Back to Insights

How Does Contact Tracing Work And Is My Data Safe?

Cyber security 05/19/2020 - 12:45 by Sabita Sriram

How Does Contact Tracing Work

With COVID-19, contact tracing apps have become common. The article here tries to weigh the pros of MIT’s approach to privacy by design.

PACT is the abbreviation for Private Automated Contact Tracing, which is a contact tracing technology that unobtrusively identifies potential COVID-19 victims and the others who have been in close contact with them.

PACT is an open-source protocol that does not capture the personal data of individuals and uses Bluetooth technology to locate contacts who are in proximity to each other.

A consortium of universities is currently developing the system, while the person spearheading these efforts is MIT Professor Ron Invest. The methodology involves using Bluetooth communications, these are emissions from every smartphone which are called anonymous ‘chirps’, the information present in these includes distance and the time spent between the ‘chirping‘ phones. This is an approach to ‘Privacy by Design’. No information can be left on the phone without the owner’s consent.

The system architecture requires a database containing Bluetooth information of positive cases hosted in the cloud. For information collection, public health officials must solicit the cooperation of COVID-19 victims. This is the only instance where affected victims expressly consent to convey their identity, and location information. Needless to say, the security architecture of such information requires the use of encryption.

The modus operandi simply involves using the list of all the chirps that have been received and sent by the patient’s phone which then becomes an ‘Index’. So each time a person is diagnosed with the pandemic, his cell phone information is used to trace the distance and duration with other phones for a three-week time frame, this is an indicator of potentially affected parties. This potential exposure list is then transmitted to the public database. This is openly available for scanning by one and all. Therefore, if someone unaffected by COVID-19 wants to check if they have maintained adequate social distancing and isolation then they should perform a scan. If their Bluetooth has ‘spoken/responded’ to the signals of an affected party they can be tagged.

To ensure preventive measures, this kind of scan can be made mandatory by legislation. Then, the time frame and proximity of contact can be analyzed to identify the scope for contagion. After further analysis, the required course of medical action may be taken.

Some technical requirements include interoperability with various mobile phone manufacturers, determining the medically significant thresholds, and corresponding course of action for potential victims.

If India adopted a similar model it could be helpful if the code is open-source the vulnerabilities can be identified and patched.

Technology Architecture

This tracking technology uses Bluetooth Low Energy protocol which is unilateral and does not seek confirmation from the recipient. Another factor used to estimate is contact duration, this is based on the distance and time frame of chirps between the devices. Other metadata that can help include the associated information, say the place of a bar or a restaurant where the disease is more contagious.

Chirps are random data that is not specifically identified to a person, they can be traced using the data entered by a reliable medical professional after seeking the patient’s consent. Unaffected users can refer to the database of contact logs of victims via scans to check their risk of infection.

Chirp information has a 256-bit seed known to that phone, it is relevant for a 3-month time frame to battle this pandemic via contact mapping. This information is never broadcast and is only on the receiver’s phone. This is the Bluetooth signal every phone emits. It also maintains a contact log of all the signals it receives.

Process Design

Testing authorities generate permission numbers, this, in turn, needs to correspond with the positive cases and their contact details which are being uploaded by health professionals. The number is random, non-repetitive, and uniquely identifiable to a patient. Proper authorization and authentication procedures around this number are essential.

Patients can provide details of the chirps, which are then boiled down to the ‘seed’ which can be identifiable to their phone. Having done that, the seed and time frames of contact are uploaded into an exposure database.

However, the database cross-verifies the permission number with the authorized list that is generated and ensures unique and valid numbers are included to maintain the integrity of information. The patient can exclude a time frame using a revised seed if needed.

The app is designed to act passively with minimal active queries by the user. This allows for automatic updates to the database, it also has a computational logic to decide on the proximity based on signal strength. The database uses infected people’s data and ensures it gets pushed to other parties around that geography.

There will be a loss of privacy to infected persons when potential contacts come to know of their medical condition by performing scans of the exposure database that matches the chirps. This is an unavoidable loss of privacy and something an infected person has to be prepared to handle if they consented to share their seed information with the exposure database.

Database administrators of this system will not be allowed to maintain logs of individuals making uploads, similarly, the technology is meant to ensure limited exposure to eavesdropping attacks. Otherwise, anonymous means to transmit data may be possible.

Information Aggregation

Database administrators and testing authorities will not have any point of contact to reverse engineer the permission number used to uniquely identify patients. The chirps use a 256 seed as a protection mechanism which cannot be easily replicated and these are time-stamped to protect from rebroadcasting attacks.

Moreover, the permission numbers are also hard to replicate as there is considerable randomization and this helps in preventing impersonation attacks, which will affect the information integrity of the exposure database.

Additional features

The interoperability of different platforms, file formats, and alternates to chirps in different models is being explored.

Some other extensions being proposed because the virus spreads at the surface level is to treat the smartphone as a repeater that merely rebroadcasts the chirps it receives to the listener which then creates a log. This is done within a time frame to avoid replay attacks.

Reverse contact tracing is also possible to identify the source of infection, this is based on the time frame preferred by the patient who uploads the relevant seed information. This will detect asymptomatic individuals and advise them on taking the help.

Any metadata may provide additional information that helps in diagnosis, but this can be encrypted to avoid snooping and is useful only when the contact voluntarily contacts public officials.

The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.

The goal of contact tracing is to quickly identify individuals who may be virus carriers, before they even show symptoms, so that they may be tested.