The system enables epidemiologists to analyse the spread of the pandemic, while fully respecting individual rights to privacy and ensuring no personal data ever leaves an individual’s device, and is not centralised in a cloud server: meaning it is not able to be repurposed for anything other than public health. It is proposed as one of the protocols for the Pan-European Privacy Preserving Proximity Tracing project (PEPP-PT).
Data rights and regulation lecturer, Dr Michael Veale (UCL Laws), said: “There are a lot of concerns about Bluetooth tracing being administered centrally by governments, particularly in countries that have weaker privacy laws and concern for human rights. We have developed a practical solution that could help tell someone when they come into contact with someone that has tested positive for Covid-19, while at the same time ensuring that the user’s information never leaves their phone.”
The system would work whereby people who have tested positive for Covid-19 are authorised to upload random, constantly changing identifiers they have been emitting via Bluetooth using the app. Individuals that have the app, and have been in proximity to that person, compare downloaded random identifiers to the ones they have collected using their own devices. If they were in close proximity for a significant duration to a person that had tested positive, they would receive a quick notification to alert them, along with WHO-approved guidance on next steps.
While these uploaded identifiers are useful to those who use the app, they are useless to the central server. The server will not be able to identify who an uploader is or any characteristics about the individual.
Several governments across the world have used contact tracing, as part of efforts to control the spread of the coronavirus. China, for example, has reportedly relied on mass surveillance of phones to classify individuals by their health status and restrict their movements.
However, concerns have been raised about what this means for individual privacy rights, and what happens if the data is misused or used beyond the initial purpose.
“Given this is a global problem, it is key such a system works across borders, so they can be re-opened” said Dr Veale. “If one country uses a centralised system, then they all have to, putting citizens of countries with limited respect for human rights or the rule of law at serious risk. In our system, it works the other way — citizens around the world would be protected from surveillance and misuse, while epidemiologists get the insights they tell us they need.”
The team of 25 scientists from across Europe including the Swiss Federal Institutes of Technology and KU Leuven in Belgium, have developed a system that hides all personal information from the server.
The system provides the following privacy and security protections:
Dr Veale add: “We have developed a decentralised privacy design to ensure individual data remains anonymous, we prevent abuse of data by third parties, and prevent tracking of non-infected individuals. There is really no good reason not to adopt such a private system — and if less private alternatives are deployed, it should raise serious questions about future plans.
“We are opposed to data being collected centrally as this raises questions over future intended purposes of individual information, and will affect the adoption of any such app. If it is not adopted by over a majority of the population because users do not trust it to not misuse their data, the research indicates it will not be useful — and this could endanger lives.”