How Contact Tracing Can Be Effective While Guarding Privacy


Vipin Bharathan is chair of the Hyperledger Identity Working Group where he researches solutions for privacy in public settings.

As the nCovid-19 virus has spread unchecked in the U.S., complete shutdowns are the adopted solution. Contact tracing and isolation along with the necessary corollary, testing, are needed for opening the economy safely and to prevent a second wave and another shutdown and consequent deepening of economic distress.

In classic public health practice, human contact tracers interview the newly infected, attempting to jog their memory and find all the epidemiologically significant encounters that might have passed on infections. The tracers contact exposed people, and persuade them to self-isolate and get tested. The effort has to be local, since most of the contacts happen locally. When the infection is in its infancy, with hot spots, rapid contact tracing and isolation can be very effective, as proven in many countries. Rapid contact tracing needs technology support. Many countries have used intrusive contact tracing apps.

Contact tracing works to isolate the infected and their epidemiologically significant contacts instead of the whole population. Contact tracing and isolation works by limiting the number of new cases created by a single infected individual. Done well, it can stop an infectious disease in its tracks.

The U.S., the EU and the U.K. are unique, because of the large numbers of active cases. Laws, customs and culture prevent overt subversion of privacy. nCovid-19 with its long pre-symptomatic infective period and extreme virulence for a few, presents unique challenges. Tracing and isolation have to be rapid for it to be effective. A human-based interview process is inherently time-consuming and error-prone due to its reliance on memory and the possibility of missing anonymous contacts. Phone-based interviews and detective work could also fail in the U.S., due to our resistance to anonymous robo calls.

These realities are acknowledged by contact tracing experts. Public officials are still forging ahead, recruiting thousands. Public health experts are also resistant to exposure tracing apps, skeptical of their privacy guarantees.

A survey conducted in March says that many people worry that once started, proximity notification will continue well past the coronavirus scare (38%). The next two of big concerns are the vulnerability of mobile appliances (33%) and the evergreen “do not want to be worried” (26%). This trust deficit can result in a less than ideal adoption of 60%.

This article argues for privacy preserving proximity notification apps based on bluetooth. Bluetooth is granular enough to be effective to measure proximity. Although there are many competing proposals, privacy design of proximity notification apps have converged. The current winner for government adoption seems to be the Google/Apple (Gapple) framework. I call this a framework since it requires an overlay from the local public health system to work. The framework will be released as a patch to the operating systems covering the majority of cell phones in the world. Users do not need to explicitly download the framework.

To preserve the privacy of users and to be useful at the same time is a challenge. Privacy is enhanced by decentralization, by key schedule design and minimal collection of data. The proposed design of the Gapple framework  shows how the app preserves privacy and is useful.

Installing the app

Users are in control, the user needs to opt-in through downloading their local public health authority app. Data never leaves the user’s phone if they are never diagnosed positive.

Before infection

A daily random key is generated on the user’s phone. The daily random key deterministically generates many proximity keys that are broadcast using Bluetooth. Deterministically means that if a daily random key is known then all proximity keys can be regenerated.  These proximity keys are captured on each user’s phones that run the same app when proximity parameters are met. These proximity keys are equivalent to random noise; meaning the phones that broadcast them can not be identified by correlation. Proximity parameters are determined by local health authorities. Usually more than 15 minutes continuously at less than six feet. At this point, all data resides on the user’s phones and never leaves them.

On a positive diagnosis

If any user is diagnosed and found to be positive, the user can opt to upload their list of daily random keys, to the local public health server for their pre-symptomatic but infective days before the diagnosis. A testing code is needed for this, to prevent malicious uploads. The daily random keys from infected users are fanned out to all the users in the local area. The app on the target phones then re-runs the same deterministic algorithm and looks for matches with the previously stored proximity keys. If there is a match, the app warns the owner of the phone to seek testing, and to call the local health authorities. If they test positive, the process of notification starts over again.

The public health servers only distribute the data, never knowing anything about the users. Gapple can never find anything more about the users. The app will be turned off when the virus subsides.

It is natural for the public and the public health officials to be suspicious of proximity notification functions implemented by companies like Google and Apple, which are in the business of harvesting private user data and monetizing it. Apple and Google have to agree to have an independent audit or open source their implementation for review to allay this fear.


Widespread adoption of a proximity notification app is not just a technical challenge. Public health authorities have to welcome it as a useful addition to their contact tracing arsenal. This may not happen in the first opening; but if subsequent waves of infection hit, and classic contact tracing by itself proved unworkable for the coronavirus, more of the common people and authorities may be open to alternatives.

Here are some suggestions for improving adoption of proximity notification apps to aid classic contact tracing. Public support by trusted influencers are vital to widespread adoption. These influencers need to be from a spectrum of trustworthy sources: scientists, health authorities, privacy advocates.

Incentives are important for adoption. Once proof of proximity can be given through a QR code, faster testing must be made available for the exposed. In addition, if proximity is proven, and you have to quarantine, financial or housing support could be provided for loss of income as well as quarantine hotels, food, laundry and mental health support. The installed app should trigger disability and employment laws to force continued employment.

Adoption may not happen after the first wave, but may happen if a second wave shuts down the local economy and communities become more receptive to such an app.

Disclosure Read More

New York Man Charged With Trafficking Credit Card Info, Using Bitcoin to Launder Proceeds

A New York City man has been indicted for allegedly stealing and selling reams of payment card data, the proceeds of which he laundered in bitcoin.

Vitalii Antonenko, 28, was charged in the U.S District Court for the District of Massachusetts on Tuesday with conspiracy to engage in computer hacking, payment card trafficking and money laundering, according to a federal indictment.

Law enforcement found hundreds of thousands of stolen payment cards on Vitalii Antonenko’s computers after arresting the Ukraine native at Kennedy International Airport in March 2019. They charged Antonenko with money laundering at the time.

In the Tuesday indictment, prosecutors outlined a multi-pronged money-laundering scheme that turned proceeds of stolen and sold credit card data – including data from an unnamed Massachusetts hospitality business – for tens of thousands of dollars.

Working with two conspirators from 2014 to 2016, Antonenko allegedly received at least 114 bitcoin from one, sent about as much bitcoin to the other, and then received nearly $40,000 in cash bank deposits 10% below market rate, the indictment said.

Law enforcement officials say an undercover agent bought a victim’s stolen card data from the first conspirator in November 2016. It further alleged the conspirator sent Antonenko 4.38 bitcoin the same day they discussed hospitality card data Antonenko still had for sale.

Antonenko also hacked a “non-profit scientific research institution” in Massachusetts, according to the indictment. The indictment does not name either victim.

Join Geezgo for free. Use Geezgo\’s end-to-end encrypted Chat with your Closenets (friends, relatives, colleague etc) in personalized ways.>>

Leave a Reply

Your email address will not be published. Required fields are marked *