No Arabic abstract
The 2019 Coronavirus disease (COVID-19) pandemic, caused by a quick dissemination of the Severe Acute Respiratory Syndrome Coronavirus 2 (SARS-CoV-2), has had a deep impact worldwide, both in terms of the loss of human life and the economic and social disruption. The use of digital technologies has been seen as an important effort to combat the pandemic and one of such technologies is contact tracing applications. These applications were successfully employed to face other infectious diseases, thus they have been used during the current pandemic. However, the use of contact tracing poses several privacy concerns since it is necessary to store and process data which can lead to the user/device identification as well as location and behavior tracking. These concerns are even more relevant when considering nationwide implementations since they can lead to mass surveillance by authoritarian governments. Despite the restrictions imposed by data protection laws from several countries, there are still doubts on the preservation of the privacy of the users. In this article, we analyze the privacy features in national contact tracing COVID-19 applications considering their intrinsic characteristics. As a case study, we discuss in more depth the Brazilian COVID-19 application Coronavirus-SUS, since Brazil is one of the most impacted countries by the current pandemic. Finally, as we believe contact tracing will continue to be employed as part of the strategy for the current and potential future pandemics, we present key research challenges.
There is growing interest in technology-enabled contact tracing, the process of identifying potentially infected COVID-19 patients by notifying all recent contacts of an infected person. Governments, technology companies, and research groups alike recognize the potential for smartphones, IoT devices, and wearable technology to automatically track close contacts and identify prior contacts in the event of an individuals positive test. However, there is currently significant public discussion about the tensions between effective technology-based contact tracing and the privacy of individuals. To inform this discussion, we present the results of a sequence of online surveys focused on contact tracing and privacy, each with 100 participants. Our first surveys were on April 1 and 3, and we report primarily on those first two surveys, though we present initial findings from later survey dates as well. Our results present the diversity of public opinion and can inform the public discussion on whether and how to leverage technology to reduce the spread of COVID-19. We are continuing to conduct longitudinal measurements, and will update this report over time; citations to this version of the report should reference Report Version 1.0, May 8, 2020. NOTE: As of December 4, 2020, this report has been superseded by Report Version 2.0, found at arXiv:2012.01553. Please read and cite Report Version 2.0 instead.
In this paper, we propose a new privacy-preserving, automated contact tracing system, ACOUSTIC-TURF, to fight COVID-19 using acoustic signals sent from ubiquitous mobile devices. At a high level, ACOUSTIC-TURF adaptively broadcasts inaudible ultrasonic signals with randomly generated IDs in the vicinity. Simultaneously, the system receives other ultrasonic signals sent from nearby (e.g., 6 feet) users. In such a system, individual user IDs are not disclosed to others and the system can accurately detect encounters in physical proximity with 6-foot granularity. We have implemented a prototype of ACOUSTIC-TURF on Android and evaluated its performance in terms of acoustic-signal-based encounter detection accuracy and power consumption at different ranges and under various occlusion scenarios. Experimental results show that ACOUSTIC-TURF can detect multiple contacts within a 6-foot range for mobile phones placed in pockets and outside pockets. Furthermore, our acoustic-signal-based system achieves greater precision than wireless-signal-based approaches when contact tracing is performed through walls. ACOUSTIC-TURF correctly determines that people on opposite sides of a wall are not in contact with one another, whereas the Bluetooth-based approaches detect nonexistent contacts among them.
Coronavirus disease 2019, i.e. COVID-19 has imposed the public health measure of keeping social distancing for preventing mass transmission of COVID-19. For monitoring the social distancing and keeping the trace of transmission, we are obligated to develop various types of digital surveillance systems, which include contact tracing systems and drone-based monitoring systems. Due to the inconvenience of manual labor, traditional contact tracing systems are gradually replaced by the efficient automated contact tracing applications that are developed for smartphones. However, the commencement of automated contact tracing applications introduces the inevitable privacy and security challenges. Nevertheless, unawareness and/or lack of smartphone usage among mass people lead to drone-based monitoring systems. These systems also invite unwelcomed privacy and security challenges. This paper discusses the recently designed and developed digital surveillance system applications with their protocols deployed in several countries around the world. Their privacy and security challenges are discussed as well as analyzed from the viewpoint of privacy acts. Several recommendations are suggested separately for automated contact tracing systems and drone-based monitoring systems, which could further be explored and implemented afterwards to prevent any possible privacy violation and protect an unsuspecting person from any potential cyber attack.
The current COVID-19 pandemic highlights the utility of contact tracing, when combined with case isolation and social distancing, as an important tool for mitigating the spread of a disease [1]. Contact tracing provides a mechanism of identifying individuals with a high likelihood of previous exposure to a contagious disease, allowing additional precautions to be put in place to prevent continued transmission. Here we consider a cryptographic approach to contact tracing based on secure two-party computation (2PC). We begin by considering the problem of comparing a set of location histories held by two parties to determine whether they have come within some threshold distance while at the same time maintaining the privacy of the location histories. We propose a solution to this problem using pre-shared keys, adapted from an equality testing protocol due to Ishai et al [2]. We discuss how this protocol can be used to maintain privacy within practical contact tracing scenarios, including both app-based approaches and approaches which leverage location history held by telecoms and internet service providers. We examine the efficiency of this approach and show that existing infrastructure is sufficient to support anonymised contact tracing at a national level.
During a pandemic, contact tracing is an essential tool to drive down the infection rate within a population. To accelerate the laborious manual contact tracing process, digital contact tracing (DCT) tools can track contact events transparently and privately by using the sensing and signaling capabilities of the ubiquitous cell phone. However, an effective DCT must not only preserve user privacy but also augment the existing manual contact tracing process. Indeed, not every member of a population may own a cell phone or have a DCT app installed and enabled. We present KHOVID to fulfill the combined goal of manual contact-tracing interoperability and DCT user privacy. At KHOVIDs core is a privacy-friendly mechanism to encode user trajectories using geolocation data. Manual contact tracing data can be integrated through the same geolocation format. The accuracy of the geolocation data from DCT is improved using Bluetooth proximity detection, and we propose a novel method to encode Bluetooth ephemeral IDs. This contribution describes the detailed design of KHOVID; presents a prototype implementation including an app and server software; and presents a validation based on simulation and field experiments. We also compare the strengths of KHOVID with other, earlier proposals of DCT.