PACT : P rivacy-Sensitive Protocols A nd Mechanisms for Mobile C ontact T racing

The global health threat from COVID-19 has been controlled in a number of instances by large-scale testing and contact tracing efforts. We created this document to suggest three functionalities on how we might best harness computing technologies to supporting the goals of public health organizations in minimizing morbidity and mortality associated with the spread of COVID-19, while protecting the civil liberties of individuals. In particular, this work advocates for a third-party–free approach to assisted mobile contact tracing, because such an approach mitigates the security and privacy risks of requiring a trusted third party. We also explicitly consider the inferential risks involved in any contract tracing system, where any alert to a user could itself give rise to de-anonymizing information. More generally, we hope to participate in bringing together colleagues in industry, academia, and civil society to discuss and converge on ideas around a critical issue rising with attempts to mitigate the COVID-19 pandemic.

[1]  Carmela Troncoso,et al.  Decentralized Privacy-Preserving Proximity Tracing , 2020, IEEE Data Eng. Bull..

[2]  S. Kakade,et al.  Outpacing the Virus: Digital Response to Containing the Spread of COVID-19 while Mitigating Privacy Risks , 2020 .

[3]  Ramesh Raskar,et al.  Assessing Disease Exposure Risk With Location Histories And Protecting Privacy: A Cryptographic Approach In Response To A Global Pandemic , 2020, ArXiv.

[4]  Ran Canetti,et al.  Anonymous Collocation Discovery: Taming the Coronavirus While Preserving Privacy , 2020, ArXiv.

[5]  Vitor F. Pamplona,et al.  Apps Gone Rogue: Maintaining Personal Privacy in an Epidemic , 2020, ArXiv.

[6]  Lucie Abeler-Dörner,et al.  Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing , 2020, Science.

[7]  Benny Pinkas,et al.  Phasing: Private Set Intersection Using Permutation-based Hashing , 2015, USENIX Security Symposium.

[8]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[9]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[10]  Alexandre V. Evfimievski,et al.  Information sharing across private databases , 2003, SIGMOD '03.

[11]  Simon Josefsson,et al.  Edwards-Curve Digital Signature Algorithm (EdDSA) , 2017, RFC.

[12]  Ryen W. White,et al.  From web search to healthcare utilization: privacy-sensitive studies from mobile data , 2013, J. Am. Medical Informatics Assoc..