Application Security & Online Fraud , COVID-19 , Governance & Risk Management
Researchers Propose COVID-19 Tracking AppSmartphone App Would Warn of Proximity to Those With Virus While Protecting Privacy
Researchers at Boston University have written a research paper that proposes creating a smartphone app that uses short-range transmission technologies that can inform users if they have been in close proximity to a person infected with COVID-19 – while maintaining privacy.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
In the paper, researchers Ari Trachtenberg, Ran Canetti and Mayank Varia describe the use of short-range transmission technologies, including Service Set Identifier broadcasts, near-filed communication and Bluetooth, to generate a random identification number for the user's device that avoids divulging personal details. This could help avoid some of the privacy issues that come with tracking GPS or real-time location data.
"We believe that the privacy guarantees provided by the scheme will encourage quick and broad voluntary adoption," according to the researchers, who advocate a voluntary approach to using this type of smartphone tracking app.
Current methods of tracking the locaction of individuals who could potentially be infected with COVID-19 rely on the collection of cell phone location data and combining it with personal information, which is an "unprecedented encroachment on individual privacy," the researchers note.
In March, the Trump administration spoke with technology firms, including Google and Facebook, about ideas for using real-time location data from smartphones to help track COVID-19 cases. But lawmakers, attorneys and security professionals expressed concerns about the concept (see: Should Location Data Be Used in Battle Against COVID-19?).
Since then, Google devised a COVID-19 Community Mobility Report that provides insights into trends in individuals' movements by using aggregated, anonymized data.
On Monday, the European Data Protection Supervisor, the EU's independent data protection authority, called for creation of one app to track COVID-19 cases, arguing that the use of too many apps would put citizens' privacy at risk.
Using the App
The Boston University researchers propose creating a smartphone app that would create a randomly generated identification number that can be shared with those in the community who also use the app.
Each smartphone using the app would broadcast a random token number to ensure that there's no obvious link to the user's personal information. The number would change every few minutes to ensure privacy and reduce the possibility of hacking. The app would record all the tokens it receives from nearby devices, according to the paper.
If a user is diagnosed with COVID-19, they could voluntarily share that data through the app, Trachtenberg explains in a LinkedIn post.
"When a person is tested positive for COVID-19, the person could choose (through the administrating medical professional) to voluntarily share their list of random numbers - either their own generated numbers or the numbers that the app observed," Trachtenberg notes.
The data and tokens could then be uploaded to a trusted website, such as the U.S. Centers for Disease Control and Prevention, to help track cases. At the same time, the app could connect to a database, which could alert users if they have been in contact with someone who has tested positive, according to the researchers. That could help with decisions about self-quarantining or testing.
"The random numbers break up the user's location history by varying them over time," Trachtenberg says. "The approach is dead simple and does not require any sophisticated math."
The researchers are seeking feedback on their proposal. The team acknowledges that the app needs security in place to ensure that identification tokens can't be spoofed and prevent counterfeit versions from appearing in app stores.
"Perhaps by far the greatest hurdle for this app is adoption - very quickly getting a large body of people to use the application, including medical professionals who are administering tests," according to the paper.
The researchers believe that they have the technology to create the app, but they are seeking more input from healthcare professionals, their report states.