
Private Kit: Can we slow the spread without giving up individual privacy? - rchaudhary
http://safepaths.mit.edu/
======
cjbprime
Singapore's doing contact tracing without any location data, and with contact
between devices encrypted until needed for a contact disclosure. Seems like a
better approach to me:

[https://www.mobihealthnews.com/news/asia-
pacific/singapore-g...](https://www.mobihealthnews.com/news/asia-
pacific/singapore-government-launches-new-app-contact-tracing-combat-spread-
covid-19)

~~~
joelkek
Yeah GPS casts too wide a net (imagine being in New York- everyone in a
80-story office building would be within margin of error of a single GPS
point).

Bluetooth seems like a better solution, and the Singapore one does it in a
privacy-preserving way while storing all data on the phone. Only when a user
is infected, then are they asked to upload data.

[https://tracetogether.gov.sg](https://tracetogether.gov.sg)

~~~
ryanisnan
How does this work if one has a bluetooth receiver off?

~~~
true_religion
It doesn’t. It also doesn’t cover people without phones, like most children.
Or people with feature phones that don’t have Bluetooth.

Yet it’s still better than nothing.

------
saagarjha
Summary:
[https://drive.google.com/file/d/1UGY07m8GNrUaj9bGRx07vDMccxT...](https://drive.google.com/file/d/1UGY07m8GNrUaj9bGRx07vDMccxTcGRQS/view)

Paper:
[https://arxiv.org/pdf/2003.08567.pdf](https://arxiv.org/pdf/2003.08567.pdf)

It seems like the way this preserves privacy is that you only upload your
location information once you're tested positive, where it is "redacted" (I
have very little faith in this) and then sent to everyone else so they can
check to see if they were in contact with you. It's better than mass
surveillance, sure, but I'm not sure if you can claim that this doesn't give
up individual privacy.

~~~
RegnisGnaw
Mandatory or optional? Will the government force me to upload if I am
positive? Or can I choose not to?

~~~
plafl
What do you think is the ethical option? If you are positive shouldn't the
people in contact with you know it? I'm genuinely asking, it's not a
rethorical question. I think they should know they have been exposed to the
virus at least, not necessarily knowing it was you. You already have lost some
rights of movement and assembly. Losing some privacy may help you regain them
sooner.

~~~
cat199
> You already have lost some rights

not sure which side of the fence I actually stand here, but this would add at
least 4th/5th amendment in US context to the list

------
simmanian
I had been a staunch advocate of not sharing any personal information wherever
possible, but recently I've been thinking whether I've approached the whole
privacy issue from a wrong angle.

Maybe there isn't anything wrong with sharing our data and information for the
public good. After all, we almost view it self-evident that transparency is
good for communities at large. The real issue is that most of the parties who
come after our data are only interested in exploiting us to make more money.

Given this thought, I believe I would be inclined to share my data with orgs
that I know are trying to do public good in a verifiable and transparent way.

~~~
slavik81
The problem is that you can't take the data back when good organizations turn
bad. Maybe you trusted the US government in 1940 when you took the census, but
in 1942 they showed up at your door to take you away if you had listed
yourself as Japanese.

If you lived in the Netherlands in the 1930s, you may have had a great deal of
trust in your government. They collected extensive population data and did a
lot of good with it. When the Nazis invaded, they got access to the same
systems. It made their genocide much more effective than in neighbouring
countries.

~~~
zxienin
Making provision in the application, to take back the data - will go long way.

------
sbohacek
Instead of using GPS, consider using the WiFi base stations. Specifically,
each location can be characterized by the set of WiFi base stations a phone
can detect. GPS is useful while outdoors, but virus transmission is somewhat
difficult outdoors. Indoors, a conference room on the third floor and the 40th
floor will have the same GPS coordinates, but a phone in each location will
detect a different set of WIFI based stations. This paper shows how WiFi base
stations can be used
[https://arxiv.org/pdf/1610.04730.pdf](https://arxiv.org/pdf/1610.04730.pdf).

I might not understand methods to achieve privacy, but here are some thoughts.
1\. The data could be stored more safely with something like Intel SGX, where
only the application can access the data. In this scenario, the carrier (or
healthcare worker), uploads the carrier’s path into SGX-based database. Then,
individual users that are concerned about their risk could use the app to
upload their location paths into the SGX-based system and learn if they are at
risk as a simple yes/no. (I have never built an SGX application, so I might be
mistaken on its abilities.) 2\. I don’t think this is possible: “The solution
is a ‘pull’ model where users can download encrypted location information
about carriers” If the application is on my device, I can decompile it and get
the decryption key or use other methods to dump the carriers’ location data to
disk. 3\. It seems that the user’s data is also stored on the device. This
data is then at risk of being stolen by malicious applications. Instead, the
location data can be encrypted with a public key that can only be decrypted on
the SGX-protected servers.

