The current Covid-19 pandemic has triggered an unforeseen interest in smartphone-based contract tracing technologies. If carefully designed and widely deployed, such systems may significantly help the medical authorities to track infection chains, prevent new outbreaks and thus save many lives.
At the same time, any smartphone-based tracing solution has inherent privacy concerns. If the system is not designed to preserve the privacy of its users and their movements, such a system could enable worrisome surveillance capabilities to the authority that runs the system.
To tackle this pressing challenge an international collaboration of researchers from ETH Zurich, EPFL, KU Leuven, TU Delft, University College London, CISPA, University of Oxford and Stanford University have joined forces. The project goes by the name of DP-3T — the name stands for Decentralized Privacy-Preserving Proximity Tracing.
The goal of the project is to design a smartphone-based contact tracing system that informs its users of possible exposure to infected persons without violating their privacy. The ZISC faculty members Prof. David Basin, Prof. Srdjan Capkun and Prof. Kenny Paterson have taken a key role in the design and development of D3-PT. Also ZISC researchers Dr. Dennis Jackson, Dr. Marc Röschlin and Patrick Leu have made significant contributions to the project.
In short, D3-PT works as follows. The users’ smartphones periodically broadcast short-lived pseudo-random IDs using Bluetooth and record observed IDs from other users. The IDs are stored locally on users’ phones and never collected to a centralized server. If a user tests positive, he can choose to publish his previous IDs which allows potentially exposed users to be notified. Notably, at no point of time is users’ location information collected. The system also prevents the leakage of so called “social graph” — the linked connections all users in the system.
The governments of Switzerland and Austria have already chosen this design as the basis of their upcoming mobile tracing deployments. Other countries like Estonia have recently decided to do the same. Germany is also going for a decentralized approach, with DP3T being a likely choice for their design. Apple and Google have endorsed the decentralized design of D3-PT in the new contact tracing APIs that will be rolled out to millions of users in the coming weeks.
The ZISC center is extremely proud of this work! We hope that many other countries will follow the example set by DP-3T and deploy contact tracing solutions where privacy comes first.
All the design documents and analysis of DP-3T are publicly available at: https://github.com/DP-3T/documents.