Enduring Net & Soteria Institute Local Contact Tracing Data Policy

Privacy Notice

All information necessary to enable Local Contact Tracing (LCT) is stored on local devices under the control of the device owners and data generators, who are also data controllers. Information necessary to enable local contact tracing includes:

• Publicly recognizable names of places (Public Places or Rooms) where people gather
• Each Visitor records the timing and places visited
• Each Public Place records the Nickname of each Visitor along with date visited

LCT purged all data that is more than 14 days old. All data on the users' devices can be deleted by claearing the cache.

About Us

Local Contact Tracing has been designed to complement existing COVID regime. LCT is designed to be deployed with minimal time and financial resources.

LCT is a grassroots initiative adopted and used inside narrow local confines (from small town communities to large organizations). Visitors log visits to Public Places or a Gathering. Visitors send warning tested positive. The system will alert all other contemporaneous Visitors of their exposure to the virus and trigger further covid tests. Those Visitors, if positive, can in turns warn others of exposure. The process continues instantaneously across the locale minimizing the time to intervene and maximizing the time unexposed people can go about their lives and livelihoods. LCT is designed to justify timely COVID testing. Test results can be stored and shared as verifiable credentials.

The LCT strategy reverses the order of importance in the weapons to defeat the virus:

Trace -> Test -> Treat

Data Collection

Visitors use the LCT web application to record travel history. The LCT app stores these visits using IndexedDB provided by all modern web browsers. When a Visitor makes a travel journal, the Visitor’s app sends a message to a cloud-based server.

If a Visitor goes into quarantine and alerted the server, the server identifies all connecitons through RADIS graph  (up to 14 days) and sends messages to all the connection ID of the primary first-hand exposure).

Exposed Visitors repeat the same process for the secondary exposure until the entire network is aware of the increased risk of spread.

Data Categories

The LCT client app has two major Javascript data structures, Visit and Place (or Gathering).  The server calls on RedisGraph which is a directed acyclic graph or a property graph (opens new window).

Visitors can revisit the same place, and each visited place is an entity in the Place collection. The Visitor adds places over time. Deleting a visit has no effect on the Place collection. This means that if all the visits get deleted, the Recent Visits list will remember those past visits. This is especially useful for Gatherings (where they is no public name to the place) such as hiking trip or birthday party.

On the Calendar, each visit to a place is unique in time. Each visit to the same place is different in time but not in space. Each visit points to a single record in the Place collection, so visits do not have to store any spatial data.

On the Graph, each visit represents an edge (with temporal data) between two nodes: the visitor and the place. Each visit by the same visitor to the same place adds an arc to the graph. This way the graph can determine which visitors shared the same space at the same time.

See https://lct-docs.netlify.app/policy/#data-categories for more details.

Legal Basis for Processing Data

Since no PII is processed, and there is no presumption of privacy when entering a public place.

Data Sharing

Since the server can only receive data from a known identity and specific personal device (like a mobile phone, tablet, laptop or desktop) and it transmits (but not store) that data only with an identity/device specified in the message, there is little to no risk of involuntary data sharing.

Data Security and Retention

LCT is designed to eliminate barriers to participation. LCT processes information just sufficient to give all parties maximum situation awareness regarding the prevalence of COVID in their community.

Since covid exposure data has a limited lifetime, LCT ignores any data older than 14 days. That is, messages cannot contain visits older than 14 days. Visitors and Rooms can delete data on their local device whenever they want. The only caveat is that absent data, they may not see some exposure alerts.

Complaints

Since LCT is based on messages, LCT can use the same technology to provide support to users and a venue to complain about the network visible only to parties in the network. For further queries and feedback please contact enduringnet@gmail.com.

Credits

The LCT application is developed by Michael Corning, who is the Cryptocosm Architect at Secours.io

Go to Introduction, User Guide, or Technical Details.   If you have any questions or feedback, please Email Us.