Source files of,,,,, and Contribute:
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

193 lines
7.1 KiB

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <html newsdate="2020-11-12">
  3. <version>2</version>
  4. <head>
  5. <title>How (not) to set up a public warning system</title>
  6. </head>
  7. <body>
  8. <h1>How (not) to set up a public warning system</h1>
  9. <p>
  10. What is the best way to alert people about catastrophes? Germany went
  11. with proprietary apps which caused the recent warning day ("Warntag")
  12. to become an official failure. We analysed the situation and found
  13. more robust solutions that respect user rights.
  14. </p>
  15. <p>
  16. The basic idea of testing emergency systems is to find potential or
  17. real problems. However, it is remarkable how much went wrong in
  18. Germany's official warning day in September. Especially the <a
  19. href="">unreliability</a>
  20. of the officially advertised non-free and non-standard apps forced
  21. the Federal Ministry of the Interior (BMI), that is in charge of the
  22. responsible Federal Office of Civil Protection and Disaster
  23. Assistance (BBK), to label the test day as a failure.
  24. </p>
  25. <p>
  26. The FSFE analysed the findings together with experts in civil
  27. protection and mobile networking to figure out why the apps failed,
  28. and what a more resilient and open system can look like.
  29. </p>
  30. <figure>
  31. <img
  32. src=""
  33. alt="A red emergency phone" />
  34. </figure>
  35. <h2>Digital Warning Systems in Germany</h2>
  36. <p>
  37. There are three popular publicly financed apps that can carry
  38. official emergency alerts to their users: Katwarn, Nina, and Biwapp.
  39. All three are proprietary, so non-free
  40. software that does not allow their users to use, study, share, and
  41. improve the software. Moreover, they rely on fetching emergency alerts
  42. from the central <em>MoWaS</em> ("modular warning system"), and forwarding
  43. these to the app users using their phones' WiFi or mobile internet
  44. connection.
  45. </p>
  46. <p>
  47. An overload of this central system was the main reason why many
  48. alerts did not reach the app users in time or at all. This did not
  49. come as a surprise, though. In a scenario where millions of devices
  50. are reached at the same time from a central instance with
  51. one-to-one (<em>unicast</em>) connections, network bottlenecks are
  52. almost inevitable.
  53. </p>
  54. <p>
  55. The underlying problem, however, is unnecessary complexity and duplicated
  56. structures. Instead of investing large amounts of public money into
  57. centralised systems and three proprietary apps, other states run a
  58. more resilient and well-tested infrastructure for distributing
  59. emergency messages: SMSCB, more commonly called <em>cell
  60. broadcasts</em>, to provide one-to-many messages.
  61. </p>
  62. <h2>Cell Broadcasts</h2>
  63. <p>
  64. Standardised around 1990, cell broadcasts are an established method to
  65. send messages to all mobile network users, either in a whole country
  66. or limited to specific areas, in no more than a few seconds. Phones do
  67. not have to be registered in a specific network to receive these
  68. messages, and alerts with the highest priority will ring an
  69. alarm even if the phone is muted. And unlike SMS and mobile internet, cell
  70. broadcasts have a reserved channel that works even if phone cells are
  71. overloaded with users and messages.
  72. </p>
  73. <p>
  74. Furthermore, cell broadcasts can be received by every phone, no
  75. matter whether emergency apps, an up-to-date operating system, or
  76. proprietary Google/Apple services are installed. Because the
  77. communication is one-to-many, there are no privacy concerns either.
  78. These clear benefits made the European Union decide to base the <a
  79. href="">EU-Alert</a> system on
  80. cell broadcasts. As a directive, this has to be implemented by all EU
  81. member states before June 2022, unless a state can provide a service
  82. with a similarily reliable performance – which is a very high
  83. threshold.
  84. </p>
  85. <p>
  86. Regardless of these advantages, Germany chose to not base its
  87. emergency alert system on the SMSBC standard, unlike other countries
  88. such as the Netherlands, Greece, Romania, Italy, or the USA. Because
  89. there is no official obligation to do so, most mobile network
  90. providers deactivated this feature to save costs. Instead, much
  91. higher costs are incurred by the taxpayers to finance an isolated
  92. system and accompanying proprietary apps.
  93. </p>
  94. <figure>
  95. <img
  96. src=""
  97. alt="EU-Alert/NL-Alert Cell Broadcast message" />
  98. <figcaption>EU-Alert/NL-Alert Cell Broadcast message in 2018.
  99. CC-BY-SA-4.0 by WarningMessageDelivery</figcaption>
  100. </figure>
  101. <h2>Warning Apps</h2>
  102. <p>
  103. Despite the clear advantages of cell broadcasts, warning apps have
  104. their justification. Users can request various information about
  105. other regions and past events. However, basing a
  106. large part of the emergency communication system on warning apps has proven to be
  107. too prone to single points of failure.
  108. </p>
  109. <p>
  110. Furthermore, because of the critical role of emergency communication systems for the public, they have
  111. to be <a href="/freesoftware/">Free Software</a>, and built upon <a
  112. href="/freesoftware/standards/">Open Standards</a>. Only with the
  113. freedoms to use, study, share, and improve software, can they be
  114. analysed by citizens and independent security researchers. This in
  115. turn increases trust and willingness to install a complementary
  116. warning app, as the practical experience with the Corona tracing apps
  117. shows.
  118. </p>
  119. <h2>Conclusion</h2>
  120. <p>
  121. Our analysis concludes with three key findings that not only the
  122. responsible administrations but also other actors should keep in
  123. mind.
  124. </p>
  125. <ul>
  126. <li>
  127. The foundation of emergency communication from authorities
  128. should be a standardised, resilient system that
  129. is capable of sending millions of messages to as many devices as
  130. possible, regardless of their operating system or installed
  131. software. Currently, SMSBC, or cell broadcasts, seem to be the best
  132. possible implementation that works well in numerous states.
  133. Therefore, we appreciate that the EU chose to base EU-Alert on cell
  134. broadcasts.
  135. </li>
  136. <li>
  137. Warning apps can be a useful complement. Especially for publicly
  138. funded apps, it is crucial to develop and release the software under a
  139. Free Software license, following the principle of <a
  140. href="">Public Money? Public Code!</a>.
  141. </li>
  142. <li>
  143. Testing warning systems is important, and the planned regular warning days
  144. should be maintained in the future. It is normal that errors occur
  145. during these tests, but they must not be glossed over. Instead
  146. errors must be addressed thoroughly.
  147. </li>
  148. </ul>
  149. <p>
  150. In this sense, the responsible administrations, BBK and BMI, have a lot of work
  151. ahead. But it is doable, both from the practical and financial
  152. perspectives.
  153. </p>
  154. </body>
  155. <tags>
  156. <tag key="front-page"/>
  157. <tag key="de">Germany</tag>
  158. <tag key="fya">Android</tag>
  159. <tag key="pmpc">Public Code</tag>
  160. </tags>
  161. <discussion href=""/>
  162. <image url=""/>
  163. </html>