Before the Covid-19 pandemic any system that used smartphones to track places and contacts sounded like a dystopian surveillance nightmare. Now it sounds like a dystopian surveillance nightmare that could save millions of lives and save the world economy. The paradoxical challenge: to set up this huge tracking system without it becoming a full-fledged panopticon.
Since Covid-19 first appeared, governments and technology companies have proposed – and in some cases implemented – systems that use smartphone data to track where people go and who they interact with. These so-called contact tracking apps help public health officials drive the spread of Covid-1
The disadvantage is the inherent loss of privacy. In the event of abuse, raw location data could reveal confidential information about everything from political disagreements to sources from journalists to extramarital affairs. When these systems were introduced, teams of cryptographers tried to do the seemingly impossible: Activate contact tracking systems without mass surveillance and create apps that notify potentially exposed users without giving location data to the government. In some cases, they try to keep even an infected person's test results secret, while still warning anyone who may have entered their physical orbit.
"This is possible," says Yun William Yu, a professor of mathematics at the University of Toronto, who worked with a group to develop a contact tracking app for the Canadian government. "You can develop an app that serves both to track contacts and protect user privacy." Richard Janda, a privacy law professor at McGill University working on the same contact tracking project, hopes to "flatten" the curve of authoritarianism and infections. "We are trying to ensure that the launch takes place with consent and privacy protection and that we do not regret that we have released all information to the public after we hope the virus has been transmitted to authorities we should not have given . "
WIRED spoke to researchers on three of the leading projects that offer designs for privacy-protecting contact tracking apps – all of which work together to varying degrees. Here are some of their approaches to the problem.
Bluetooth Contact Tracking
The best way to protect geolocation data from misuse is, according to Stanford computer scientist Cristina White, not to collect it first. Instead, Covid-Watch, the project led by White, anonymously tracks contacts between people based on the Bluetooth signals from their phones. It never has to record location data or link this Bluetooth communication to a person's identity.
Covid-Watch uses Bluetooth as a kind of proximity detector. The app constantly sends Bluetooth signals to nearby phones and searches for others where the app may run within two meters or six and a half feet. If two phones spend 15 minutes within range of each other, the app assumes that they had a "contact event". They each generate a unique random number for this event, record the numbers and transfer them among themselves.
If a Covid-Watch user later believes he is infected with Covid-19, he can ask his doctor for a unique confirmation code. (Covid-Watch would only distribute these confirmation codes to caregivers to prevent spammers or incorrect self-diagnosis from flooding the system with false positives.) When this confirmation code is entered, the app uploads all contact event numbers from this phone to a server. The server then sends these contact event numbers to each phone in the system, where the app checks whether one of the codes matches its own log of contact events from the past two weeks. If any of the numbers match, the app notifies the user that they have contacted an infected person and displays instructions or a video for testing or self-quarantine.
"The identity of people is not linked to contact events," says Weiß. "What the app uploads instead of identifying information is just that random number that the two phones could track down later, but no one else because it's stored locally on their phones."
Redacted Location Tracing
However, Bluetooth tracing has limitations. Apple blocks use for apps that run in the background of iOS. This is data protection, designed to prevent the kind of tracking that is now so necessary. The novel corona virus that causes Covid-19 can also remain on some surfaces for a long time, which means that infection can occur without telephones being able to communicate. This means that GPS location tracking is likely to also play a role in contact tracking apps, as all privacy risks are associated with sharing a map of your movements.
An MIT project called Private Kit: Safe Paths, which says that this is the case, is already in discussions with the WHO to find a way to use GPS while minimizing surveillance. The MIT app is introduced in iterations, starting with a simple prototype that allows users to log their locations and pass them on to healthcare providers when they are diagnosed with Covid-19. In the current version, users are asked to tell healthcare providers which sensitive locations, such as at home or at work, to edit instead of being able to do so themselves. However, the next iteration of the app will offer the ability to "tile" all the recorded locations of all users diagnosed as Covid-19 positive by "a few square miles" and then "hash" each location and time data item cryptographically. This hashing process uses a one-way function to convert each location and timestamp in a user's history to a unique number – a process that is irreversible so that hashes cannot be used to retrieve the location and time information. And only these hashes, sorted according to the "tiles" of areas of several square miles in which they fall, are stored on a server.
To check whether a healthy user has done so. With crossed paths with an infected path, a user with secure paths selects "tiles" on a map on which he has traveled. The app then downloads all hashes of the time-stamped locations of infected users in these tiles. It then performs the same hashing function for all timestamped locations in its own history, compares those hashes with the downloaded ones, and notifies them when a hash is found to match one of the downloaded ones. This match means that they were in the same place at about the same time as someone who is Covid-19 positive.