Bluetooth cards to assist with Covid-19
contact tracing – initial analysis
Purpose of this document
The purpose of this document is to look at what we know and what we do not know about
the Bluetooth card proposed solution for contract tracing. This also looks at the processes,
technology, legislative concerns, future uses, and communication provided in the
implementation of the cards.
What are the Bluetooth cards?
The proposed solution is a small credit card sized card that uses Bluetooth Low Energy (BLE)
technology. The card contains no personal information, but does have a unique identifier,
which is tied to a contact number stored on a separate database. These cards are encrypted
so that only health professionals will be able to see the data collected upon consent of the
card holder. This card only has Bluetooth connectivity and cannot connect to the internet or
mobile networks meaning other data such as location data is not collected.
The cards will record a log when they interact with another card and details:
- How close the interaction was and how long they were in contact for;
- The time and date of the interactions;
- The unique identifier of the card that was involved in the interaction.
When a person is tested for Covid-19 they can consent to share the interaction data. If the
patient tests positive, health professionals would then match the unique identifiers collected
from the card. People involved in interactions classed as “close contacts” would be then be
notified that they have been in contact with someone who has tested positive to Covid-19.
Health professionals will not know the name, age, or location of the people they call.
Distribution and operational matters
What we don’t know
• How the cards will be distributed.
• How do we ensure the right number of cards are delivered to each household?
• Will there be an 0800 number made available for multiple stages of the process and
not just the enrolment of cards in wave 1?
• Who has the ability to download the card data?
• Whether a text message is the most appropriate way to inform people that they have
been in contact with someone who has tested positive to Covid-19?
Page 1 of 6
Distribution
The cards will be given to everyone in New Zealand and people will have a choice to opt in,
by pressing a button on the card. Once activated, the card cannot be turned off. The first
cards will be delivered by post but knowing how many cards to send to each household may
prove to be difficult. There are several data sources that could paint a picture of many
people could be in each home:
- The Electoral Roll;
- The National Drivers Licence Register and
- The 2017 Census.
However, all of these data sources have gaps in them which may make it difficult to rely on
and merging them may be difficult.
The second wave of cards will be distributed via community facilities such as MSD, banks,
etc. This would help fill some of those gaps, but it may be harder to get more complacent
people on-board as it will be less convenient than just receiving the card in the mail.
Activation process
People will primarily link the cards to their contact number by either scanning a QR code or
texting a code. An option is also available to use an 0800 number that will have a human
operator that will guide someone through the process. Having this 0800 number is
important to have as an option to activate the cards to ensure they are accessible to people
who do not have a mobile phone or the digital literacy to send a text message or scan a QR
code.
However, it appears the use of this 0800 number is only available if you receive a card in the
first wave. This number needs to be available at all stages of the process of the card’s use to
ensure it remains accessible.
Download process
When someone is tested for Covid-19 they can consent to share the data on their card. They
then present their card and the data is downloaded to a health workers device. If they test
positive, close contacts are sent an SMS message notifying them that they have been in close
contact with someone who has tested positive to Covid-19.
It is not clear who can download this data and if patients would have to travel to a separate
facility to have their card data downloaded. Having this process take place in the same place
as a test would be essential to increase convenience and reduce the movement of a
potential Covid-19 carrier.
Page 2 of 6
The current process also shows that a close contact is only notified via a txt message. This
would mean anyone who has enrolled using the 0800 number would be missed out in the
current model. Some research should also be done to see if a text message is the best
method to deliver this information. For some people, finding out that they could be infected
with Covid-19 may cause a level of anxiety and a text message may not a suitable way of
contacting these people. If a close contact receives a call, they may still be anxious, but a
person would be able to assist them on what to do next and give them advice on how to
process the information they have just received. This would also mean that everyone who
has registered for the card would be able to be contacted.
Technical specifications
What we don’t know
• Are the encryption methods strong enough for this use case; and
• Is the available storage on the cards sufficient?
Data collected by the cards
There is no personal information stored onto the cards. Instead people register the cards
through an SMS TXT or 0800 number. This is where people provide their contact number.
Their phone number is then tied to a unique identifier attached to their card on a separate
database.
This makes the option more privacy conscious than a smartphone application that could
collect more information than just a phone number, such as location data. This separation of
the card and a person’s phone number means that more people may trust it as the
Government, or any other entity, would not be able to collect more information than
needed.
The cards broadcast the following data:
- Card address;
- Rolling Key Identifier.
When a card makes contact with another it logs the following data:
- Proximity to the other card (RSSI);
- Class classification e.g close contact;
- First date and time the card came into contact;
- Last date and time the card came into contact;
- Rolling Key Identifier.
