194 lines
7.1 KiB
HTML
194 lines
7.1 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
||
<html newsdate="2020-11-12">
|
||
<version>2</version>
|
||
|
||
<head>
|
||
<title>How (not) to set up a public warning system</title>
|
||
</head>
|
||
|
||
<body>
|
||
|
||
<h1>How (not) to set up a public warning system</h1>
|
||
|
||
<p>
|
||
What is the best way to alert people about catastrophes? Germany went
|
||
with proprietary apps which caused the recent warning day ("Warntag")
|
||
to become an official failure. We analysed the situation and found
|
||
more robust solutions that respect user rights.
|
||
</p>
|
||
|
||
<p>
|
||
The basic idea of testing emergency systems is to find potential or
|
||
real problems. However, it is remarkable how much went wrong in
|
||
Germany's official warning day in September. Especially the <a
|
||
href="https://www.dw.com/en/germanys-nationwide-emergency-warning-day-sees-bumpy-rollout/a-54877137">unreliability</a>
|
||
of the officially advertised non-free and non-standard apps forced
|
||
the Federal Ministry of the Interior (BMI), that is in charge of the
|
||
responsible Federal Office of Civil Protection and Disaster
|
||
Assistance (BBK), to label the test day as a failure.
|
||
</p>
|
||
|
||
<p>
|
||
The FSFE analysed the findings together with experts in civil
|
||
protection and mobile networking to figure out why the apps failed,
|
||
and what a more resilient and open system can look like.
|
||
</p>
|
||
|
||
<figure>
|
||
<img
|
||
src="https://pics.fsfe.org/uploads/medium/8a77a3fbd5eb790cf94b2f115f6f94f3.jpg"
|
||
alt="A red emergency phone" />
|
||
</figure>
|
||
|
||
<h2>Digital Warning Systems in Germany</h2>
|
||
|
||
<p>
|
||
There are three popular publicly financed apps that can carry
|
||
official emergency alerts to their users: Katwarn, Nina, and Biwapp.
|
||
All three are proprietary, so non-free
|
||
software that does not allow their users to use, study, share, and
|
||
improve the software. Moreover, they rely on fetching emergency alerts
|
||
from the central <em>MoWaS</em> ("modular warning system"), and forwarding
|
||
these to the app users using their phones' WiFi or mobile internet
|
||
connection.
|
||
</p>
|
||
|
||
<p>
|
||
An overload of this central system was the main reason why many
|
||
alerts did not reach the app users in time or at all. This did not
|
||
come as a surprise, though. In a scenario where millions of devices
|
||
are reached at the same time from a central instance with
|
||
one-to-one (<em>unicast</em>) connections, network bottlenecks are
|
||
almost inevitable.
|
||
</p>
|
||
|
||
<p>
|
||
The underlying problem, however, is unnecessary complexity and duplicated
|
||
structures. Instead of investing large amounts of public money into
|
||
centralised systems and three proprietary apps, other states run a
|
||
more resilient and well-tested infrastructure for distributing
|
||
emergency messages: SMSCB, more commonly called <em>cell
|
||
broadcasts</em>, to provide one-to-many messages.
|
||
</p>
|
||
|
||
<h2>Cell Broadcasts</h2>
|
||
|
||
<p>
|
||
Standardised around 1990, cell broadcasts are an established method to
|
||
send messages to all mobile network users, either in a whole country
|
||
or limited to specific areas, in no more than a few seconds. Phones do
|
||
not have to be registered in a specific network to receive these
|
||
messages, and alerts with the highest priority will ring an
|
||
alarm even if the phone is muted. And unlike SMS and mobile internet, cell
|
||
broadcasts have a reserved channel that works even if phone cells are
|
||
overloaded with users and messages.
|
||
</p>
|
||
|
||
<p>
|
||
Furthermore, cell broadcasts can be received by every phone, no
|
||
matter whether emergency apps, an up-to-date operating system, or
|
||
proprietary Google/Apple services are installed. Because the
|
||
communication is one-to-many, there are no privacy concerns either.
