure Notification project is based on similar principles as the DP-3T protocol, and supports a variant of it since May 2020.[11][12][13] Huawei added a similar implementation of DP-3T to its Huawei Mobile Services APIs known as "Contact Shield" in June 2020.[14]
The DP-3T SDK and calibration apps intend to support the Apple/Google API as soon as it is released to iOS and Android devices.[15][16]
On the 21 April 2020, the Swiss Federal Office of Public Health announced that the Swiss national coronavirus contact tracing app will be based on DP-3T.[17] On the 22 April 2020, the Austrian Red Cross, leading on the national digital contact tracing app, announced its migration to the approach of DP-3T.[18] Estonia also confirmed that their app would be based on DP-3T.[19] On April 28, 2020, it was announced that Finland was piloting a version of DP-3T called "Ketju".[20] In Germany, a national app is being built upon DP-3T by SAP SE and Deutsche Telekom alongside CISPA, one of the organisations that authored the protocol.[21] As of September 30, 2020, contact tracing apps using DP-3T are available in Austria, Belgium, Croatia, Germany, Ireland, Italy, the Netherlands, Portugal and Switzerland.[22]
Overview[edit]
The DP-3T protocol works off the basis of Ephemeral IDs (EphID), semi-random rotating strings that uniquely identify clients.[23] When two clients encounter each other, they exchange EphIDs and store them locally in a contact log.[24] Then, once a user tests positive for infection, a report is sent to a central server. Each client on the network then collects the reports from the server and independently checks their local contact logs for an EphID contained in the report. If a matching EphID is found, then the user has come in close contact with an infected patient, and is warned by the client. Since each device locally verifies contact logs, and thus contact logs are never transmitted to third parties, the central reporting server cannot by itself ascertain the identity or contact log of any client in the network. This is in contrast to competing protocols like PEPP-PT, where the central reporting server receives and processes client contact logs.[25]
Epidemiological analysis[edit]
When a user installs a DP-3T app, they are asked if they want to opt in to sharing data with epidemiologists. If the user consents, when they are confirmed to have been within close contact of an infected patient the respective contact log entry containing the encounter is scheduled to be sent to a central statistics server. In order to prevent malicious third parties from discovering potential infections by detecting these uploads, reports are sent at regular intervals, with indistinguishable dummy reports sent when there is no data to transmit.[1]
Health authority cooperation[edit]
To facilitate compatibility between DP-3T apps administered by separate health authorities, apps maintain a local list of the regions a user has visited. Regions are large areas directly corresponding to health authority jurisdiction; the exact location is not recorded. The app will later connect these regions to their respective foreign central reporting server, and fetch reports from these servers in addition to its normal home reporting server. Apps will also submit reports to these foreign reporting servers if the user tests positive for infection.[1]