Brussels / 4 & 5 February 2023


AMENDMENT Covid Exposure Notification Out in the Open

Developing an Open Implementation of the Google/Apple Exposure Notification Protocol

Covid 19 pushed national and international cooperation to its limits, highlighting the strengths and weaknesses of our ambition to solve complex social problems using technology. One such area was Exposure Notification: using mobile phones to detect exposure to Covid. In this talk I'll chart my experiences developing an open source implementation of the GAEN protocol, which turned into the Sailfish OS Contrac App, with equivalent functionality to Germany's Covid Warn App developed by SAP.

Exposure Notification

The goal of Exposure Notification was to use mobile phones to detect potential exposure to Covid 19 carriers, and to then communicate this information to the appropriate people in a suitably privacy-respecting way.

Different countries chose different methods for achieving this, but within Europe the Google/Apple Exposure Notification (GAEN) protocol become one of the most widely used approaches. The protocol satisfied two important requirements: interoperability and privacy. The first comes from its deployment to all up-to-date Google and Apple devices everywhere in the world, offering truly global interoperability. The second from the careful and thoughtful design of the protocol itself.

In this talk I will chart my experiences developing my own open source implementation of the GAEN protocol for use with Germany's exposure notification infrastructure. This eventually turned into the open source libcontrac library, and the Sailfish OS Contrac App, with equivalent functionality to that of the German Covid Warn App developed by SAP. Contrac gained quite widespread use within the Sailfish community.

Working with Other Organisations

Google and Apple released a specifications for the protocol very early on, and using this it was possible to release a cross-platform open-source library implementation of the protocol even before the official version rolled out to Android and iOS phones. However, this only tackled half of the problem, since the infrastructure for communication with health authorities was developed separately and independently by each country that used it, and this wouldn't be deployed until later.

I will therefore also talk about SAP's Covid Warn App backend implementation. SAP put great effort into developing this using an open source model. On the one hand their approach was very successful and achieved its purported goals, in that it made it possible to develop a fully-independent, fully open-source, fully-functional re-implementation of the Covid Warn App for use on Linux-based mobile phones. On the other hand, my personal experience of working with the project left something to be desired. In this talk I will therefore also explore some of the traps that organisations fall into when managing large, government-level, open source projects, and in particular in relation to how they interact with small independent contributors.

Please note that this talk was originally scheduled to be 20 minutes but have been expanded due to cancellations of other talks just before the schedule freeze.


Photo of David Llewellyn-Jones David Llewellyn-Jones