Privacy Guidelines for Contact Tracing Applications

Contact tracing is a very powerful method to implement and enforce social distancing to avoid spreading of infectious diseases. The traditional approach of contact tracing is time consuming, manpower intensive, dangerous and prone to error due to fatigue or lack of skill. Due to this there is an emergence of mobile based applications for contact tracing. These applications primarily utilize a combination of GPS based absolute location and Bluetooth based relative location remitted from user's smartphone to infer various insights. These applications have eased the task of contact tracing; however, they also have severe implication on user's privacy, for example, mass surveillance, personal information leakage and additionally revealing the behavioral patterns of the user. This impact on user's privacy leads to trust deficit in these applications, and hence defeats their purpose. In this work we discuss the various scenarios which a contact tracing application should be able to handle. We highlight the privacy handling of some of the prominent contact tracing applications. Additionally, we describe the various threat actors who can disrupt its working, or misuse end user's data, or hamper its mass adoption. Finally, we present privacy guidelines for contact tracing applications from different stakeholder's perspective. To best of our knowledge, this is the first generic work which provides privacy guidelines for contact tracing applications.

[1]  G. Leung,et al.  First-wave COVID-19 transmissibility and severity in China outside Hubei after control measures, and second-wave scenario planning: a modelling impact assessment , 2020, The Lancet.

[2]  Iryna Pentina,et al.  Exploring privacy paradox in information-sensitive mobile app adoption: A cross-cultural comparison , 2016, Comput. Hum. Behav..

[3]  Laura M. Glass,et al.  Targeted Social Distancing Designs for Pandemic Influenza , 2006, Emerging infectious diseases.

[4]  Shuchih Ernest Chang,et al.  A User Study on the Adoption of Location Based Services , 2007, APWeb/WAIM Workshops.

[5]  D. Gould,et al.  Fear and Stigma: The Epidemic within the SARS Outbreak , 2004, Emerging infectious diseases.

[6]  Alex Pentland,et al.  Mobile phone data and COVID-19: Missing an opportunity? , 2020, ArXiv.

[7]  Deborah Richards,et al.  Security and Privacy Issues Related to the Use of Mobile Health Apps , 2014 .

[8]  Ramesh Raskar,et al.  Assessing Disease Exposure Risk With Location Histories And Protecting Privacy: A Cryptographic Approach In Response To A Global Pandemic , 2020, ArXiv.

[9]  Ramesh Raskar,et al.  Apps Gone Rogue: Maintaining Personal Privacy in an Epidemic , 2020, ArXiv.

[10]  Hyunghoon Cho,et al.  Contact Tracing Mobile Apps for COVID-19: Privacy Considerations and Related Trade-offs , 2020, ArXiv.

[11]  G. Milne,et al.  Simulation suggests that rapid activation of social distancing can arrest epidemic development due to a novel strain of influenza , 2009, BMC public health.

[12]  Alex 'Sandy' Pentland,et al.  Assessing Disease Exposure Risk with Location Data: A Proposal for Cryptographic Preservation of Privacy , 2020, 2003.14412.

[13]  Matt J Keeling,et al.  Contact tracing and disease control , 2003, Proceedings of the Royal Society of London. Series B: Biological Sciences.

[14]  Erman Ayday,et al.  Tracking and Controlling the Spread of a Virus in a Privacy-Preserving Way , 2020, ArXiv.