FLC | NIST plans Exposure Notification System to blunt COVID-19 spread

NIST plans Exposure Notification System to blunt COVID-19 spread

November 12, 2020

Nader Moayeri, a senior research scientist with the Advanced Network Technologies Division at the National Institute of Standards and Technology (NIS), is part of a grassroots effort at NIST that is developing an exposure notification system for pandemics in general, though they hope it could be used in at least a limited fashion during the current COVID-19 pandemic.

"We are fortunate at NIST to have all the expertise required to tackle this multidisciplinary problem, solutions to which have the potential to save many lives and hasten economic recovery by helping to reopen our nation," Moayeri wrote in a November 10 blog post describing the efforts.

Contact tracing has been used to blunt the spread of pandemics since the 19th century. In its usual form, health workers conduct interviews with folks who have tested positive for the infectious disease to find out whom they have been in contact with during a certain period before testing. They also learn the length of time people were together and how close they got to one another. The health worker then traces those contacts to let them know they may have been exposed so that they can self-isolate or get tested. This process can be slow and labor-intensive and may not identify every contact. It relies on the infected person remembering all their contacts and the health worker being able to locate those individuals in a timely fashion to stop them from further spreading the disease.

Contact Tracing 2.0

NIST's work was inspired by and builds off the Exposure Notification System that Google and Apple partnered to develop as an electronic complement to manual contact tracing. They developed software to enable all kinds of smartphones to exchange standardized Bluetooth Low Energy (BLE) messages. This allows third-party developers to develop apps that estimate the proximity of people carrying smartphones based on the strength of received BLE signals and estimate the duration of a contact.

Whereas the Google and Apple system requires that a user have a smartphone, the NIST researchers have focused on the development of stand-alone devices for exposure notification that can be worn as a pendant or bracelet. There are several reasons for choosing a wearable device over a smartphone. First, not everyone has a smartphone. Second, people may have a lot of personal data on their phones and may be reluctant to install an exposure notification app that interacts with health authorities. They may be concerned about the unauthorized extraction and use of the data on their phones. Third, interacting with a smartphone may be a barrier to certain segments of society such as the elderly. Finally, small children aged younger than 10 years may not only not have a smartphone but might also not be capable of being responsible for one. ("Think of how well a 6-year-old typically cares for things," Moayeri wrote.) Because small children’s symptoms are often mild or absent, it is especially important to have an exposure notification system for them that can overcome these challenges.

For these reasons, NIST is aiming to develop a device that is not only small and wearable but also inexpensive and easy to use. The device would have a simple user interface: a push-button for occasionally checking the proximity data collected on the device against a database of infected people, a green LED to indicate that you are safe, and a red LED to indicate that you have come into close contact with an infected person. The device may also be equipped with a buzzer or vibrator to instantly warn you if you get within six feet of another person wearing the device. That would allow the person to maintain appropriate social distance. The target price for the device is $10, and its developers expect it to run for three months before the battery needs replacement. This would enable widespread adoption in smaller communities such as workplaces, schools and nursing homes.

Focusing on Accuracy

At NIST’s campus in Gaithersburg, Maryland, Moayeri has worked with Chang Li and Lu Shi to develop a wearable exposure notification device based on a Raspberry Pi computing platform. This modular device is smaller than a deck of playing cards, and it uses a rechargeable battery. One advantage of this platform is that it has a Wi-Fi interface, making it possible for users to upload proximity data without the need for a smartphone or laptop.

They are also developing algorithms for detecting medically significant contacts based on the strength of received BLE signals. These signals do not allow researchers to estimate the distance between the devices with a high degree of accuracy; this may result in false positives or false alarms. It may also lead to false negatives, the worst-case scenario in which a contact is made but not detected, which could lead to more infections. Unfortunately, typically such an algorithm cannot have both a low false-positive rate and a low false-negative rate. The NIST researchers are striving to find a detection algorithm that minimizes the false positive rate subject to the false-negative rate being below some prescribed tolerable level.