To preserve the privacy of users, the Rolling identifier and address of each card are changed
every 15 minutes in sync. This prevents people from being able to track or spoof cards.
Page 3 of 6
Proximity and class
The cards use the Received Signal Strength Indicator (RSSI) of each interaction to try and
calculate the proximity to one another. This data, along with the duration of the interaction
are then used to calculate and apply a class to the interaction. There are a total four classes
used for contact classification. These are:
Class1 – This is a close contact where the distance is <1-2m with a duration of 1 to 15
minutes. The amount of hits that this class will get is expected to be low, but of high
confidence.
Class2 – This is similar to class1, but the distance is slightly greater (2-5m). The time together
is the same and would also be regarded as a close contact.
Class3 – This is for recording interactions with further distances that occur for a longer
period of time (2hr or so).
Class4 – Can be used to record fixed beacons, if required.
Security
6(a) and 9(2)(k)
Storage
Due to the size of the cards, the storage available on them is limited. The cards are
estimated to hold 25k records, but this will change depending the detail of logs for each
interaction. At this stage it is difficult to know if this would be sufficient or not. Once some
initial testing of the cards has been completed, we may have a better idea if this amount of
storage is adequate. The required capacity of the cards will vary between person to person.
For someone in a rural community, or a small town whose primary mode of transport is a
car, 25k may be sufficient. However, someone who lives in a large city, works in a large
office, and uses public transport to commute, 25k may not be sufficient.
The cards use a combination of flash storage (long-term storage) and RAM (short-term
storage). The cards split up the logs between flash and RAM to ensure they make the most
of the storage available on them. Another way the cards make the most of their storage is by
updating the records of users classified as a “hit”. The classification of the contact is not
changed, only the time, date, and the contact count. Records are also deleted when they
would no longer be relevant if someone tested positive for Covid-19 (14-28 days).
Page 4 of 6
Communications plan
What we don’t know:
• How extensive will this communications plan be;
• What mediums will be used;
• What ways will people be informed if they are a close contact;
To ensure the implementation and use of the cards is successful, there will need to be a
communications plan that makes use of traditional and digital mediums. This plan will help
people understand the intention of the cards and why they are important. This will be
especially important in an environment where we may have no new cases of Covid-19 for a
number of days and people may not see the importance in carrying a card as they might
when the virus is actively present in the country. As part of this people will need to be aware
of:
- how to get a card;
- how to activate a card;
- why they need to carry the cards and why they are useful;
- data it collects to assure people it collects minimal data and requires consent;
- how you replace a card that is lost or faulty;
- how to tell if the card is running low on battery and how to get one;
- communicate that it is free;
This plan should also look at how health workers will interact with patients, or potential
patients and the mediums that could be used e.g phone, website.
Legislation and regulations
What we don’t know
• Are phone numbers defined as personal information;
• Do the cards and the data collected comply with the Health Information code 1994;
• If the Government wanted to make the cards compulsory, would new legislation or
regulations need to be introduced;
• Would there be a social license to make carrying the cards compulsory;
• If carrying the cards was made compulsory, how would it be enforced.
Page 5 of 6
There is no legislation or regulations that would need to be in place to circulate these cards
so long as they are opt-in. If the Government decides that carrying the cards will be
mandatory, then legislative and regulatory options will need to be explored. This would also
be a significant change for New Zealand. There has not be a case in recent times where
every person has been required to carry something issued by the Government that collects
data. While the data collected would not be location data or personal information, such as
names and addresses, it may be difficult to attain the social licence to carry this out.
Enforcing this could also be difficult, both from a logistics perspective and an acceptance
perspective.
Long-term use
What we don’t know
• Would the cards still be useful between now and the development of a vaccine;
• Would the cards vastly improve contact tracing and reduce the risk of having to go
into level 3 or 4 lockdown;
• Could cards be issued to tourists to allow tourism to begin before a vaccine is
developed;
• What is the expected uptake of the card?
It may be possible to use these cards in the future. Currently the proof-of-concept stage of
the cards will not be complete until June and if the cards are green-lit to go ahead they will
likely not be ready for distribution until mid-July. Going with current trends, Covid-19 may
have a much smaller presence in the country.
However, these cards could still be used between now and the development of a vaccine for
Covid-19 to prevent further outbreaks of the virus, or future pandemics. One of the best
responses to curb an outbreak of Covid-19 is fast and efficient contact tracing. If everyone
carried these cards and the cards improved contact tracing, this could prevent the country
from having to go into a level 3 or 4 lockdown. These cards could also be issued to tourists to
provide extra security in case they come into contact with someone with Covid-19 or are
carrying the virus themselves. This potential future use will depend on the performance,
cost, and uptake of the card. We will not likely know what the uptake will be until they are
first deployed.
Page 6 of 6