Contact tracing is a method of stopping the spread of diseases by quickly finding and treating people who have come into contact with an infected person. According to the World Health Organization,
This monitoring process is called contact tracing, which can be broken down into 3 basic steps:
1. Contact identification: Once someone is confirmed as infected with a virus, contacts are identified by asking about the person’s activities and the activities and roles of the people around them since onset of illness. Contacts can be anyone who has been in contact with an infected person: family members, work colleagues, friends, or health care providers.
2. Contact listing: All persons considered to have contact with the infected person should be listed as contacts. Efforts should be made to identify every listed contact and to inform them of their contact status, what it means, the actions that will follow, and the importance of receiving early care if they develop symptoms. Contacts should also be provided with information about prevention of the disease. In some cases, quarantine or isolation is required for high risk contacts, either at home, or in hospital.
3. Contact follow-up: Regular follow-up should be conducted with all contacts to monitor for symptoms and test for signs of infection.
The Zcash Foundation is looking to develop a decentralized, privacy-preserving contact tracing tool that would springboard off of the Singapore government’s TraceTogether application.
One incredibly exciting technological development is TraceTogether, a mobile application that assists with contact tracing produced by the Government of Singapore and the Singapore Ministry of Health (MoH). The app creates a temporary ID by encrypting a user ID to a MoH-owned public key, and then broadcasts the temporary ID over Bluetooth. This temporary ID is refreshed at regular intervals, so that it cannot be used as a long-term identifier for third-party tracking. Nearby mobile devices running the app log all observed broadcasts. If a user later develops symptoms and tests positive for COVID-19, they can upload their log of contacts to the MoH, who functions as a trusted third party that can decrypt the log entries and notify all of that user’s contacts of potential COVID-19 exposure. The MoH promises to use the log data only for the purposes of contact notification.
While this application is not perfectly privacy-preserving, it is far superior to location-tracking, and reveals personal information only upon infection, rather than using the threat of COVID-19 as a justification to build permanent surveillance infrastructure, or exposing patient data to the public. Public health requires public trust, and the developers should be congratulated for building privacy protections into the system.