|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<html newsdate="2020-11-12">
|
|
<version>2</version>
|
|
|
|
<head>
|
|
<title>How (not) to set up a public warning system</title>
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<h1>How (not) to set up a public warning system</h1>
|
|
|
|
<p>
|
|
What is the best way to alert people about catastrophes? Germany went
|
|
with proprietary apps which caused the recent warning day ("Warntag")
|
|
to become an official failure. We analysed the situation and found
|
|
more robust solutions that respect user rights.
|
|
</p>
|
|
|
|
<p>
|
|
The basic idea of testing emergency systems is to find potential or
|
|
real problems. However, it is remarkable how much went wrong in
|
|
Germany's official warning day in September. Especially the <a
|
|
href="https://www.dw.com/en/germanys-nationwide-emergency-warning-day-sees-bumpy-rollout/a-54877137">unreliability</a>
|
|
of the officially advertised non-free and non-standard apps forced
|
|
the Federal Ministry of the Interior (BMI), that is in charge of the
|
|
responsible Federal Office of Civil Protection and Disaster
|
|
Assistance (BBK), to label the test day as a failure.
|
|
</p>
|
|
|
|
<p>
|
|
The FSFE analysed the findings together with experts in civil
|
|
protection and mobile networking to figure out why the apps failed,
|
|
and what a more resilient and open system can look like.
|
|
</p>
|
|
|
|
<figure>
|
|
<img
|
|
src="https://pics.fsfe.org/uploads/medium/8a77a3fbd5eb790cf94b2f115f6f94f3.jpg"
|
|
alt="A red emergency phone" />
|
|
</figure>
|
|
|
|
<h2>Digital Warning Systems in Germany</h2>
|
|
|
|
<p>
|
|
There are three popular publicly financed apps that can carry
|
|
official emergency alerts to their users: Katwarn, Nina, and Biwapp.
|
|
All three are proprietary, so non-free
|
|
software that does not allow their users to use, study, share, and
|
|
improve the software. Moreover, they rely on fetching emergency alerts
|
|
from the central <em>MoWaS</em> ("modular warning system"), and forwarding
|
|
these to the app users using their phones' WiFi or mobile internet
|
|
connection.
|
|
</p>
|
|
|
|
<p>
|
|
An overload of this central system was the main reason why many
|
|
alerts did not reach the app users in time or at all. This did not
|
|
come as a surprise, though. In a scenario where millions of devices
|
|
are reached at the same time from a central instance with
|
|
one-to-one (<em>unicast</em>) connections, network bottlenecks are
|
|
almost inevitable.
|
|
</p>
|
|
|
|
<p>
|
|
The underlying problem, however, is unnecessary complexity and duplicated
|
|
structures. Instead of investing large amounts of public money into
|
|
centralised systems and three proprietary apps, other states run a
|
|
more resilient and well-tested infrastructure for distributing
|
|
emergency messages: SMSCB, more commonly called <em>cell
|
|
broadcasts</em>, to provide one-to-many messages.
|
|
</p>
|
|
|
|
<h2>Cell Broadcasts</h2>
|
|
|
|
<p>
|
|
Standardised around 1990, cell broadcasts are an established method to
|
|
send messages to all mobile network users, either in a whole country
|
|
or limited to specific areas, in no more than a few seconds. Phones do
|
|
not have to be registered in a specific network to receive these
|
|
messages, and alerts with the highest priority will ring an
|
|
alarm even if the phone is muted. And unlike SMS and mobile internet, cell
|
|
broadcasts have a reserved channel that works even if phone cells are
|
|
overloaded with users and messages.
|
|
</p>
|
|
|
|
<p>
|
|
Furthermore, cell broadcasts can be received by every phone, no
|
|
matter whether emergency apps, an up-to-date operating system, or
|
|
proprietary Google/Apple services are installed. Because the
|
|
communication is one-to-many, there are no privacy concerns either.
