CoR&Onavirus Tracing

CoR&Onavirus Tracing

Developing Privacy-Protective Technologies


Contact tracing has been an important tool in fighting the spread of infectious disease. In the past, such tracing was a labor-intensive process of personal interviews and no small amount of intrusion about the infected persons and exposed persons with whom they interacted. With the ubiquity and technical capability of modern devices, a technological approach has begun that will accelerate tracing and which is privacy-sensitive.

In an April 20, 2020 publication, Johannes Abeler, et al. discuss the importance of developing such privacy-protective contact tracing as an essential tool for public health officials and local communities to fight the spread of novel diseases such as COVID-19 using digital apps. "Scientists have … [an] approach to keeping the epidemic in check: app-based contact tracing. Several apps are currently in development (e.g., in the United Kingdom, by a pan-European initiative, and in a joint Google and Apple venture, or have already been launched (e.g., in Singapore)."  

As with all health care information in the U.S., the data collected in such apps is subject to the Health Information Privacy Protection Act (HIPPA). CDC has prepared preliminary criteria for the evaluation of digital contact tracing tools for COVID-19. They include key concepts such as the need to trace and monitor contacts of infected people and notify them of their exposure; using data to support the quarantine of contacts and help ensure the safe, sustainable and effective quarantine of contacts to prevent additional transmission; expand staffing resources--contact tracing in the U.S. will require the establishment of large cadres of contact tracers; and the use of digital tools to expand reach and efficacy of contact tracers.

CDC also says digital contact tracing tools vary in purpose, features, and complexity, but they can add value to traditional contact tracing efforts by conducting a landscape analysis and evaluation of existing contact tracing tools; generating preliminary recommendations for tracing in areas with limited introduction of COVID-19; and coordinating with public health agencies, healthcare organizations, academic institutions, non-profit organizations, and private companies to maximize contact tracing effectiveness. Digital tools can also improve data management; reduce the burden on public health staff by allowing electronic self-reporting; use location data to identify community contacts unknown to the case to look at possible exposure. Various public health entities may have different contact tracing challenges, making a one-size-fits-all solution unlikely.

Research efforts are underway at several universities to develop tracing tools. A not-for-profit volunteer group, TestAndTrace.com, compiles data to inform the public, health leaders, and government leaders on the value of testing and tracing and how to implement it. Google and Apple announced a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design.

Cornell researchers report on several approaches, including the Singaporean government's mobile phone app, TraceTogether, that is designed to assist health officials in tracking down exposures after an infected individual is identified. The TraceTogether app uses short-distance Bluetooth signaling between devices to detect users in close proximity. The data are then stored on the individual user's device and sent to the ministry of health to supplement contact tracing efforts. This app does not collect any location data, either from the individual or where the contact happened, and the data are not automatically sent to the government. The data will be released only with the consent of the user in the event that the user is infected. After a period of 21 days, all data collected are automatically deleted.

A similar volunteer group is CoEpi: Community Epidemiology in Action, a Bluetooth-based contact tracing application that includes self-reported symptom sharing to support exposure notification before confirmation of test results.  

A third volunteer approach comes from TestAndTrace.com, an all-volunteer organization that compiles data and resources to inform the public, health leaders, and government leaders on why testing and tracing are essential and how they can implement it. TestAndTrace is best known for compiling data about state-level contact tracing programs to show which states are best prepared to contained COVID-19.

COVID-19 Watch from Stanford University uses Bluetooth signaling to detect other users in the area. It would alert users anonymously if they were in contact with someone who was confirmed to be infected with COVID-19. The data are collected voluntarily and are anonymized in a 3-pronged approach: First, contact tracing with an automated alert of contacts based on short-range Bluetooth signaling; second, heat maps based on anonymized GPS data on locations of higher concentrations of cases to identify high-risk areas for transmission; and third, generation of risk reduction strategies for health practitioners based on the data.

The Massachusetts Institute of Technology has developed Private Kit: Safe Paths, which can be used by both individuals and health authorities to enhance contact tracing. The app can be integrated with Safe Places, which collects time-stamped location data using Private Kit: Safe Paths data, Google locator history, and individual interviews conducted by health departments. 
All data are stored locally on the user's device and encrypted for individual users. A GPS trail can be released with the user's consent in the event of a confirmed case. The app will enable notification of users who have crossed paths with a confirmed case.

The application does use GPS location data, which is encrypted to protect an individual's identity and is released only if the user who is a confirmed case chooses to share the data with health officials.

This system is described in a paper that also outlines the consortium that has pulled together to provide the privacy-preserving technology methods employed. PACT: Private Automated Contact Tracing is a collaboration among cryptographers, physicians, privacy experts, scientists, and engineers led by the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL), MIT Internet Policy Research Initiative, Massachusetts General Hospital Center for Global Health and MIT Lincoln Laboratory. It includes close collaborators from Boston University, Brown University, Carnegie Mellon University, the MIT Media Lab, the Weizmann Institute, and a number of public and private research and development centers. They aim to enhance contact tracing in pandemic response by designing exposure detection functions in personal digital communication devices that have maximal public health utility while preserving privacy. As of mid-May 2020, PACT has four major lines of effort underway: proximity detection efficacy, privacy, integration, and public health efficacy. They are currently building prototypes. 

On April 10, 2020, Google and Apple announced a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of COVID-19 through contact tracing, with user privacy and security core to the design. They note that software developers are contributing by crafting technical tools to help combat the virus and save lives and intend to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design.

As part of this partnership, Google and Apple are releasing draft documentation for an Exposure Notification system in service of privacy-preserving contact tracing. This framework defines two user roles, affected user, and potentially exposed user. When a user has a confirmed or potential exposure to COVID-19, the framework identifies them as affected and shares their diagnosis keys to alert other users to potential exposure. To assign a user the potentially exposed role, the framework is used to determine whether a set of temporary exposure keys indicate proximity to an affected user. If so, the app can retrieve additional information such as date and duration from the framework.

Their protocol maintains privacy by the following means: does not use location for proximity detection--it strictly uses Bluetooth beaconing to detect proximity. A user's Rolling Proximity Identifier (described below) changes on average every 15 minutes and needs the Temporary Exposure Key to be correlated to a contact. This behavior reduces the risk of privacy loss from broadcasting the identifiers. Proximity identifiers obtained from other devices are processed exclusively on the device. Users decide whether to contribute to exposure notification. If diagnosed with COVID-19, users must provide their consent to share Diagnosis Keys with the server. Users have transparency in their participation in exposure notification.

To strengthen privacy, they created a Cryptography specification. This protocol leverages a new concept of Bluetooth pseudorandom identifiers, referred to as Rolling Proximity Identifiers. Each Rolling Proximity Identifier is derived from a Rolling Proximity Identifier Key, which is, in turn, derived from a Temporary Exposure Key and a discretized representation of time. The Rolling Proximity Identifier changes at the same frequency as the Bluetooth randomized address, to prevent linkability and wireless tracking. Nonuser identifying Associated Encrypted Metadata is associated with Rolling Proximity Identifiers. The broadcast metadata from a user can only be decrypted later when the user tests positive.

These initiatives aim to forestall a second wave of coronavirus outbreaks or to at least narrow the range of infection. As people become impatient with quarantine and begin reopening and contact, the need for these tools is both important and urgent.

 

Submitted by Anonymous on