[Paper Review] Assessing Disease Exposure Risk with Location Data: A Proposal for Cryptographic Preservation of Privacy
The paper proposes a GPS-based, privacy-preserving contact tracing system using data redaction, deterministic hashing of spatiotemporal point intervals, and a private set intersection protocol to identify exposures without revealing private location histories.
Governments and researchers around the world are implementing digital contact tracing solutions to stem the spread of infectious disease, namely COVID-19. Many of these solutions threaten individual rights and privacy. Our goal is to break past the false dichotomy of effective versus privacy-preserving contact tracing. We offer an alternative approach to assess and communicate users' risk of exposure to an infectious disease while preserving individual privacy. Our proposal uses recent GPS location histories, which are transformed and encrypted, and a private set intersection protocol to interface with a semi-trusted authority. There have been other recent proposals for privacy-preserving contact tracing, based on Bluetooth and decentralization, that could further eliminate the need for trust in authority. However, solutions with Bluetooth are currently limited to certain devices and contexts while decentralization adds complexity. The goal of this work is two-fold: we aim to propose a location-based system that is more privacy-preserving than what is currently being adopted by governments around the world, and that is also practical to implement with the immediacy needed to stem a viral outbreak.
Motivation & Objective
- Break the privacy versus effectiveness trade-off in digital contact tracing.
- Propose a location-based system that preserves user privacy while enabling accurate exposure risk assessment.
- Enable aggregated public risk visualization and individualized risk notifications without exposing individuals’ location histories.
Proposed method
- Partition GPS histories into discrete spatiotemporal point intervals mapped to a shared grid.
- Transform and encrypt point intervals on-device before any data leaves the device.
- Use a semi-trusted authority to store redacted carrier data and engage a private set intersection protocol for matching hashed point intervals.
- Assess user exposure risk on-device based on matches with diagnosed carriers and notify at-risk users.
- Provide an aggregated heatmap view of risk areas for public health insights.
Experimental results
Research questions
- RQ1Can a GPS-based, privacy-preserving system accurately identify points of contact with diagnosed carriers without exposing individual location histories?
- RQ2Does the combination of data redaction, deterministic hashing, and PSI enable practical, scalable exposure risk notifications during an outbreak?
- RQ3How can aggregated data still inform public risk without compromising individual privacy?
Key findings
- A probabilistic risk assessment is feasible by measuring time spent in spaces shared with diagnosed carriers.
- Hashing of 3D point intervals enables privacy-preserving matches via PSI between user devices and a central server.
- Two on-device data redaction approaches (area-based and point-interval hashing) support aggregated privacy and contact tracing use cases.
- PSI provides a privacy layer where only intersecting data is revealed to the querying user, not to the server.
- The design includes safeguards like regional data storage, exchange limits, and data deletion after d days to reduce privacy risks.
Better researchstarts right now
From paper design to paper writing, dramatically reduce your research time.
No credit card · Free plan available
This review was created by AI and reviewed by human editors.