[Paper Review] Contact Tracing Mobile Apps for COVID-19: Privacy Considerations and Related Trade-offs
The paper analyzes privacy implications of COVID-19 contact tracing apps (notably TraceTogether) and proposes privacy-enhancing augmentations and adoption strategies within a semi-honest model.
Contact tracing is an essential tool for public health officials and local communities to fight the spread of novel diseases, such as for the COVID-19 pandemic. The Singaporean government just released a mobile phone app, TraceTogether, that is designed to assist health officials in tracking down exposures after an infected individual is identified. However, there are important privacy implications of the existence of such tracking apps. Here, we analyze some of those implications and discuss ways of ameliorating the privacy concerns without decreasing usefulness to public health. We hope in writing this document to ensure that privacy is a central feature of conversations surrounding mobile contact tracing apps and to encourage community efforts to develop alternative effective solutions with stronger privacy protection for the users. Importantly, though we discuss potential modifications, this document is not meant as a formal research paper, but instead is a response to some of the privacy characteristics of direct contact tracing apps like TraceTogether and an early-stage Request for Comments to the community. Date written: 2020-03-24 Minor correction: 2020-03-30
Motivation & Objective
- Motivate privacy as a central feature in contact tracing apps during COVID-19.
- Analyze real-world TraceTogether design and its privacy implications.
- Propose privacy-enhancing augmentations and system architectures.
- Discuss strategies to encourage rapid, widespread adoption while preserving privacy.
Proposed method
- Review existing contact tracing approaches and their privacy properties.
- Define three notions of privacy: from snoopers, from contacts, and from authorities.
- Evaluate TraceTogether and alternative architectures under a semi-honest model.
- Propose privacy-enhancing augmentations including polling, mixing servers, public token databases, and private messaging.
- Outline cryptographic approaches (private messaging and mix networks) for stronger privacy from authorities.
Experimental results
Research questions
- RQ1How do different contact tracing designs protect or reveal privacy from snoopers, contacts, and authorities?
- RQ2What privacy-preserving augmentations can improve user privacy while maintaining public health usefulness?
- RQ3What adoption strategies best balance privacy guarantees with practical deployment in diverse jurisdictions?
Key findings
- TraceTogether protects privacy from contacts but offers limited privacy from the authorities and from snoopers.
- Polling-based approaches can partially improve privacy from authorities but still leak risk via linkage; mixing servers strengthen privacy against linkage attacks.
- Public database and spam/noise approaches have trade-offs between privacy and efficiency or privacy of diagnosed individuals.
- Private messaging systems and mix networks can provide provable privacy from authorities, at higher computational and architectural costs.
- Adoption is aided by clear privacy guarantees, open-source auditing, and culturally appropriate deployment strategies.
Better researchstarts right now
From paper design to paper writing, dramatically reduce your research time.
No credit card · Free plan available
This review was created by AI and reviewed by human editors.