research-article

Free access

Deploying decentralized, privacy-preserving proximity tracing

Authors:

Carmela Troncoso,

Edouard Bugnion,

Sylvain Chatel,

Jean-Pierre Hubaux,

Dennis Jackson,

James R. Larus,

Apostolos Pyrgelis,

Marcel Salathé,

Theresa Stadler,

Michael VealeAuthors Info & Claims

Communications of the ACM, Volume 65, Issue 9

Pages 48 - 57

https://doi.org/10.1145/3524107

Published: 19 August 2022 Publication History

All formats PDF

Abstract

Lessons from a pandemic.

References

[1]

Avitabile, G., Botta, V., Iovino, V., and Visconti, I. Towards defeating mass surveillance and SARS-CoV-2: The Pronto-C2 fully decentralized automatic contact tracing system. IACR Cryptology ePrint Archive (2020), 493. https://eprint.iacr.org/2020/493.

[2]

Bahrain, Kuwait and Norway contact tracing apps among most dangerous for privacy. Amnesty International (2020), https://www.amnesty.org/en/latest/news/2020/06/bahrain-kuwait-norway-contact-tracing-apps-danger-for-privacy/.

[3]

Barthe, G. et al. PanCast: Listening to Bluetooth beacons for epidemic risk mitigation. CoRR abs/2011.08069 (November 2020), https://arxiv.org/abs/2011.08069.

[4]

Bay, J. et al. BlueTrace: A privacy-preserving protocol for community-driven contact tracing across borders. (2020), https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf.

[5]

Benzler, J. et al. Towards a common performance and effectiveness terminology for digital proximity tracing applications. CoRR abs/2012.12927 (December 2020), https://arxiv.org/abs/2012.12927.

[6]

Briers, M., Charalambides, M., and Holmes, C. Risk scoring calculation for the current NHSx contact tracing app. CoRR abs/2005.11057 (May 2020), https://arxiv.org/abs/2005.11057.

[7]

Canetti, R. et al. Privacy-preserving automated exposure notification. IACR Cryptology ePrint Archive (2020).

[8]

Canetti, R., Trachtenberg, A., and Varia, M. Anonymous collocation discovery: Harnessing privacy to tame the coronavirus (March 2020), https://arxiv.org/abs/2003.13670.

[9]

Castelluccia, C. et al. DESIRE: A third way for a European exposure notification system leveraging the best of centralized and decentralized systems. CoRR abs/2008.01621 (August 2020), https://arxiv.org/abs/2008.01621.

[10]

Chan, J. et al. PACT: Privacy sensitive protocols and mechanisms for mobile contact tracing. CoRR abs/2004.03544 (April 2020), https://arxiv.org/abs/2004.03544.

[11]

CWA Team. Epidemiological motivation of the transmission risk level. (October 2020), https://github.com/corona-warn-app/cwa-documentation/blob/main/transmission_risk.pdf.

[12]

Daniore, P., Ballouz, T., Menges, D., and von Wyl, V. The SwissCovid digital proximity tracing app after one year: Were expectations fulfilled? Swiss Medical. Weekly (September 2021).

[13]

Data protection and information security architecture. PEPP-PT (Apr. 2020), https://github.com/pepp-pt/pepp-pt-documentation/blob/master/10-data-protection/PEPP-PT-data-protection-information-security-architecture-Germany.pdf.

[14]

DP-3T Team. Privacy and security risk evaluation of digital proximity tracing systems (April 2020), https://github.com/DP-3T/documents/blob/master/Security%20analysis/Privacy%20and%20Security%20Attacks%20on%20Digital%20Proximity%20Tracing%20Systems.pdf.

[15]

DP-3T Team. Secure upload authorisation for digital proximity tracing (April 2020), https://github.com/DP-3T/documents/blob/master/DP3T%20-%20Upload%20Authorisation%20Analysis%20and%20Guidelines.pdf.

[16]

Ebbers, W., Hooft, L., van der Laan, N., and Metting, E. Evaluation CoronaMelder: An overview after 9 months. https://www.coronamelder.nl/media/Evaluatie_CoronaMelder_na_9_maanden_english.pdf.

[17]

European Interoperability Certificate Governance. A security architecture for contact tracing and warning apps. eHealth Network (April 2020), https://health.ec.europa.eu/publications/european-interoperability-certificate-governance-security-architecture-contact-tracing-and-warning_en.

[18]

Exposure notification---Cryptography specification. Google LLC and Apple Inc. (April 2020), https://blog.google/documents/69/Exposure_Notification_-_Cryptography_Specification_v1.2.1.pdf.

