April 23, 2020
A contact-tracing app that helps public health agencies and doesn't compromise your privacy
Stay-at-home orders and social distancing have been successful in some areas to help flatten the coronavirus curve. As parts of the world begin to open up again, communities need a reliable way to keep track of the virus and contain its spread.
Contact-tracing apps may provide one option as part of a larger strategy. These apps monitor who has come in contact with whom and can, when appropriate, alert a network of people if someone nearby has been diagnosed with the virus. But many current contact-tracing apps have privacy red flags—for example leaking a user's location information or taking away people's control over their own data.
Now researchers from the University of Washington and UW Medicine, along with volunteers from Microsoft, have developed a new tool, COVIDSafe. This contact-tracing app, developed with input from public health officials and contact tracing teams, would alert people about potential exposure to COVID-19 without giving up anyone's privacy. This app could also help individuals who test positive prepare for a contact tracing interview with a public health official.
COVIDSafe is not ready to be downloaded from app stores, but an Android demo version is accessible through the team's website. Users who try the demo version, which doesn't have full functionality yet, can submit feedback to the team. This app is based off a series of privacy and security guidelines that the team outlined in a white paper posted earlier this month to the preprint site arXiv.
"Contact tracing is one of the most effective tools that public health officials have to halt a pandemic and prevent future outbreaks," said author Justin Chan, a UW doctoral student in the Paul G. Allen School of Computer Science & Engineering. "Our contact-tracing app addresses underlying privacy, security and re-identification issues, rather than sweeping them under the rug. With COVIDSafe, all information is stored locally on your phone unless you choose to share that you've tested positive. Only then is your data sent to a secure server, and the app alerts anyone who has been nearby. After these notifications are sent, all the information is deleted."
COVIDSafe takes several steps to maintain users' privacy. The app begins by assigning each user a secret code name, which remains private. Then it generates a variation of the code name that changes every 15 minutes and uses Bluetooth to broadcast that to other users nearby. COVIDSafe also stores a list of these people's smartphone signals. With the full version of COVIDSafe, if a user tests positive and they choose to share that information with the app, it will alert anyone who has come in contact with them within the past 14 days—the infection window for COVID-19—without divulging who the person is or where they are.
"Conventional contact tracing already requires a person to give up some measure of personal privacy as well as the privacy of those they came into contact with," said collaborator Stefano Tessaro, an associate professor in the Allen School. "However, we can make acceptable trade-offs to enable us to use the best tools available to speed up and improve that process, all while ensuring stronger privacy guarantees at the same time."
Because not everyone will want to use a contact-tracing app, COVIDSafe aims to augment—not replace—conventional contact tracing, which public health officials do by interviewing patients who've tested positive about where they have been and who they have seen. COVIDSafe creates a log of users' locations over time, so it can help people in these interviews by providing them with the details about where they've been lately.
"This is being built first and foremost with contact-tracing teams and public health officials in mind," said collaborator Dr. Jacob Sunshine, an assistant professor of anesthesiology and pain medicine at the UW School of Medicine. "They are the experts, and much of the functionality has been developed based on direct feedback from teams doing this necessary and difficult work. Combined with extremely thoughtful privacy-preserving designs, this system is built to meet the needs of a privacy-conscious public and to efficiently deliver useful information that can help public health systems and contact tracers work smarter and faster."
COVIDSafe has other features, including a symptom tracker so that users who have tested positive and are in isolation can track their symptoms, and a messaging system that will eventually allow users to receive tailored health announcements from local public health agencies. The researchers have made the code behind the app publicly available for organizations to customize for their own use.
"Ten years from now, I want to be able to look back and genuinely say, "I did something to help in the greatest crisis of my lifetime,'" said collaborator John Langford, one of the project volunteers who is also a computer scientist at Microsoft Research. "At this point, dozens of people have contributed hundreds of hours toward making this project happen. We have all the expertise needed to create something genuinely useful, and we are well on the way."