To this end, they carried out a five-week campaign to collect Bluetooth data under various conditions. They tested scenarios where two or more devices were at different distances and either in line of sight of each other or separated by walls made of different construction materials. The campaign resulted in a rich hoard of data that will be used to future efforts.

Of course, there is only so much one can do with Bluetooth technology. Soon, therefore, the NIST team plans to explore proximity detection based on other signals such as ultra-wideband radio frequency signals or ultrasound, which are expected to allow a much more accurate job of detecting contacts.

A Tour de Force in Boulder

Sae Woo Nam, Katy Keenan and Krister Shalm and their colleagues at the NIST campus in Boulder, Colorado, have been contributing greatly to this effort.

Nam developed several prototype wearable devices using inexpensive BLE computer components and 3D-printed cases, with specific attention to maximizing the battery life of these devices. Hardware and software systems are also being developed that store the database of infected individuals as well as the interface between the wearable devices and that system. In this setup, the device would connect to the internet via a laptop or a smartphone and upload the records of encounters with other devices. The system then computes whether you have had contact with infected individuals, and it sends you a notification.

Keenan is running a pilot study using these devices to determine how well the system can detect medically significant contacts. Data from the pilot study will enable the team to measure the false positive and false negative rates of device and system designs.

Shalm is leading epidemiological modeling efforts, which provide qualitative information about effectiveness of contact tracing. With this model, the researchers have determined parameters such as the required adoption rate and tolerable false positive and false negative rates for an electronic notification system to stop outbreaks. The modeling shows that a good exposure notification system makes it possible to reopen businesses safely.

Paying Attention to Privacy Concerns

For an exposure notification system to be effective in reducing the spread of COVID-19, most of the population would have to use it. Many people might be concerned about whether the system would preserve their privacy.

Naomi Lefkovitz has been using the NIST Privacy Framework to help the team prioritize the privacy requirements for the complete system, from policy considerations to technical capabilities, including the specifications for a privacy-preserving user interface to transmit and receive exposure notifications.

To implement the technical privacy requirements, Rene Peralta at NIST’s Gaithersburg campus has developed a cryptographic system that uses encounter IDs instead of device IDs. An encounter ID is obtained by combining the IDs of the two devices involved in an encounter and encrypting that information. This method, used in our pilot study, provides strong anonymity; it prevents cyberattacks that could result from the broadcasting of device IDs. Enabling this high degree of privacy is based upon the assumption that users of the system are “good actors” insofar as they must voluntarily enter their positive status in the system. This assumption may hold better in smaller communities where the bonds between users might be closer. However, this assumption remains an open question for research and could potentially benefit from the application of game theory to test it.

Nevertheless, the cryptographic encounter IDs provide an additional benefit. They produce anonymized data about the use of buildings (or other spaces) so that decisions can be made about occupant capacity and environmental controls management. These kinds of decisions are an essential part of being able to reopen society.

Putting It To the Test

NIST’s Omid Sadjadi and Craig Greenberg, along with collaborators at the MIT Lincoln Laboratory, just brought the NIST TC4TL [Too Close for Too Long] Challenge to a successful conclusion. They made training and test sets of data available to challenge participants to train and fine-tune their proximity detection algorithms. The participants were able to run their algorithms on test data sets and upload their data onto the challenge website to get instantaneous performance evaluation results based on a published set of criteria. The website also hosted a leaderboard so that the participants and the public at large could see how different algorithms were faring against each other. Due to the limitations of the data available, the TC4TL Challenge dealt with how close two BLE devices were and not the duration of their encounters.

Finally, NIST’s Heather Evans and Michelle Stephens coordinate the activities of Moayeri's group, which involves staff from across at least six different laboratory divisions at NIST. The projects described in the blog post came together as part of the “How Can NIST Help?” effort.

NIST has a robust program to develop exposure notification systems and the requisite standards for COVID-19 and future pandemics. The program of research is comprehensive, and it is addressing all issues related to this problem. COVID-19 will not be the last pandemic to plague humankind, and NIST is doing all it can to make our nation better equipped to deal with them all.