------
mderazon
Israel's ministry of health has released a similar app [1] (open source [2]).
Location is stored locally, and cross checked with confirmed covid-19 patients
location history. You get a notification if you were close to a patient

(1) [https://medium.com/@oleiba/hamagen-fight-coronavirus-and-
pre...](https://medium.com/@oleiba/hamagen-fight-coronavirus-and-preserve-
privacy-b1631693bb46)

(2) [https://github.com/MohGovIL/hamagen-react-
native](https://github.com/MohGovIL/hamagen-react-native)

------
turdnagel
The only actors in the position to help here are the carriers and platform
owners. Perhaps a joint venture between Apple and Google to hold each other
accountable? I don't trust the carriers to get this right.

------
xenonite
I don’t think this is reliable enough if you like to stay safe while being
out, although it seems better than nothing.

Considering that aerosols are a plausible infection vector, it becomes
necessary to introduce air flow models that include building ventilations for
a reliable outcome of location based monitoring. Honestly, I consider this a
major, and quite risky undertaking. Already a retrospective analysis of who-
infected-whom based on location will turn out quite incomplete.

As a side note while being quarantined at home: please consider closing
building ventilations, talk to your neighbor to coordinate asynchronous window
opening procedures, and ensure closed sewage systems.

Why do I come to these conclusions?

1\. It is plausible that SARS-CoV-2 behaves like SARS-CoV-1 in aerosol
transmission.
[https://dx.doi.org/10.1056/NEJMc2004973](https://dx.doi.org/10.1056/NEJMc2004973)

2\. It took quite an effort to find out how SARS-CoV-1 spreaded from one
single flat to other flats and to nearby buildings that were located in the
direction of wind. Indeed, it is assumed that sewage ventilation played a role
here.
[https://dx.doi.org/10.1056/NEJMoa032867](https://dx.doi.org/10.1056/NEJMoa032867)

~~~
dennisy
Sorry for what is probably a silly question, but are you saying someone can be
infected through an open window?

~~~
xenonite
Yes, please see the discussion in the second study. They cite the findings of
an investigative team of the WHO for the infections in the same building, and
add their own findings to explain infections other buildings (which the WHO
didn't explain). And yes, both the WHO and the study states open windows as
inlets for the aerosols.

In my opinion, this also explains the measures in China: here a whole building
is evacuated and quarantined if one single person in the building is tested
positive.

------
gojomo
Separate from the "current crisis" and retrospective contact-tracing:

Are there any existing apps that keep a high-resolution trail of where you've
been, _without_ ever uploading it to the cloud? (Or, only uploading it to a
location you choose, encrypted to a key you hold?)

Something like Google "Location History", but without Google or any other
intermediary data-silos who could be compromised to reveal my data against my
wishes.

~~~
bravoetch
Opentracks is an Android app that you could do this with.

------
jessriedel
Anyone know enough to compare to CovidWatch from folks at Stanford, about to
be released?

[https://www.covid-watch.org/](https://www.covid-watch.org/)

I think CovidWatch has the privacy focus of SafePaths and the Bluetooth
mechanism of TracePaths (the Singapore app)?

------
awinter-py
if this is just logging location, how does it do contact tracing? don't you
need _everyone 's_ location, or the 'nearby' data like gov.sg's 'trace
together'?

------
RegnisGnaw
If sharing your location is optional, then there will be people who opt out.
Depending on how many people opt out, the data may be useless.

~~~
awinter-py
I'm not an epidemiologist, but partial contact tracing is probably better than
none

especially if the goal is to slow not stop

~~~
hutzlibu
"the goal is to slow not stop"

The goal is for it to stop. But anything that slows it down, is good.

------
brigandish
Erm… what is it? Forgive me for not wanting to download the PDF to find out,
but I can't for the life of me work out why there isn't an opening paragraph
explaining what it is, and I'm too old for guessing games.

This is the second link from HN I've opened today like this.

------
__s
How should one know which regions have health officials using this? Asking as
a Canadian

------
ray991
I think this is the right way - store data but publish it publically when you
are confirmed with coronavirus. Then apps installed on others phones would
automatically see your data and would do an intersect to see if they were in
proximity, and notify you accordingly. This way only the data of those
impacted by coronavirus becomes public. And although it’s public technically,
as the app has access to it behind the scenes, but legally you won’t be
allowed to reverse engineer the response data and publish it online on a
map,etc. so that adds some privacy from the general public’s eyes.

------
divbzero
For HN folks at Apple or Google, are there efforts internally to incorporate
this or something similar into Android and iOS updates? It will have to be a
collaboration between the two companies.

------
LordOfWolves
Sadly, I do not see Private Kit reaching anywhere close to the critical mass
required for it to be fully effective, unless all Americans are required to
use it per a new federal mandate, which I cannot see becoming a reality given
the incompetency clearly exhibited by one or more of our "leaders" over the
past several days (if not much longer)..

~~~
cat199
so, you're saying not requiring mandatory location tracking of all citizens is
'incompetence'?

also: who is going to buy everyone smartphones and ensure they are properly
registered/configured?

there are many potential ways to reduce the spread, even within an
'authoritarian mandated government' context, without this level of
intrusiveness.

------
freddyym
While I like the concept, doesn't the fact that the site isn't using https
defeat the purpose?

