Cwa-documentation: Describe exact weights chosen in risk calculation, reasoning behind and threshold for "High risk" definition

For further information please also refer to https://github.com/corona-warn-app/cwa-documentation/blob/master/cwa-risk-assessment.md and https://github.com/corona-warn-app/cwa-documentation/blob/master/transmission_risk.pdf.

Hi @BenzlerJ, the documents you linked are too general and I was aware of them already, they don't explain the actual values chosen - and the motivation behind.

Is there nothing more motivating the exact parameters? These parameters are extremely important for the app's functionality and should thus be well documented.

Dear @corneliusroemer, I can't see how transmission_risk.pdf can be considered too general. What is missing there in your view? Re cwa-risk-assessment.md, I understand your interest in reading the exact parameter settings. You find these in https://github.com/corona-warn-app/cwa-server/blob/eb8be6c3e9c723c62c619784e41889d10054cc93/services/distribution/src/main/resources/master-config.

@BenzlerJ Thanks for trying to explain. I'll try to make my question clearer.

Why were the values chosen that are listed in the file? Can we find the reasoning anywhere? https://github.com/corona-warn-app/cwa-server/blob/eb8be6c3e9c723c62c619784e41889d10054cc93/services/distribution/src/main/resources/master-config/exposure-config.yaml

In particular, I'm surprised, that the category risk parameters are often chosen to be binary: 0 and 1, and not continuous 0, 1, 2, 3, 4 etc? Is there no risk with <10min but full risk if >10min? This is totally arbitrary and I don't understand why this particular value was chosen.

What are the app defined transmission parameters? They seem to be calculated somewhere else, where?

Does the exposure api know that it was the same person even if the keys change (rotate every 20min)? This is necessary, to be able to be able to hit the category >20min.

Does the api know that it was the same person across days? So what is the fundamental base risk event? One key, one app day or one app across multiple days?

@corneliusroemer: The thresholds used in the app are basically a replication of the thresholds of "conventional" COVID-19 contact person identification by public health authorities (2 m,15 min) and of established distancing recommendations (1.5 m).

In particular, I'm surprised, that the category risk parameters are often chosen to be binary: 0 and 1, and not continuous 0, 1, 2, 3, 4 etc? Is there no risk with <10min but full risk if >10min? This is totally arbitrary and I don't understand why this particular value was chosen.

This is an initial filter excluding irrelevant encounters (as explained in the documentation; same for attenuation/distance).

What are the app defined transmission parameters? They seem to be calculated somewhere else, where?

They are provided by the app of the person that tested positive and uploads his/her diagnosis keys (as explained in the documentation).

Does the exposure api know that it was the same person even if the keys change (rotate every 20min)? This is necessary, to be able to be able to hit the category >20min.

Yes.

Does the api know that it was the same person across days?

No.

So what is the fundamental base risk event? One key, one app day or one app across multiple days?

There are two (as explained in the documentation): Cumulative summary of all exposures, and the "one key, one app day" with the highest transmission risk.

Please excuse me for not answering further questions today. I'm busy working since early morning and off for some spare time and rest now.

This is somewhat of a duplicate to #229.

Dear colleagues,

as the answers were given by @BenzlerJ and we just updated the documentation with the current configuration (see #307), we will close this issue.

Mit freundlichen Grüßen/Best regards,
SW
Corona Warn-App Open Source Team

Since this issue has been closed without all the questions being addressed in the referenced document, I have consolidated all that remain, to the best of my ability, in #336.

Epidemiological justification for using binary thresholds remains totally unclear. If you say "it's in the documentation" please be so kind to link to it.

As a first approximation, infection risk should be roughly proportional to viral load. As a result, minimum times make no sense - one off exposures could be assigned very low risk (due to chance of it being only a 10s encounter) - but not 0. Along the same line of reasoning, distance shouldn't be 0/1 but continuous - we all know aerosols matter, e.g. choir/church etc. For something this important there needs to be proper justification, even if it is back of the envelope. But it should be documented and reasoned. Not just buried in a file.

Transmission risk is the only parameter that has been properly justified, for my feeling this was completely overdone comparing how badly motivated the other parameters were justified and documented. Time should be evenly allocated not 90% in one area and 10% in another equally important one. It's hard to understand that there's a 23 page pdf motivating transmission risk choices in minute detail but nothing on attenuation, timing.