April 13, 2020
Safe Paths: A privacy-first approach to contact tracing
Fast containment is key to halting the progression of pandemics, and rapid determination of a diagnosed patient's locations and contact history is a vital step for communities and cities. This process is labor-intensive, susceptible to human memory errors, and fraught with privacy concerns.
Smartphones can aid in this process, though any type of mass surveillance network and analytics can lead to—or be misused by—a surveillance state.
Early contact-tracing tools deployed in certain countries against the current Covid-19 pandemic have indeed helped slow the spread, but have done so at the expense of the privacy of citizens and businesses, exposing even the most private details about individuals.
To help address this urgent challenge, a team led by MIT Media Lab Associate Professor Ramesh Raskar is designing and developing Safe Paths, a citizen-centric, open source, privacy-first set of digital tools and platforms to help stem the spread of Covid-19.
The Safe Paths project is a multi-faculty, cross-MIT effort, with input and expertise from institutes including Harvard University, Stanford University, and the State University of New York at Buffalo; clinical input from Mayo Clinic and Massachusetts General Hospital; and mentors from the World Health Organization, the U.S. Department of Health and Human Services, and the Graduate Institute of International and Development Studies.
A number of leaders and personnel from the global company EY are volunteering their time across many disciplines, including strategy and inclusion on the core initiative leadership team. Numerous additional companies are also participating in this way, including TripleBlind, Public Consulting Group, and Earned Media Consultants.
Experts from government agencies and academic institutes in Canada, Germany, India, Italy, the United Kingdom, and Vietnam are also helping to guide the platform's development.
The Safe Paths platform, currently in beta, comprises both a smartphone application, PrivateKit, and a web application, Safe Places. The PrivateKit app will enable users to match the personal diary of location data on their smartphone with anonymized, redacted, and blurred location history of infected patients. The digital contact tracing uses overlapped GPS and Bluetooth trails that allow an individual to check if they have crossed paths with someone who was later diagnosed positive for the virus. The PACT Bluetooth protocol, announced earlier by MIT, will be available through Safe Paths. The design of the PACT system has benefited from Safe Paths early work in this area. Through Safe Places, public health officials are equipped to redact location trails of diagnosed carriers and thus broadcast location information with privacy protection for both diagnosed patients and for local businesses.
The platform takes a fundamentally different approach to app-based epidemic analytics, and in the future will use techniques based on Split Learning, research that Raskar's Camera Culture group at the Media Lab has been developing for the past several years, and which enables distributed deep learning without the sharing of raw data. Safe Paths uses either on-device calculation or encrypted trail match. The Safe Paths platform provides users information on whether they have experienced a near-contact with a diagnosed individual, while maintaining the privacy of both the user and the diagnosed patient. Users long their location history privately on their own phone and remain in control of their data. Diagnosed patients can opt to provide their location history to health officials (providing similar, yet much more accurate, information to the current healthcare intake interviews).
Safe Places also provides a secure tool for public health officials to make infected patient contact history much more efficient, and enables anonymized and safe sharing of patient location history. In the future, this data will also be encrypted.
In the white paper, "Apps Gone Rogue: Maintaining Personal Privacy in an Epidemic," the research team describes the application of contact tracing to slow the spread of epidemics; outlines the current landscape of interventions; and details challenges and risks to data security and privacy protection. Ongoing and collaborative research designed to further explore critical aspects of contact tracing, and to test increasingly robust privacy protection methodologies. Findings will be continuously shared and published.
"We are dedicated to privacy-first solutions—user location and contact history should never leave a user's phone without direct consent," Raskar says. "We strongly believe that all users should be in control of their own data, and that we should never need to sacrifice consent for Covid-19 safety."
Zelalem Temesgen, an infectious disease specialist at Mayo Clinic who has contributed clinical expertise to the project, emphasizes the vital role of contact tracing in stemming an epidemic.
"In conjunction with rapid diagnosis and isolation of suspected or confirmed cases, contact tracing is a critical intervention for controlling outbreaks of infectious diseases," Temesgen states. "In the best of times, contact tracing is a laborious and difficult task; it becomes even more challenging in situations where individuals without symptoms are able to transmit infection to others."
Temesgen notes that having tools to enhance contact tracing capabilities by more efficiently, and accurately identifying locations where transmission may have occurred will empower public health officials to intervene expeditiously and offer testing to those who need it, and initiate other measures such as isolation and treatment.
"In situations like we are facing now, where our knowledge about this new infection is incomplete and continuously evolving, having accurate and comprehensive contact tracing capability can also provide crucial information about how the infection is spread," he adds.
According to Ronald Rivest, Institute Professor at MIT and inventor of the RSA public-key cryptosystem, contact tracing has proven to be an important and effective tool in fighting pandemics. "It's fortunately possible to achieve good contact tracing using smartphones, which can detect the presence of other nearby smartphones," Rivest notes. "Furthermore, such contact tracing can be done quite simply in a privacy-preserving manner—one doesn't need to implement 'big brother' systems that hand over everyone's location history to a big database somewhere. I believe that we can see such systems implemented and fielded quickly."
MIT Assistant Professor Kevin Esvelt, an evolutionary engineer who specializes in mitigating global catastrophic bio-risks, notes that automated contact tracing becomes increasingly effective as more people adopt it. "Safe Paths uses anonymized GPS, which improves upon traditional contact tracing for everyone using it, as well as Bluetooth, which can only anonymously log an interaction if both people have it. In the long run, it would be best to integrate these capabilities into the operating system of every smartphone as a defense against all pandemics, with each user freely deciding whether or not to share their local data when they learn they're infected."
"Until that day," Esvelt adds, "a statewide emergency message with a download link—or prominent placement by the big tech companies—is likely the best we can do."
The initial phases of the PrivateKit mobile application and Safe Places web application rollout will emphasize rapid iteration and deployment of solutions for privacy-first, pandemic contact tracing. In the later phases, the goal is the building of encrypted computational methods that can be useful in future types of outbreaks.