[19]

German restaurants object after police use COVID data for crime-fighting. Reuters (July 2020), https://www.reuters.com/article/us-health-coronavirus-germany-privacy-idUSKCN24W2K6.

[20]

Groschupp, F. et al. Sovereign smartphone: To enjoy freedom we have to control our phones. arXiv:2102.02743 (Feb. 2021).

[21]

Hargittai, E., Redmiles, E.M., Vitak, J., and Zimmer, M. Americans' willingness to adopt a COVID-19 tracking app. First Monday 25, 11 (Oct. 2020).

[22]

Hatke, G.F., et al. Using Bluetooth Low Energy (BLE) signal strength estimation to facilitate contact tracing for COVID-19. Pact Technical Report (2020).

[23]

Illmer, A. Singapore reveals Covid privacy data available to police. BBC (Jan. 2021), https://www.bbc.com/news/world-asia-55541001.

[24]

Kaptchuk, G. et al. How good is good enough for COVID19 apps? The influence of benefits, accuracy, and privacy on willingness to adopt. arXiv:2005.04343 (May 2020).

[25]

Kim, N. 'More scary than coronavirus': South Korea's health alerts expose private lives. The Guardian (March 2020), https://www.theguardian.com/world/2020/mar/06/more-scary-than-coronavirus-south-koreas-health-alerts-expose-private-lives.

[26]

Kostova, B., Gürses, S., and Troncoso, C. Privacy engineering meets software engineering. On the challenges of engineering Privacy By Design. (July 2020), arXiv:2007.08613.

[27]

Leith, D.J. and Farrell, S. Coronavirus contact tracing: Evaluating the potential of using Bluetooth received signal strength for proximity detection. Computer Communication Review 50, 4 (October 2020), 66--74.

Digital Library

[28]

Levy, I. High level privacy and security design for NHS COVID-19 contact tracing app. National Cyber Security Centre, U.K. (May 2020), https://www.ncsc.gov.uk/files/NHS-app-security-paper%20V0.1.pdf.

[29]

Lovett, T. et al. Inferring proximity from Bluetooth Low Energy RSSI with unscented Kalman smoothers. CoRR abs/2007.05057 (July 2020), https://arxiv.org/abs/2007.05057.

[30]

Lueks, W. et al. CrowdNotifier: Decentralized privacy-preserving presence tracing. In Proceedings on Privacy Enhancing Techniques 2021, 4 (July 2021), 350--368.

[31]

Rivest, R.L. et al. The PACT Protocol technical specification. PACT (April 2020), https://pact.mit.edu/wp-content/uploads/2020/11/The-PACT-protocol-specification-2020.pdf.

[32]

ROBERT: ROBust and privacy-presERving proximity Tracing. Inria PRIVATICS team and Fraunhofer AISEC (April 2020), https://github.com/ROBERT-proximity-tracing/documents/blob/master/previous_versions/ROBERT-specification-EN-v1_0.pdf.

[33]

Salathé, M. et al. Early evidence of effectiveness of digital contact tracing for SARS-CoV-2 in Switzerland. Swiss Medical Weekly 150, 2020/5153 (December 2020).

[34]

Sterling, T. Personal data stolen from Dutch coronavirus track-and-trace programme. Reuters (2021), https://www.reuters.com/article/us-health-coronavirus-netherlands-datapr-idUSKBN29Y1H3.

[35]

SwissCovid Exposure Score Calculation. https://github.com/admin-ch/PT-System-Documents/blob/master/SwissCovid-ExposureScore.pdf.

[36]

TCN Coalition. TCN Protocol (2020), https://github.com/TCNCoalition/TCN.

[37]

Trieu, N. et al. Epione: Lightweight contact tracing with strong privacy. IEEE Data Engineering Bulletin 43, 2 (2020), 95--107. http://sites.computer.org/debull/A20june/p95.pdf.

[38]

Troncoso, C., et al. Decentralized privacy-preserving proximity tracing. CoRR abs/2005.12273 (2020), https://arxiv.org/abs/2005.12273.

[39]

White, N. Creepy bartender uses coronavirus contact tracing data to ask out a girl he gave a free drink to---as Australians are warned their personal information could be misused or stolen. Daily Mail Australia (July 2020), https://www.dailymail.co.uk/news/article-8516533/Creepy-bartender-uses-coronavirus-contact-tracing-data-ask-girl.html.

[40]

Wymant, C. et al. The epidemiological impact of the NHS COVID-19 App. Nature 594, 7863 (2021), 408--412.

