Digital Contact Tracing Apps: all known protocols

When it comes to Digital Contact Tracing app, it's very important to determine what tracing protocol has been implemented by the app itself. As you might already know if you've read the huge debate that dominated the home page of most newspapers all around the world during the recent COVID-19 emergency, one of the largest privacy concerns raised about the usage of centralised report processing by protocol such as PEPPT-PT, as opposed to the decentralised report processing protocols such as TCN and DP-3T. Centralized vs Decentralized approach In a centralized report processing protocol a user must upload their entire contact log to a health authority administered server, where the health authority is then responsible for matching the log entries to contact details, ascertaining potential contact, and ultimately warning users of potential contact. Conversely, decentralised report processing protocols, while still having a central reporting server, delegate the responsibility to process logs to clients on the network. Tokens exchanged by clients contain no intrinsic information or static identifiers. Protocols using this approach have the client upload a number from which encounter tokens can be derived by individual devices. Clients then check these tokens against their local contact logs to determine if they have come in contact with an infected patient. The major benefit of decentralized protocols - which makes them great in terms of privacy compliance - is that the government does not process nor have access to contact logs, this approach has major privacy benefits. However, such approach also presents some issues, primarily the lack of human in the loop reporting, leading to a higher occurrence of false positives; and potential scale issues, as some devices might become overwhelmed with a large number of reports. Decentralised reporting protocols are also less mature than their centralised counterparts. Here's a useful list of the available centralized and decentralized protocols nowadays. Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) Architecture:  Central log processing, Ephemeral IDs Fraunhofer Institute for Telecommunications Author/Promoter: Robert Koch Institute, Technical University of Berlin, TU Dresden, University of Erfurt, Vodafone Germany, French Institute for Research in Computer Science and Automation (Inria) License: multiple protocols, closed source, private specifications URL: https://www.pepp-pt.org/ 

Google / Apple privacy-preserving tracing

Architecture: Client log processing, Ephemeral IDs Author/Promoter: Google, Apple Inc. License: public specifications URL: https://www.apple.com/covid19/contacttracing Decentralized Privacy-Preserving Proximity Tracing (DP-3T) Architecture: Client log processing, Ephemeral IDs Author/Promoter: EPFL, ETHZ, KU Leuven, TU Delft, University College London, CISPA, University of Oxford, University of Torino / ISI Foundation License: publicly-developed Apache 2.0 reference implementation, MPL 2.0 iOS/Android code URL: https://github.com/DP-3T BlueTrace / OpenTrace Architecture: Central log processing, Ephemeral IDs Author/Promoter: Singapore Government Digital Services License: public specification, GPL 3 code URL: bluetrace.io TCN Coalition / TCN Protocol Architecture: Client log processing, Ephemeral IDs Author/Promoter: CovidWatch, CoEpi, ITO, Commons Project, Zcash Foundation, Openmined License: public developed specification, MIT License code tcn-coalition.org URL: https://github.com/TCNCoalition/TCN Whisper Tracing Protocol (Coalition App) Architecture: Client log processing, Ephemeral IDs Author/Promoter: Nodle, Berkeley, California, TCN Coalition, French Institute for Research in Computer Science and Automation (Inria) License: GPL 3 URL: https://www.coalitionnetwork.org/ Privacy Automated Contact Tracing (East Coast PACT) Architecture: Client log processing, Ephemeral IDs Author/Promoter: Massachusetts Institute of Technology, ACLU, Brown University, Weizmann Institute, Thinking Cybersecurity, Boston University License: MIT URL: https://pact.mit.edu Privacy-Sensitive Protocols for Contact Tracing (West Coast PACT) Architecture: Client log processing, Ephemeral IDs Author/Promoter: University of Washington, University of Pennsylvania, Microsoft License: MIT URL: https://arxiv.org/abs/2004.03544 NHS contact tracing protocol Architecture: Central log processing, Ephemeral IDs Author/Promoter: NHS Digital License: private specification URL: https://www.nhsx.nhs.uk/covid-19-response/nhs-covid-19-app/ Read the full article