[guardian-dev] Privacy-preserving contact tracing

Nathan of Guardian nathan at guardianproject.info
Thu Mar 19 11:26:42 EDT 2020


With the previous news from China of their authoritarian surveillance
system being repurposed for epidemiological uses, and the US governments
interest in the same, I have been mulling what other approaches could be
taken. Those of us who care about and work in privacy-enhancing technology
do not want this pandemic to become yet another moment for an acceleration
of rights erosion on this front. Simultaneously, I understand that contact
tracing of a contagious person is key to fighting any outbreak. Also, that
being able to gain general insights into movement and distance between
citizens in a country can also be very helpful.

To cut to the chase, I have some ideas, and I am hoping to find out who out
there may be advocating for or working on this problem. We need to provide
alternatives to the most obvious, least private solutions, and quick.

To summarize my concept, Jonnie Penn and I have been working on a project
(Spotlight![0]) aimed at allowing unionized workers to gather data about
their work days, which includes very detailed geospatial data, movement
history and more. In my testing, I can see my movement through the shopping
isles at Trader Joe's, the hallways in my kids' school, and how long I
spend in my kitchen vs my home office in a typical day. All of this data is
securely stored on the user's device, until they choose to share it with an
advocate. I believe the approach we are taking to provide insights into a
worker's day could be helpful for public health applications, as well.

My concept is that through use of technology like Bloom Filters[0] or
Google's Private Join and Compute[1], a user could compare their own
time+place data (essentially a set of hashes) to publicly released data of
positive / contagious cases. You could both check for exact co-presence, as
well as a before/after time range. If there was a match, then they alone
would decide what to do. Ideally any system would tell them to self-isolate
at the list, provide local testing options, and also ask them to share
their anonymized data set of time+place hashes, to be added into the
centrally stored aggregated mix of potential contract time+place hashes.

I know there are researchers at BU working on civic applications for
multi-party computation[3], and plan to reach out to them. Who else should
I be talking to? Are Google, Apple, Facebook and others already thinking
along these lines? They surely have the motherload of location data at this
resolution, but again, as we have seen in previous cases with national
security and law enforcement, these are tricky boxes to close once they are
opened.

Thanks for any thoughts, contacts or feedback.

Take care, stay soapy,
Nathan

p.s. Shout-out to all of you home schooling parents out there. I mean I
have had in-office interns and research assistants before, but usually they
are a bit more qualified! :)

[0] https://spotlightproject.gitlab.io/

[1] https://llimllib.github.io/bloomfilter-tutorial/

[2]
https://security.googleblog.com/2019/06/helping-organizations-do-more-without-collecting-more-data.html

[3] https://multiparty.org/



More information about the guardian-dev mailing list