|
|
These clear benefits made the European Union decide to base the <a
|
|
href="https://en.wikipedia.org/wiki/EU-Alert">EU-Alert</a> system on
|
|
cell broadcasts. As a directive, this has to be implemented by all EU
|
|
member states before June 2022, unless a state can provide a service
|
|
with a similarily reliable performance – which is a very high
|
|
threshold.
|
|
</p>
|
|
|
|
<p>
|
|
Regardless of these advantages, Germany chose to not base its
|
|
emergency alert system on the SMSBC standard, unlike other countries
|
|
such as the Netherlands, Greece, Romania, Italy, or the USA. Because
|
|
there is no official obligation to do so, most mobile network
|
|
providers deactivated this feature to save costs. Instead, much
|
|
higher costs are incurred by the taxpayers to finance an isolated
|
|
system and accompanying proprietary apps.
|
|
</p>
|
|
|
|
<figure>
|
|
<img
|
|
src="https://pics.fsfe.org/uploads/big/f790c7602451468f95091e50dc7988d1.jpg"
|
|
alt="EU-Alert/NL-Alert Cell Broadcast message" />
|
|
<figcaption>EU-Alert/NL-Alert Cell Broadcast message in 2018.
|
|
CC-BY-SA-4.0 by WarningMessageDelivery</figcaption>
|
|
</figure>
|
|
|
|
<h2>Warning Apps</h2>
|
|
|
|
<p>
|
|
Despite the clear advantages of cell broadcasts, warning apps have
|
|
their justification. Users can request various information about
|
|
other regions and past events. However, basing a
|
|
large part of the emergency communication system on warning apps has proven to be
|
|
too prone to single points of failure.
|
|
</p>
|
|
|
|
<p>
|
|
Furthermore, because of the critical role of emergency communication systems for the public, they have
|
|
to be <a href="/freesoftware/">Free Software</a>, and built upon <a
|
|
href="/freesoftware/standards/">Open Standards</a>. Only with the
|
|
freedoms to use, study, share, and improve software, can they be
|
|
analysed by citizens and independent security researchers. This in
|
|
turn increases trust and willingness to install a complementary
|
|
warning app, as the practical experience with the Corona tracing apps
|
|
shows.
|
|
</p>
|
|
|
|
<h2>Conclusion</h2>
|
|
|
|
<p>
|
|
Our analysis concludes with three key findings that not only the
|
|
responsible administrations but also other actors should keep in
|
|
mind.
|
|
</p>
|
|
|
|
<ul>
|
|
<li>
|
|
The foundation of emergency communication from authorities
|
|
should be a standardised, resilient system that
|
|
is capable of sending millions of messages to as many devices as
|
|
possible, regardless of their operating system or installed
|
|
software. Currently, SMSBC, or cell broadcasts, seem to be the best
|
|
possible implementation that works well in numerous states.
|
|
Therefore, we appreciate that the EU chose to base EU-Alert on cell
|
|
broadcasts.
|
|
</li>
|
|
|
|
<li>
|
|
Warning apps can be a useful complement. Especially for publicly
|
|
funded apps, it is crucial to develop and release the software under a
|
|
Free Software license, following the principle of <a
|
|
href="https://publiccode.eu">Public Money? Public Code!</a>.
|
|
</li>
|
|
|
|
<li>
|
|
Testing warning systems is important, and the planned regular warning days
|
|
should be maintained in the future. It is normal that errors occur
|
|
during these tests, but they must not be glossed over. Instead
|
|
errors must be addressed thoroughly.
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
In this sense, the responsible administrations, BBK and BMI, have a lot of work
|
|
ahead. But it is doable, both from the practical and financial
|
|
perspectives.
|
|
</p>
|
|
|
|
</body>
|
|
|
|
<tags>
|
|
<tag key="front-page"/>
|
|
<tag key="de">Germany</tag>
|
|
<tag key="fya">Android</tag>
|
|
<tag key="pmpc">Public Code</tag>
|
|
</tags>
|
|
|
|
|
|
<discussion href="https://community.fsfe.org/t/538"/>
|
|
<image url="https://pics.fsfe.org/uploads/medium/7a0203c58e6e11e841072693a1a91eeb.jpg"/>
|
|
|
|
</html>
|