Privacy is key to success of contact tracing, says Aggelos Kiayias
Professor Aggelos Kiayias, Chair in Cyber Security and Privacy, has written about the importance of prioritising privacy in contact tracing for the University's Covid-19 'Expert insights' site.
Contact tracing apps can play a vital role in efforts to combat the spread of Covid-19, but addressing privacy concerns is key to the success of the technology.
The ability to notify people quickly and effectively that they have been in close contact with someone diagnosed with Covid-19 will be an indispensable tool now as we gradually ease out of lockdown.
Technology can help to achieve this, and two distinct approaches to the design of contact tracing apps have emerged.
The first is the so-called centralised approach, a good example of which is the NHS contact tracing app. Encrypted data from people’s phones is uploaded to a central server managed by health authorities. When someone develops Covid-19 symptoms, matches are made with other contacts and notifications are sent.
The decentralised approach – favoured by Apple and Google – notifies a person’s contacts in a different way. Every person’s phone creates short-lived identifiers that are broadcast to other devices in close proximity. When someone is diagnosed with Covid-19, other people’s phones check for matches in the identifiers that have been stored locally and, if discovered, notify the user.
While contact tracing is technically feasible and eminently useful, there are potential privacy issues with the technology that must be addressed for it to be effective in helping to control the spread of Covid-19.
The design and deployment of contact tracing apps has proven controversial because the technology, by definition, shares personally identifiable information. Concerns have been raised regarding possible privacy risks created by hacking, or that personal data shared via an app is later used for other purposes.
So which data are relevant to contact tracing? As they go about their daily lives, people typically come in contact with a number of other individuals. This information can be presented as a diagram known as a contact graph. This illustrates the individuals with whom a person has been in close proximity over a period of time, sufficient to put them at risk of exposure to Covid-19.
Contact tracing via smart phones enables the identification of intersections between the contact graphs of different people – even complete strangers seated next to each other on a bus. From a privacy perspective, contact graphs can potentially reveal a lot about a person, such as who their main companions are, their daily routine, and the people that they regularly meet.
The fundamental difference between the two approaches is the role played by authorities. In the centralised approach, health authorities actively search for matches and notify an affected person’s close contacts. In the decentralised approach, authorities are passive: they facilitate the provision of information that allows the notification to take place, but can be oblivious to whether anyone has been notified by the app.
The main threat to privacy in the centralised approach is the fact that the authority’s server database can become a target for cyber-attacks. Nevertheless, the decentralised approach is not spared from privacy problems either. For instance, depending on how an app is deployed, it may be possible to reconstruct diagnosed individuals’ location data.
Correcting privacy issues in the decentralised approach is possible, but technically demanding. And while the centralised approach is appealing as it empowers health authorities to provide care at the moment of notification, it can be privacy-preserving only assuming the authority remains unhacked and true to purpose.
Dismissing these issues could be a serious problem, since the success of contact tracing apps relies heavily on widespread adoption. It has been shown that a minimum of around 60 per cent of the population needs to use it if the technology is to be effective. If people are afraid to use the app – or if it does not work well – they will remove it and its advantage will be moot.
It is also to be expected that citizens of different countries will have different levels of trust in their public health systems and may favour different approaches. This can complicate compatibility between national contact tracing systems, which could be important if international travel without a quarantine period is allowed before a Covid-19 vaccine becomes widely available.
In the end, like many other aspects of the Covid-19 pandemic, there is no easy solution. But by addressing issues of privacy and data security, contact tracing technology has the potential to benefit everyone.
Published 10 June 2020
Aggelos Kiayias's personal page
The University's Covid-19 response: Expert insights
Images: all via Getty Images