Engineering Privacy in Contact Tracing Apps

摘要

A key measure to mitigate and slow down virical disease is contact tracing. Contact tracers traditionally relies on time-consuming activities performed by human contact tracers: interview positive patients to identify potential infected contacts, and communicate with those contacts to ensure they take precautions (e.g., self-isolate or take a test). As the number of cases increases, human contact tracers cannot timely perform their activities, decreasing their effectiveness at breaking transmission chains and hence at slowing down the virus spread. This situation prompted institutions and governments to seek help from technology to be able to scale mitigation measures. During 2020 we have witnessed the appearance of a number of Digital Proximity Tracing proposals which have three main goals: notifying contacts in a timely manner, notifying close contacts that may not be identified by manual contact tracing, and operating even when manual contact tracers cannot scale to the number of positive cases. These proposals typically rely on smartphones to gather proximity information that serves to identify contacts. In this talk we will present the Decentralized Privacy-Preserving Proximity Tracing protocol (DP3T) [1], that inspired Google and Apple's Exposure Notification and is now the basis of dozens of proximity tracing mobile apps around the world. We will discuss the requirements and constraints that drove the protocol design, and the security and privacy trade-offs that we had to confront. The protocol, however, is only a small part of a Digital Proximity tracing system which includes communication with the server and integration with health services. This talk will also summarize our experience designing and implementing these mechanisms under time pressure and continuous changes in the underlying libraries.