Privacy Preserving Disease Tracking
Research into contact tracing privacy
In case of a pandemic, it makes sense to share data to track the spread of a virus like SARS-CoV2. However, that very same data when gathered in a crude way is potentially very invasive to privacy - and in politically less reliable environments can be used to map out the social graph of individuals and severely threaten civil rights, free press. Unless the whole process is transparent, people might not be easily convinced to collaborate.
The PPDT project is trying to build a privacy preserving contact tracing mechanism that allows to notify users if they have come in contact with potentially infected people. This should happen in a way that is as privacy preserving as possible. We want to have the following properties: the users should be able to learn if they got in touch with infected parties, ideally only that - unless they opt in to share more information. The organisations operating servers should not learn anything besides who is infected, ideally not even that. The project builds a portable library that can be used across different mobile platforms, and a server component to aggregate data and send this back to the participants.
- The project's own website: https://github.com/degregat/ppdt
Why does this actually matter to end users?
The saying goes 'desperate times call for desperate measures', but when you really think about it that is not really the case. It makes much more sense to keep ones head cool, and start taking serious coordinated action with a longer term perspective. Both the SARS-CoV2 pandemic (aka COVID-19 or the Corona virus) and the measures to slow down the spread of the virus have a major impact on society. Unfortunately, a significant number of people has already lost their lives, and the healthcare sector is in parts of the world overheating.
In fighting a disease like this, oversight is everything. The most drastic of measures - like an area lockdown - are extremely expensive and invasive. And not a lot is known about the actual propagation of the virus in the real world. When is it safe to let people shop? Or go to school?
As a citizen, you might be on the one hand inclined to help out - as the virus can pop up anywhere next. These days there is quite some technology that could be put to good use: the smartphones we carry around are amazingly capable devices, and they pack many features such as sensors and antennas. By levering those, we can gather many valuable insights.
Helping to gather this kind of data is probably something good for yourself, others and society at large. In Asia, where the current pandemic started, there have been good experiences with mobile apps that let citizens create a collective measuring system. But before we rush into installing these apps: that data can also be quite sensitive in terms of privacy, and in some parts of the world you might have to fear more for your work as a journalist, whistleblower or activist than for this virus. And of course, cybercriminals as well as state actors currently have a perfect pretext for manipulating people into doing things they will very much regret later - whether using the "desperate times" mantra or not. Fear is not the best counsel, and no doubt some of these malicious actors will have success.
Again, lets keep our head cool and lets get technology in place to help move things forward while at the same time keeping us out of the clutches. The PPDT project set out to design a privacy preserving contact tracing mechanism for mobile apps for disease tracking. This would allow to notify users if they have come in contact with potentially infected people, but would not leak other data such as who was where and met whom. It was meant for citizens first, while science and policy stand to benefit from the additional adoption that a carefully vetted, fully transparent and thus trustworthy open source solution brings.
Note that after it became clear that there were a number of contact tracing apps in development the project steered towards consolidation of its efforts with others in the Temporary Contact Numbers Coalition:
https://github.com/TCNCoalition/TCN
This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322.