Safe Paths: MIT Coronavirus Contact-Tracing App Protects User Privacy
As the Coronavirus crisis continues to develop both at home and in far-flung corners of the world, it’s becoming clear that effectively containing the outbreak requires not only widespread testing of large swaths of a population, but also some way to identify and track individuals who have come in contact with those who are infected with the virus. The practice of contact tracing has been around for decades and aims to interrupt the transmission and spread of an infectious disease, and has proven relatively effective in limiting the rate of COVID-19 transmission in countries like South Korea and China, which have implemented digital contact tracing platforms for tackling this monumental task.
While digital contact tracing apps are a less tedious alternative to the manual methods of yore, they do present a potential threat to citizens’ privacy. That’s because they work by collecting users’ data about where they go, how long they stay, and with whom they interact — data which can be shared with governmental organizations — and could therefore be seen as a form of massive surveillance. In addition, in digital contact tracing systems where information about an diagnosed carrier or affected business might be broadcast the larger network of their contacts, stigma or public backlash may be the result of such alerts — not to mention the unnerving possibility of fraud or having sensitive personal information stolen.
But what if there was some way to preserve user privacy, and protect public health at the same time? A multidisciplinary group of experts led by MIT have recently launched an open source, privacy-oriented app that addresses these concerns by sharing users’ encrypted location data between devices in a decentralized way.
According to the team’s whitepaper, the Private Kit: Safe Paths app runs on a “pull” model, where users can retrieve data about identified carriers so that they can “self-determine” whether they have been exposed to COVID-19 or not, and then take whatever necessary steps to consult with a healthcare professional and to self-quarantine.
“With an application that allows for users to understand potential exposure to an infected individual, and appropriate action of the exposed individuals, it may be possible to reduce the contact rate by more rapidly identifying cases/exposures which will remove them from the contact chain,” wrote the team.
Using GPS and Bluetooth technology, the app logs users’ location data every five minutes, so that if a user tests positive, the app can also permit health authorities to quickly back-trace other potential cases utilizing that location trail — but only when the user provides consent. Even then, the data remains on the phone only for a set period of time before it is deleted, and is encrypted so that other users cannot identify carriers.
“Ending the need for third party involvement would represent an immense step forward in privacy protection for diagnosed carriers,” the team explained. “Access and usage of the data by an entity, mostly governments, should be limited and highly regulated. We believe no one should be obligated to share their personal information. Time limited storage of location trails further protects the privacy of diagnosed carriers.”
In addition, by adding an element of transparency to the app, the team hopes to encourage extensive adoption, which has been an ongoing issue in democratic countries: “[Using] an open-source approach to create an app fosters trust in the app’s privacy protection capabilities, as independent experts and media can access and evaluate the source code.”
The app is now available for both iOS and Android, though the team continues to make improvements and is currently working on how to best deploy the app in 15 American municipalities, as well as with other governmental organizations in over 20 other countries.
Read more over at Private Kit: Safe Paths.
Feature image by Gino Crescoli from Pixabay, other images: MIT