Advertisement

MIT develops privacy-preserving COVID-19 contact tracing inspired by Apple's 'Find My' feature

One of the efforts that's been proposed to contain the spread of COVID-19 is a contact trace and track program that would allow health officials to keep better tabs on individuals who have been infected and alert them to potential spread. Contract tracing has already seemingly proven effective in some parts of the world that have managed to curb the coronavirus spread, but privacy advocates have big reservations about any such system's implementation in the U.S.

There are a number of proposals of how to implement a contact tracing system that preserves privacy, including a decentralization proposal for a group of European experts. In the U.S., MIT researchers have devised a new method to would provide automated contact tracing that taps into the Bluetooth signals sent out by everyone's mobile devices, tying contacts to random numbers that aren't linked to an individual's identity in any way.

The system works by having each mobile device constantly be sending out random strings of numbers that the the researchers liken to "chirps" (though not actually audible). These are sent via Bluetooth, which is key for a couple of reasons, including that most people have Bluetooth enabled on their device all the time, and that it's a short-range radio communication protocol that ensures any reception of a "chirp" came from someone you were in relatively close contact to.

If any person tests positive for COVID-19, they can then upload a full list of the chirps that their phone has broadcast over the past 14 days (which at the outside, should represent the full time they've been contagious). Those go into a database of chirps associated with confirmed positive cases, which others can scan against to see if their phone has received one of those chirps during that time. A positive match with one of those indicates that an individual could be at risk, since they were at least within 40 feet or so of a person who has the virus, and it's a good indicator that they should seek a test if available, or at least self-quarantine for the recommended two-week period.

MIT's system sidesteps entirely many of the thorniest privacy-related issues around contact tracing, which have been discussed in detail by the ACLU and other privacy protection organizations: It doesn't use any geolocation information at all, nor does it connect any diagnosis or other information to a particular individual. It's still not entirely left to individual discretion, which would be a risk from the perspective of ensuring compliance, because MIT envisions a health official providing a QR code along with delivering any positive diagnosis that would trigger the upload of a person's chirp history to the database.

The system would work through an app they install on their phone, and its design was inspired by Apple's "Find My" system for locating lost Mac and iOS hardware, as well as keeping track of the location of devices owned by loved ones. Find My also uses chirps to broadcast locations to passing Apple hardware.

“Find My inspired this system," says Marc Zissman, the associate head of MIT Lincoln Laboratory’s Cyber Security and Information Science Division and co-principal investigator of the project in a blog post describing the research. "If my phone is lost, it can start broadcasting a Bluetooth signal that’s just a random number; it’s like being in the middle of the ocean and waving a light. If someone walks by with Bluetooth enabled, their phone doesn’t know anything about me; it will just tell Apple, ‘Hey, I saw this light.’”

The system could be adapted to automate check-ins against the positive chirp database and provide alerts to individuals who should get tested or self-isolate. Researchers worked closely with public health officials to ensure that this will suit their needs and goals as well as preserving privacy.

MIT's team says that a critical next step to making this actually work broadly is to get Apple, Google and Microsoft on board with the plan. This requires close collaboration with mobile device platform operators to work effectively, they note. Extrapolating a step further, were iOS and Android to offer these as built-in features, that would go a long way towards encouraging widespread adoption.