|
||
These clear benefits made the European Union decide to base the <a
|
||
href="https://en.wikipedia.org/wiki/EU-Alert">EU-Alert</a> system on
|
||
cell broadcasts. As a directive, this has to be implemented by all EU
|
||
member states before June 2022, unless a state can provide a service
|
||
with a similarily reliable performance – which is a very high
|
||
threshold.
|
||
</p>
|
||
|
||
<p>
|
||
Regardless of these advantages, Germany chose to not base its
|
||
emergency alert system on the SMSBC standard, unlike other countries
|
||
such as the Netherlands, Greece, Romania, Italy, or the USA. Because
|
||
there is no official obligation to do so, most mobile network
|
||
providers deactivated this feature to save costs. Instead, much
|
||
higher costs are incurred by the taxpayers to finance an isolated
|
||
system and accompanying proprietary apps.
|
||
</p>
|
||
|
||
<figure>
|
||
<img
|
||
src="https://pics.fsfe.org/uploads/big/f790c7602451468f95091e50dc7988d1.jpg"
|
||
alt="EU-Alert/NL-Alert Cell Broadcast message" />
|
||
<figcaption>EU-Alert/NL-Alert Cell Broadcast message in 2018.
|
||
CC-BY-SA-4.0 by WarningMessageDelivery</figcaption>
|
||
</figure>
|
||
|
||
<h2>Warning Apps</h2>
|
||
|
||
<p>
|
||
Despite the clear advantages of cell broadcasts, warning apps have
|
||
their justification. Users can request various information about
|
||
other regions and past events. However, basing a
|
||
large part of the emergency communication system on warning apps has proven to be
|
||
too prone to single points of failure.
|
||
</p>
|
||
|
||
<p>
|
||
Furthermore, because of the critical role of emergency communication systems for the public, they have
|
||
to be <a href="/freesoftware/">Free Software</a>, and built upon <a
|
||
href="/freesoftware/standards/">Open Standards</a>. Only with the
|
||
freedoms to use, study, share, and improve software, can they be
|
||
analysed by citizens and independent security researchers. This in
|
||
turn increases trust and willingness to install a complementary
|
||
warning app, as the practical experience with the Corona tracing apps
|
||
shows.
|
||
</p>
|
||
|
||
<h2>Conclusion</h2>
|
||
|
||
<p>
|
||
Our analysis concludes with three key findings that not only the
|
||
responsible administrations but also other actors should keep in
|
||
mind.
|
||
</p>
|
||
|
||
<ul>
|
||
<li>
|
||
The foundation of emergency communication from authorities
|
||
should be a standardised, resilient system that
|
||
is capable of sending millions of messages to as many devices as
|
||
possible, regardless of their operating system or installed
|
||
software. Currently, SMSBC, or cell broadcasts, seem to be the best
|
||
possible implementation that works well in numerous states.
|
||
Therefore, we appreciate that the EU chose to base EU-Alert on cell
|
||
broadcasts.
|
||
</li>
|
||
|
||
<li>
|
||
Warning apps can be a useful complement. Especially for publicly
|
||
funded apps, it is crucial to develop and release the software under a
|
||
Free Software license, following the principle of <a
|
||
href="https://publiccode.eu">Public Money? Public Code!</a>.
|
||
</li>
|
||
|
||
<li>
|
||
Testing warning systems is important, and the planned regular warning days
|
||
should be maintained in the future. It is normal that errors occur
|
||
during these tests, but they must not be glossed over. Instead
|
||
errors must be addressed thoroughly.
|
||
</li>
|
||
</ul>
|
||
|
||
<p>
|
||
In this sense, the responsible administrations, BBK and BMI, have a lot of work
|
||
ahead. But it is doable, both from the practical and financial
|
||
perspectives.
|
||
</p>
|
||
|
||
</body>
|
||
|
||
<tags>
|
||
<tag key="front-page"/>
|
||
<tag key="de">Germany</tag>
|
||
<tag key="fya">Android</tag>
|
||
<tag key="pmpc">Public Code</tag>
|
||
</tags>
|
||
|
||
|
||
<discussion href="https://community.fsfe.org/t/538"/>
|
||
<image url="https://pics.fsfe.org/uploads/medium/7a0203c58e6e11e841072693a1a91eeb.jpg"/>
|
||
|
||
</html>
|