A new Bluetooth contact tracing system for detecting Covid-19 proximity, has been developed by a team of scientists and data privacy experts.
The DP-3T tracing system, which is presented openly for public scrutiny in a new White Paper, works at scale and has been developed to the highest privacy standards, ready to deploy into an app.
The system enables epidemiologists to analyse the spread of the pandemic, while fully respecting individual rights to privacy and ensuring no personal data ever leaves an individual’s device, and is not centralised in a cloud server: meaning it is not able to be repurposed for anything other than public health. It is proposed as one of the protocols for the Pan-European Privacy Preserving Proximity Tracing project (PEPP-PT).
Data rights and regulation lecturer, Dr Michael Veale from University College London, said: “There are a lot of concerns about Bluetooth tracing being administered centrally by governments, particularly in countries that have weaker privacy laws and concern for human rights. We have developed a practical solution that could help tell someone when they come into contact with someone that has tested positive for Covid-19, while at the same time ensuring that the user’s information never leaves their phone.”
The system would work whereby people who have tested positive for Covid-19 are authorised to upload random, constantly changing identifiers they have been emitting via Bluetooth using the app. Individuals that have the app, and have been in proximity to that person, compare downloaded random identifiers to the ones they have collected using their own devices. If they were in close proximity for a significant duration to a person that had tested positive, they would receive a quick notification to alert them, along with WHO-approved guidance on next steps.
While these uploaded identifiers are useful to those who use the app, they are useless to the central server. The server will not be able to identify who an uploader is or any characteristics about the individual.
Several governments across the world have used contact tracing, as part of efforts to control the spread of the coronavirus. China, for example, has reportedly relied on mass surveillance of phones to classify individuals by their health status and restrict their movements.
However, concerns have been raised about what this means for individual privacy rights, and what happens if the data is misused or used beyond the initial purpose.
“Given this is a global problem, it is key such a system works across borders, so they can be re-opened” said Dr Veale. “If one country uses a centralised system, then they all have to, putting citizens of countries with limited respect for human rights or the rule of law at serious risk. In our system, it works the other way — citizens around the world would be protected from surveillance and misuse, while epidemiologists get the insights they tell us they need.”
The team of 25 scientists from across Europe including the Swiss Federal Institutes of Technology and KU Leuven in Belgium, have developed a system that hides all personal information from the server.