COVID Watch and privacy

[Tina White is a friend of mine and co-founder of COVID Watch, a promising app for improving contact tracing for the coronavirus while preserving privacy. I commissioned Tom Higgins to write this post in order to bring attention to this important project and put it in context of related efforts. -Jess Riedel]

Countries around the world have been developing mobile phone apps to alert people to potential exposure to COVID-19. There are two main mechanism used:

1. Monitoring a user’s location, comparing it to an external (typically, government) source of information about infections, and notifying the user if they are entering, or previously entered, a high-risk area.
2. Detecting when two users come in close proximity to each other and then, if one user later reports to have been infected, notifying the second user and/or the government.

The first mechanism generally uses the phone’s location data, which is largely inferred from GPS.In urban areas, GPS is rather inaccurate, and is importantly augmented with location information inferred from WiFi signal strength maps.^a The second method can also be accomplished with GPS, by simply measuring the distance between users, but it can instead be accomplished with phone-to-phone bluetooth connectionsA precursor to smartphone-based contact tracing can be found in the FluPhone app, which was developed in the University of Cambridge Computer Laboratory in 2011. (BBC Coverage.) Contact tracing was provided over bluetooth and cases of the flu were voluntarily reported by users so that those with whom they had come into contact would be alerted. Despite media coverage, less than one percent of Cambridge residents downloaded the app, whether due to a lack of concern over the flu or concerns over privacy.^b (described in more detail below).

Private Kit: Safe Paths is the most well-known COVID-tracking app in the US (Science coverage). It is GPS-based app, currently at a preliminary prototype stage, under development by MIT’s Ramesh Raskar and his colleagues.Many news articles about Safe Paths claim that it is open source, but this doesn’t seem to be stated on the website of the developers, and I was unable to find a GitHub link after a bit of searching.^c Their description of their future abilities:

The Private Kit: SafePaths solution, in its first iteration, enables individuals to log their own location on their own phones. With consent, diagnosed carriers can share an accurate location trail with health officials once they are diagnosed positive…In its second iteration, Private Kit: Safe Paths provides users with information on whether they have crossed paths with a diagnosed carrier. Governments are equipped to redact location trails and thus broadcast location information with privacy protection for diagnosed carriers and local businesses. In its third iteration, Private Kit: Safe Paths enables privacy-protected participatory sharing of location trails of diagnosed carriers and direct notification to users who have been in close proximity to a diagnosed carrier, without allowing a third party, particularly a government, to access individual location trails.

The app is now at “Phase 2” functionality. Even when it is operational, Safe Paths will have two significant drawbacks associated with GPS: The location accuracy can be mediocre in urban areas, and it is necessary to upload the infected user’s minute-by-minute location data to a central server to get the full benefits, which appears to be a privacy vulnerability even if anonymized. (Even when GPS data is stripped of explicit personal information, identify can often be inferred.)

Singapore’s COVID-tracking app, TraceTogether (CNBC coverage), fixes the first problem and partially fixes the second. TraceTogether uses bluetooth signals between mobile phones to determine when app users come into contact with each other so that, in the event that a user contracts the virus, Singapore’s health ministry can find those who had close contact with the infected user. The data logged is stored on the phone in encrypted form. Information regarding potential close contact is stored with “cryptographically generated temporary IDs,” but the information can be decrypted, and the users identified by Singapore’s health ministry. It has been praised for its efficacy.

While TraceTogether is mainly focused on identifying those with whom infected users have made contact, the Singapore governments also sends citizens WhatsApp updates twice a day regarding the total number of cases, the suspected locations of outbreaks, and advice for avoiding them. TraceTogether is also pursuing greater privacy through additional decentralization, as well as a bluetooth tracing standard “BlueTrace”, but these have not been released and the current code is not open source.

COVID Watch is an upcoming open-source mobile app from Tina White, James Petrie, and Rhys Fenwick, in coordination with Stanford University. (AFP coverage.) It also uses bluetooth, but in a decentralized way: When two users come in close proximity, they exchange randomly generated codes. If a user later is diagnosed with the coronavirus, they can obtain a passcode from a central health authority allowing them to anonymously add their proximity code history to a central database. All other users can then cross-reference the proximity history they have received with this database. In this way, they plan to get the accuracy of bluetooth-based apps like TraceTogether with the privacy features promised by future version of Safe Paths.

Here is their graphical representation of the privacy model:

In addition to displaying CDC general COVID-19 advice, symptoms and resources, COVID Watch will also offer personalized advice. If a contact is infected, the app will display the number of the local public health department and advise users to call for information about next steps. Depending on progress with GPS anonymization, in the future COVID Watch may also allow infected users to upload their location history in order to create infection density heat maps of areas where there may be a risk of people or inanimate objects transmitting the disease. Further details are available in their online white paper. You can also see Tina White give a short talk here. If you’re interested in helping out, COVID Watch is looking for contributors.

Below is a necessarily incomplete list of existing and forthcoming apps from other countries:

• South Korea used smartphone location data in addition to credit card transactions and CCTV video to create a tracking system of confirmed cases. They used this system to create coronamap.site, which can tell people whether they have gone near a carrier of COVID-19. The app Corona 100m alerts users who come within 100 meters of a location visited by an infected person.
• China uses the Alipay Health Code app to assign green, yellow, or red color codes to users that indicates their health status. Users with yellow codes must stay at home for seven days and users with red codes must quarantine for two weeks. Every time a user’s code is scanned at a checkpoint, their location is logged. This allows for location tracking over time.
• India is currently testing CoWin-20.
• Israel uses an app called HaMagen (“The Shield”) for phone-based contact tracing of infected citizens. Those who are founded to have crossed paths with infected citizens are given the option to report their exposure to the Health Ministry.
• The WHO is reportedly developing an app, although contact tracing will not appear in the first iteration.

Non-governmental efforts include CoEpi, HealthLynked, and Bandemic. For a more extensive but under-construction list, see the section “Relevant projects & Circulation list” in this public Google Doc from Mitra Ardron and Peter Eckersley.