PACT: Privacy-Sensitive Protocols And Mechanisms for Mobile Contact Tracing

The global health threat from COVID-19 has been controlled in a number of instances by large-scale testing and contact tracing efforts. We created this document to suggest three functionalities on how we might best harness computing technologies to supporting the goals of public health organizations in minimizing morbidity and mortality associated with the spread of COVID-19, while protecting the civil liberties of individuals. In particular, this work advocates for a third-party free approach to assisted mobile contact tracing, because such an approach mitigates the security and privacy risks of requiring a trusted third party. We also explicitly consider the inferential risks involved in any contract tracing system, where any alert to a user could itself give rise to de-anonymizing information. More generally, we hope to participate in bringing together colleagues in industry, academia, and civil society to discuss and converge on ideas around a critical issue rising with attempts to mitigate the COVID-19 pandemic.

[1]  Ran Canetti,et al.  Anonymous Collocation Discovery: Taming the Coronavirus While Preserving Privacy , 2020, ArXiv.

[2]  Ramesh Raskar,et al.  Apps Gone Rogue: Maintaining Personal Privacy in an Epidemic , 2020, ArXiv.

[3]  Simon Josefsson,et al.  Edwards-Curve Digital Signature Algorithm (EdDSA) , 2017, RFC.

[4]  S. Kakade,et al.  Outpacing the Virus: Digital Response to Containing the Spread of COVID-19 while Mitigating Privacy Risks , 2020 .

[5]  Lucie Abeler-Dörner,et al.  Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing , 2020, Science.

[6]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[7]  Benny Pinkas,et al.  Phasing: Private Set Intersection Using Permutation-based Hashing , 2015, USENIX Security Symposium.

[8]  Ramesh Raskar,et al.  Assessing Disease Exposure Risk With Location Histories And Protecting Privacy: A Cryptographic Approach In Response To A Global Pandemic , 2020, ArXiv.

[9]  Ryen W. White,et al.  From web search to healthcare utilization: privacy-sensitive studies from mobile data , 2013, J. Am. Medical Informatics Assoc..

[10]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[11]  Carmela Troncoso,et al.  Decentralized Privacy-Preserving Proximity Tracing , 2020, IEEE Data Eng. Bull..

[12]  Alexandre V. Evfimievski,et al.  Information sharing across private databases , 2003, SIGMOD '03.