[41]

Zhao, Q., Wen, H., Lin, Z., Xuan, D., and Shroff, N.B. On the accuracy of measured proximity of Bluetooth-based contact tracing apps. In Security and Privacy in Communication Networks 335, Springer (December 2020), 49--60.

Cited By

Wang J(2024)Geomasking to Safeguard Geoprivacy in Geospatial Health DataEncyclopedia10.3390/encyclopedia40401034:4(1581-1589)Online publication date: 21-Oct-2024
https://doi.org/10.3390/encyclopedia4040103
Calvi AMalgieri GKotzinos D(2024)The unfair side of Privacy Enhancing Technologies: addressing the trade-offs between PETs and fairnessProceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency10.1145/3630106.3659024(2047-2059)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3630106.3659024
Kann TBauer LCunningham RVilela JSchulmann HLi N(2024)CoCoT: Collaborative Contact TracingProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653254(175-186)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653254
Show More Cited By

Index Terms

Deploying decentralized, privacy-preserving proximity tracing

Recommendations

Privacy preserving medical data publishing
Privacy-Preserving Data Publishing: An Overview
Privacy-preserving revocation checking

Digital certificates signed by trusted certification authorities (CAs) are used for multiple purposes, most commonly for secure binding of public keys to names and other attributes of their owners. Although a certificate usually includes an expiration ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Communications of the ACM

Communications of the ACM Volume 65, Issue 9

September 2022

94 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/3558490

Editor:
James Larus
Association for Computing Machinery, New York, NY

Issue’s Table of Contents

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 August 2022

Published in CACM Volume 65, Issue 9

Check for updates

Qualifiers

Research-article
Popular
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
9,980
Total Downloads

Downloads (Last 12 months)847
Downloads (Last 6 weeks)150

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang J(2024)Geomasking to Safeguard Geoprivacy in Geospatial Health DataEncyclopedia10.3390/encyclopedia40401034:4(1581-1589)Online publication date: 21-Oct-2024
https://doi.org/10.3390/encyclopedia4040103
Calvi AMalgieri GKotzinos D(2024)The unfair side of Privacy Enhancing Technologies: addressing the trade-offs between PETs and fairnessProceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency10.1145/3630106.3659024(2047-2059)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3630106.3659024
Kann TBauer LCunningham RVilela JSchulmann HLi N(2024)CoCoT: Collaborative Contact TracingProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653254(175-186)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653254
Li YLin HLv JGao YDong W(2024)BLE Location Tracking Attacks by Exploiting Frequency Synthesizer ImperfectionIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621247(1860-1869)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621247
Muntoni AMazza FBraunstein ACatania GDall’Asta L(2024)Effectiveness of probabilistic contact tracing in epidemic containment: The role of superspreaders and transmission path reconstructionPNAS Nexus10.1093/pnasnexus/pgae3773:9Online publication date: 3-Sep-2024
https://doi.org/10.1093/pnasnexus/pgae377
Kamm LBogdanov DBrito EOstrak A(2024)Blueprints for Deploying Privacy Enhancing Technologies in E-GovernmentPrivacy and Identity Management. Sharing in a Digital World10.1007/978-3-031-57978-3_1(3-19)Online publication date: 23-Apr-2024
https://doi.org/10.1007/978-3-031-57978-3_1
Suter V(2023)Digital Contact Tracing in Switzerland: A Computer-Assisted Qualitative AnalysisSwiss Yearbook of Administrative Sciences10.5334/ssas.17714:1(130-146)Online publication date: 21-Dec-2023
https://doi.org/10.5334/ssas.177
Silva-Trujillo AGonzález González MRocha Pérez LGarcía Villalba L(2023)Cybersecurity Analysis of Wearable Devices: Smartwatches Passive AttackSensors10.3390/s2312543823:12(5438)Online publication date: 8-Jun-2023
https://doi.org/10.3390/s23125438
Villius Zetterholm MJokela P(2023)Addressing Complexity in the Pandemic Context: How Systems Thinking Can Facilitate Understanding of Design Aspects for Preventive TechnologiesInformatics10.3390/informatics1001000710:1(7)Online publication date: 11-Jan-2023
https://doi.org/10.3390/informatics10010007
Hang CTsai YYu PChen JTan C(2023)Privacy-Enhancing Digital Contact Tracing with Machine Learning for Pandemic Response: A Comprehensive ReviewBig Data and Cognitive Computing10.3390/bdcc70201087:2(108)Online publication date: 1-Jun-2023
https://doi.org/10.3390/bdcc7020108
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents