Contact tracing is paramount to fighting the pandemic but it comes with legitimate privacy concerns. At the Zurich startup decentriq (www.decentriq.ch) we believe that you can have both, contact tracing and data privacy.
In the #CodeVsCOVID19 hackathon we have built a privacy-preserving confidential contact tracing system, including an iOS app and a confidential computing server.
We are looking for partners to build this into a production system. If you're interested or want to learn more about the details of the project, contact email@example.com
Contact tracing has helped drastically flatten the curve in countries such as South Korea. However, tracing requires tracking people's movements. This raises legitimate privacy concerns.
At decentriq (www.decentriq.ch) we work with privacy preserving technologies. We believe that you can have both, contact tracing and data privacy.
We've built a confidential contact tracing system, including an iOS app and a confidential computing server.
Intel SGX technology allows the server to prove its program logic to the app before the app sends data to the server. In particular the server can prove that it cannot leak the user's data.
Contact tracing systems which are currently in use come with privacy problems. In central approaches all data could potentially be accessed by the authorities. In "edge approaches" infected people's data are exposed. Israel's Hamagen system is such a case, for a detailed comparison see "Comparison with Hamagen" below.
cocotrace | Confidential Contact Tracing
The cocotrace system uses a central confidential computing server. The server proves its identity to the apps in the form of a signed hash of its code. Additionally, it prevents memory-attacks through memory encryption and isolation.
cocotrace minimizes the privacy risk through provable data confidentiality.
For the server we use Rust and an SGX-embedded webserver depoyed on an Azure Confidential Compute instance. The app was built in react-native.
Comparison with Hamagen
Israel's health ministery recently launched the contact tracing system Hamagen. The Hamagen app claims that it only processes the user's location data on device. Which is a good first step, however, it fetches the traces of relevant infected people from public government servers. Hence, the location data of infected patients is not protected at all but instead gets pushed to all other users in order to compute locally if they had been close to the infected person.
Hamagen protects the data privacy of the healthy people and is a clear improvement over a central server collecting all data on an ongoing basis. It however requires the infected people to share all their movement data with all people in the system. This sharing is likely to prevent some people from revealing their infection.
In terms of privacy, the cocotrace system is superior to Hamagen as cocotrace protects the privacy of all participants. The only information getting out about you is the fact that you have met one of patients. If we generalise the returned timestamp to only reveal the day when this happened, we argue that cocotrace also protects the privacy of infected people really well.
In cocotrace there is nothing preventing people from letting the system know that they have been infected. This improved privacy should bring more users to the system and improve the crucial contact tracing success rate.