------
jameslevy
Are tools such as homomorphic encryption, differential privacy, etc.
applicable here? There should be a way for users to control their location
data, and opt-in to sharing it at times like this, and then opt-out later.

~~~
shuckles
Homomorphic encryption is not computationally practical and differential
privacy relies on noise which is not ideal when (i) errors compound as is the
case of contact tracing where each new node introduces many candidates for
exposure and (ii) there is a high cost of false positives or negatives.

~~~
prophesi
For those curious by the claim that homomorphic encryption is not
computationally practical, Bruce Shneier has a great article on it

[https://www.schneier.com/blog/archives/2009/07/homomorphic_e...](https://www.schneier.com/blog/archives/2009/07/homomorphic_enc.html?nc=11)

------
zackb
A friend of mine is working on this privacy oriented data collection app:
[https://www.coepi.org](https://www.coepi.org)

------
honzzz
Czech volunteer group Covid19cz involving some big Czech companies and in
cooperation with the Czech government are going to launch their tracking
system which they claim is GDPR compliant, based on experiences learned from
other countries like South Korea and packaged to be rolled out to other
countries. I am not associated with them, I just think it is worth mentioning
here.

[https://bit.ly/394M4w3](https://bit.ly/394M4w3)

------
devrimdemiroz
Tried to consolidate the list... (Orig:
[https://github.com/devrimdemiroz/contactTracing#singapore](https://github.com/devrimdemiroz/contactTracing#singapore))

Singapore tracetogether
[https://www.tracetogether.gov.sg/](https://www.tracetogether.gov.sg/)
Opensource: Announced to be opensource but when? Related news:
[https://str.sg/Jfup](https://str.sg/Jfup) Almost the most pouplar, 735K users
Bluetooth based, no location information collected. As stated in their
official site “The app doesn't identify “where” the exposure to COVID-19 cases
may have occurred. It only seeks to establish “who” else might have been
exposed to the virus.”

Israel Hamagen (The Shield) [https://govextra.gov.il/ministry-of-
health/hamagen-app/downl...](https://govextra.gov.il/ministry-of-
health/hamagen-app/download-en/) Opensource:
[https://github.com/MohGovIL/hamagen-react-
native](https://github.com/MohGovIL/hamagen-react-native) Israel's Ministry of
Health's COVID-19 Exposure Prevention App Architecture:
[https://proferopublic.s3-eu-
west-1.amazonaws.com/5f72cff6-0f...](https://proferopublic.s3-eu-
west-1.amazonaws.com/5f72cff6-0fb5-4517-9941-99331819b5a0/profero_infographic_01_en.jpg)

USA safepaths [http://safepaths.mit.edu/](http://safepaths.mit.edu/)
Opensource:
[https://github.com/tripleblindmarket/](https://github.com/tripleblindmarket/)
Based on Private Kit by MIT, core code is ready but still in early stages
React-native based Android and IOS clients Location and bluetooth based covid-
watch [https://www.covid-watch.org/collaborate.html](https://www.covid-
watch.org/collaborate.html) Notihng developed so far, in
organization/establishment phase

Italy diAry [https://covid19app.uniurb.it/](https://covid19app.uniurb.it/)
Opensource: Announced to be opensource by April'20 Additional feature worth to
mention is reward system

Germany geoHealthApp
[https://www.geohealthapp.de/](https://www.geohealthapp.de/) Opensource: NO

Czech Smart quarantine [https://medium.com/@pabu01/covid19cz-update-
bb7e12e71d9e](https://medium.com/@pabu01/covid19cz-update-bb7e12e71d9e)
Opensource: NO Based on Telco data

Turkey coronapp -[https://coronapp.tech/](https://coronapp.tech/)

Opensource: NO Guvendekal
[https://www.youtube.com/watch?v=r3TFkT4Zmgg](https://www.youtube.com/watch?v=r3TFkT4Zmgg)
Mentioned in above link, yet to be developed coronawarner
[https://www.youtube.com/watch?v=r3TFkT4Zmgg](https://www.youtube.com/watch?v=r3TFkT4Zmgg)
Mentioned in above link, yet to be developed

China Alipay WeChat

Korea Corona 100m (Co100)

Taiwan

------
ecoqba11
That MIT site is not forcing HTTPS and the link above is using HTTP. Talking
about security...

------
1996
Individual privacy is where I draw a line in the sand.

I'm ready to do many things, but that does not include allowing geotracking,
geofencing or any other restriction on the freedom of movement and freedom of
assembly.

The government can shut businesses, shut public parks and beaches, but what we
do in our homes, clubs and other private properties is off limits.

~~~
TeMPOraL
> _any other restriction on the freedom of movement and freedom of assembly_

People abusing these freedoms in spite of lockdowns are what's going to kill
hundreds of thousands of people in the coming days.

~~~
1996
If the cost of liberty is hundred thousands of life, let it be.

"Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety"

~~~
Rooki
I'd argue those who give up the safety of others, to purchase a little
temporary liberty for themselves, deserve neither liberty nor safety.

