Source files of fsfe.org, pdfreaders.org, freeyourandroid.org, ilovefs.org, drm.info, and test.fsfe.org. Contribute: https://fsfe.org/contribute/web/ https://fsfe.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

193 lines
7.1 KiB

<?xml version="1.0" encoding="UTF-8"?>
<html newsdate="2020-11-12">
<version>2</version>
<head>
<title>How (not) to set up a public warning system</title>
</head>
<body>
<h1>How (not) to set up a public warning system</h1>
<p>
What is the best way to alert people about catastrophes? Germany went
with proprietary apps which caused the recent warning day ("Warntag")
to become an official failure. We analysed the situation and found
more robust solutions that respect user rights.
</p>
<p>
The basic idea of testing emergency systems is to find potential or
real problems. However, it is remarkable how much went wrong in
Germany's official warning day in September. Especially the <a
href="https://www.dw.com/en/germanys-nationwide-emergency-warning-day-sees-bumpy-rollout/a-54877137">unreliability</a>
of the officially advertised non-free and non-standard apps forced
the Federal Ministry of the Interior (BMI), that is in charge of the
responsible Federal Office of Civil Protection and Disaster
Assistance (BBK), to label the test day as a failure.
</p>
<p>
The FSFE analysed the findings together with experts in civil
protection and mobile networking to figure out why the apps failed,
and what a more resilient and open system can look like.
</p>
<figure>
<img
src="https://pics.fsfe.org/uploads/medium/8a77a3fbd5eb790cf94b2f115f6f94f3.jpg"
alt="A red emergency phone" />
</figure>
<h2>Digital Warning Systems in Germany</h2>
<p>
There are three popular publicly financed apps that can carry
official emergency alerts to their users: Katwarn, Nina, and Biwapp.
All three are proprietary, so non-free
software that does not allow their users to use, study, share, and
improve the software. Moreover, they rely on fetching emergency alerts
from the central <em>MoWaS</em> ("modular warning system"), and forwarding
these to the app users using their phones' WiFi or mobile internet
connection.
</p>
<p>
An overload of this central system was the main reason why many
alerts did not reach the app users in time or at all. This did not
come as a surprise, though. In a scenario where millions of devices
are reached at the same time from a central instance with
one-to-one (<em>unicast</em>) connections, network bottlenecks are
almost inevitable.
</p>
<p>
The underlying problem, however, is unnecessary complexity and duplicated
structures. Instead of investing large amounts of public money into
centralised systems and three proprietary apps, other states run a
more resilient and well-tested infrastructure for distributing
emergency messages: SMSCB, more commonly called <em>cell
broadcasts</em>, to provide one-to-many messages.
</p>
<h2>Cell Broadcasts</h2>
<p>
Standardised around 1990, cell broadcasts are an established method to
send messages to all mobile network users, either in a whole country
or limited to specific areas, in no more than a few seconds. Phones do
not have to be registered in a specific network to receive these
messages, and alerts with the highest priority will ring an
alarm even if the phone is muted. And unlike SMS and mobile internet, cell
broadcasts have a reserved channel that works even if phone cells are
overloaded with users and messages.
</p>
<p>
Furthermore, cell broadcasts can be received by every phone, no
matter whether emergency apps, an up-to-date operating system, or
proprietary Google/Apple services are installed. Because the
communication is one-to-many, there are no privacy concerns either.
These clear benefits made the European Union decide to base the <a
href="https://en.wikipedia.org/wiki/EU-Alert">EU-Alert</a> system on
cell broadcasts. As a directive, this has to be implemented by all EU
member states before June 2022, unless a state can provide a service
with a similarily reliable performance – which is a very high
threshold.
</p>
<p>
Regardless of these advantages, Germany chose to not base its
emergency alert system on the SMSBC standard, unlike other countries
such as the Netherlands, Greece, Romania, Italy, or the USA. Because
there is no official obligation to do so, most mobile network
providers deactivated this feature to save costs. Instead, much
higher costs are incurred by the taxpayers to finance an isolated
system and accompanying proprietary apps.
</p>
<figure>
<img
src="https://pics.fsfe.org/uploads/big/f790c7602451468f95091e50dc7988d1.jpg"
alt="EU-Alert/NL-Alert Cell Broadcast message" />
<figcaption>EU-Alert/NL-Alert Cell Broadcast message in 2018.
CC-BY-SA-4.0 by WarningMessageDelivery</figcaption>
</figure>
<h2>Warning Apps</h2>
<p>
Despite the clear advantages of cell broadcasts, warning apps have
their justification. Users can request various information about
other regions and past events. However, basing a
large part of the emergency communication system on warning apps has proven to be
too prone to single points of failure.
</p>
<p>
Furthermore, because of the critical role of emergency communication systems for the public, they have
to be <a href="/freesoftware/">Free Software</a>, and built upon <a
href="/freesoftware/standards/">Open Standards</a>. Only with the
freedoms to use, study, share, and improve software, can they be
analysed by citizens and independent security researchers. This in
turn increases trust and willingness to install a complementary
warning app, as the practical experience with the Corona tracing apps
shows.
</p>
<h2>Conclusion</h2>
<p>
Our analysis concludes with three key findings that not only the
responsible administrations but also other actors should keep in
mind.
</p>
<ul>
<li>
The foundation of emergency communication from authorities
should be a standardised, resilient system that
is capable of sending millions of messages to as many devices as
possible, regardless of their operating system or installed
software. Currently, SMSBC, or cell broadcasts, seem to be the best
possible implementation that works well in numerous states.
Therefore, we appreciate that the EU chose to base EU-Alert on cell
broadcasts.
</li>
<li>
Warning apps can be a useful complement. Especially for publicly
funded apps, it is crucial to develop and release the software under a
Free Software license, following the principle of <a
href="https://publiccode.eu">Public Money? Public Code!</a>.
</li>
<li>
Testing warning systems is important, and the planned regular warning days
should be maintained in the future. It is normal that errors occur
during these tests, but they must not be glossed over. Instead
errors must be addressed thoroughly.
</li>
</ul>
<p>
In this sense, the responsible administrations, BBK and BMI, have a lot of work
ahead. But it is doable, both from the practical and financial
perspectives.
</p>
</body>
<tags>
<tag key="front-page"/>
<tag key="de">Germany</tag>
<tag key="fya">Android</tag>
<tag key="pmpc">Public Code</tag>
</tags>
<discussion href="https://community.fsfe.org/t/538"/>
<image url="https://pics.fsfe.org/uploads/medium/7a0203c58e6e11e841072693a1a91eeb.jpg"/>
</html>