Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Exposure Notification – protecting workplaces and vulnerable communities during a pandemic

Summary

The goal of this project is to utilize NIST expertise in privacy, cybersecurity, machine learning, wireless technology, ranging, modeling, and hardware and software development to save lives and support economic health during a pandemic through the development of open-sourced,accurate proximity detection with strong privacy and cybersecurity protocols.

Description

device a and device b

One of the keys to managing the current (and a future) epidemic is notifying people of possible virus exposure so they can isolate and seek treatment to limit further spread of the disease. While manual contact tracing is effective for notifying those who may have been exposed, technical innovations such as automated exposure notification can augment manual contact tracing. Electronic exposure notification alerts individuals who have been in contact with an infected individual that they may have been exposed so that they can take appropriate precautions. A successful exposure notification system maintains the users’ privacy, is secure from third party attacks, is available to all, is accurate, and is effective in controlling the spread of infection. Each of these aspects are being addressed through multiple activities at NIST. The individual activities are converging by way of the development of a pilot system that implements privacy and cybersecurity best practices in low-cost, open-sourced wearable devices.

Privacy – The NIST Privacy Framework has been tailored specifically to exposure notification activities in workplaces and small communities to help organizations identify and manage privacy risk while protecting individuals’ privacy.

Cybersecurity - A cryptographic approach has been developed that allows for exposure notification while preventing the compromise of people’s identities from third party surveillance. Read more about it here.

Available to all - Current approaches to electronic exposure notification rely on using Bluetooth Low Energy (BLE) signals (or chirps) from smartphones to detect whether a person has been too close for too long (TC4TL) to an infected individual. Instead of using a smartphone, we have focused on development of wearable devices, because not everyone can afford a smartphone; use of smartphone apps may be a barrier for certain segments of society, such as the elderly and the very young. Furthermore, the cost of a small wearable device could be less than $10, even in low volumes. NIST has developed multiple wearable-device prototypes using small Bluetooth development boards or small computers such as Raspberry Pi and has shown that these platforms have sufficient computing resources to implement cryptography that is suitable for protecting privacy. NIST is currently running a limited pilot to assess the effectiveness of the entire system with the goal of implementing a complete pilot workplace exposure notification using open-source hardware wearables and a server implemented with open-source software.

Accuracymachine learning – NIST, in coordination with the MIT PACT project is organizing a Too Close For Too Long (TC4TL) Challenge to facilitate the characterization of the effectiveness of range and time estimation using the BLE signals. The evaluation serves the following objectives:

  • to explore promising new ideas in TC4TL detection using BLE signal,
  • to support the development of advanced technologies incorporating these ideas,
  • to measure performance of the state-of-the-art TC4TL detectors.

Accuracywireless testbed – Effective exposure notification relies on trustworthy identification of possibly infectious encounters. Assessing the effectiveness of exposure notification within a community requires an understanding of the receiver operation characteristic (ROC) curve of the detection method used that captures the tradeoff between false positives and false negative rates. NIST is conducting a systematic study of the accuracy of BLE devices under various operating conditions.

Effectivenessmodeling – NIST scientists, in consultation with epidemiologists, are developing models to help understand how different intervention strategies such as electronic exposure notification, workplace-density, ventilation systems, testing, and quarantine strategies can help reduce the spread of an infectious disease in communities such as workplaces, schools, and nursing homes. Most modeling to date has focused on the important issues related to the spread of the disease at the national, state, and county levels to answer the bigger questions related to re-opening strategies and the allocation of critical resources. However, understanding how to stop the spread in contained communities such as workplaces, schools, and nursing homes or other community living organizations can help prevent deaths and lead to tools that help employers develop strategies to safely re-open. Preliminary results indicate that workplaces or other small communities with a high degree of participation in an exposure notification program, along with effective quarantine strategies, can halt or limit an outbreak within their environment.

This project is on-going and collaborative. For more information or to participate, please contact Rene Peralta (rene.peralta@nist.gov) or SaeWoo Nam (saewoo.nam@nist.gov).

Specific Contacts:

SaeWoo Nam (pilot system operation, open source hardware/software), saewoo.nam@nist.gov, 303-497-3148
Katy Keenan (pilot system testing), kathryn.keenan@nist.gov, 303-497-3665
Naomi Lefkovitz (privacy framework), naomi.lefkovitz@nist.gov, 301-975-2924
Nader Moayeri (wireless testbed), nader.moayeri@nist.gov , 301-975-3767
Rene Peralta (cybersecurity protocol), rene.peralta@nist.gov , 301-975-8701
Omid Sadjadi (TC4TL challenge), omid.sadjadi@nist.gov , 301-975-4187
Krister Shalm (modeling), lynden.shalm@nist.gov, 303-497-3094

Created July 24, 2020, Updated September 4, 2020