Privacy preserving voluntary Covid-19 self-reporting platform. Share your location history and status, get alerts you are in high risk areas and identify high risk regions
Privacy preserving voluntary COVID-19 self-reporting platform for contact tracing. Share your (encrypted) location history and test status, get a notification if you have been in proximity to higher risk locations.
Social contact tracing based on mobile phone data has been used to track and mitigate the spread of COVID-19[1]. However, this is a significant privacy risk, and sharing these data may disproportionately affect at-risk populations, who could be subject to discrimination and targeting. In certain countries, obtaining this data en masse is not legally viable.
We propose a privacy-preserving, voluntary self-reporting system for sharing detailed location data amongst individuals and organizations. Users will be able to encrypt and share complete location history, and their current status (positive, negative, unknown). Users will be able to update their status if it changes. This system will compute on shared, aggregate data and return location-based social contact analytics.
This system relies on 3 core services:
Any user who has Location Services active with Google is able to obtain a JSON format file of their location history. They are also able to edit this file manually to remove any unwanted or sensitive locations (i.e., a home address). A user who does not use Location Services can manually add a history via Google.
Note: This service could be swapped/replaced by a mobile application at some point
Private computation is a term for performing tasks on data that is never viewed in plaintext. Our system will use private computation to generate individual and global analytics. In this scenario, private computation techniques could be employed to:
Our working assumption is to:
These diagrams provide an overview of how these services connect and how data is accessed and controlled throughout. Note: data is encrypted on the client side, remains encrypted in transit, and is protected by TEE security and privacy guarantees during compute.
The system is made up from the following components:
Front-end UI
Login / Unique identifier DB
Private Compute Service
Requirements:
Requirements:
Input: Encrypted user location histories in Google Takeout JSON format
Output:
Open Questions
Current thinking is to have two services result from the computation:
Open Questions
Below is a list of areas that we need help with and our open questions
Epidemiologists / public health: We need to solicit feedback on how this data is most actionable both for individuals and also the society at large. The goal of individual reporting is to assess situations of close proximity to high risk individuals. This enables us to take better measures. We need feedback to understand what distance and time difference should trigger a high risk scenario (i.e 2 individuals within 10ft in a 1 day window can infect one another). We also would welcome feedback on our approach to global view visualizer. Please see issues X and Y that explain these asks in more detail.
Rust programmers, developers and engineers with Intel SGX experience TBD - Enigma team is currently volunteering to lead this part. We would always welcome more hands
Mapping/visualization and experience working with Google Location data:
Notification / alert system: We would like individuals who opt in to receive emails (or other forms of notification like text) if they are found to be in a high risk area. We need help implementing the notification system. Please see the following issue for more details
Data privacy (i.e., able to identify data leakage concerns / mitigations)
Front-end design Front-end development for self-reporting UI
Devops
Volunteers to provide sample data: Our proposal only provides value if volunteers participate. We welcome everyone who’s tested for Covid-19 to share their location history in a privacy preserving manner when we have an initial prototype
The code in this repository is released under the MIT License.