Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
ProximusProtecting your Privacy in Pandemic Tracing
https://www.covidchallenge.co.ukHow can we leverage technology - hardware and/or software - to mitigate the economic, social or medical impacts of COVID-19?
Current Situation- 209 countries have reported
cases of COVID-19
- 1,093,349 confirmed cases
- 58,620 confirmed deaths
Data accessed from the World Health Organisation on 05/04/2020
Importance of Contact Tracing- South Korea, New Zealand and
Israel have adopted a back tracing approach
- There is scientific evidence that this solution is crucial in helping to fight the pandemic
The Problem of Surveillance- 82% of population in UK believe
government surveillance of the public’s internet communication is a “very important issue”
- 92% worry about their privacy online
A report by DATA-PSST and DCSS, “Public Feeling on Privacy, Security and Surveillance” from 2015
Introducing ProximusProtecting your Privacy in Pandemic Tracing
- Proximus is an anonymous, decentralised, location-less contact tracing application. It can warn users of possible exposure to the disease in an instant
- Employs only proximity between phones, and not location
- Encrypted data, stored only on the user’s phone and deleted after an incubation period, 14 days
Why Proximus?
No location data is used for this contact tracing
Stores encrypted device details which come in contact locally, rather than uploading data onto a central server or transmitting to the government
Ephemeral nature of data usage, that is it prevents government or third-part snooping
Potential Bad Actors
Hacker
Government
User
In the worst case scenario, the users are not harmed by the actions of any bad actors.
Security Measures If an individual phone is hacked:- Fake data- No readable timestamp → prevents
stalking behaviour
If the government requests access:- No location is exchanged → no contact
information is sent to server → no useful data exists for tracking
If a hacker hacks Firebase:- Access to encrypted device IDs for 14
days → unusable
Interface DesignInteractive Prototype: https://sketch.cloud/s/jpdV7
System Design- Bluetooth and Airdrop always keep track of
connected devices (Android & iOS) in an encrypted format
- Upon confirmation of diagnosis, user sends a signal to the server through Proximus, by REST API
- Fast Node.js, Firebase keep track of the signal, and broadcast it to all users
- Firebase Cloud Messaging broadcasts encrypted data to all devices. Those that have the data saved locally, warn users of potential exposure
Code for Proximus is available on Github (https://github.com/cheturvedi/Proximus ) as open-source.
Technological Approach: Sharing IDEncrypting the phone IMEI ID with Bcrypt algorithm. This information never leaves the user’s device
Technological Approach
Proximity Detection:- Use of Airdrop for iOS devices
- Use of Bluetooth for Android devices
﹣ The signal range is ~10m﹣ Marginally low power consumption of the phone
Alternative for Bluetooth: NFC-V, RFID, WiFi Hotspot
Usability TestingStart with a group of 10 people, test receiving a message once a user is diagnosed as a positive case
Target people prone to encounter infected people: healthcare and essential services workers
Scaling:
- Makes real difference with 60% of the population using the application: 5 million users- Feedback system through the cloud service providers
Legal ConsiderationsEnsuring we abide by Data Protection Act of 2018 by following the General Data Protection Regulations (GDPR)
Providing a Privacy Policy for users, stating what data is collected, used and why.
- Data is deleted after 14 days- Encryption to ensure complete confidentiality
PRIVACY POLICYProximus are committed to protecting and preserving your privacy when using the application. This policy sets out how we process any personal data we collect from you. We confirm that we will keep your information secure and that we will comply fully with all applicable UK Data Protection legislation and regulations. By continuing you are accepting and consenting to the practices described in this policy.
We may collect and use the following kinds of personal information about individuals who download and use our application. Proximus uses Bluetooth to record phones within close proximity from each other. This information will be stored for 14 days, and then its existence will be removed. Data is stored in an encrypted format and therefore ensures complete confidentiality over user identity and will never be shared, including with third-party or non-affiliated companies. Proximus meet high data protection and security standards and are bound by contract to keep any information they process on our behalf confidential. Any data that may be collected through this application is kept secure and only processed in the manner we instruct them to. Proximus cannot access, provide, rectify or delete any data that they store on our behalf without permission. We also ensure that your personal data is not disclosed to regional/national institutions and authorities, unless required by law or other regulations.
Financial Aspect- Cloud Service Providers: iOS App Store & Google Play
- Avg. Cost of App Development: $10,000–$50,000 (a majority of this cost includes the payments for the app developers, we have capable team members who volunteer)
- Uploading Fee: $99/year on the iOS App Store and one-time $25 for Google Play
- Proximus is free for all users
- Funding: government subsidies, advertisements for private healthcare, services helping the pandemic, crowdfunding platforms (GoFundMe, Kickstarter)
Stakeholders
- Primary Stakeholders: Users (general public from UK and Ireland)
- Secondary Stakeholders: iOS App Store, Google Play
- Tertiary Stakeholders: Healthcare workers, GP practices, Local pharmacies, Hospitals, Care providers, Local business community, Government
Promotion
- Social Media
- University Platforms
- Flyers in Local Supermarkets
- Governmental Support (no data is shared)
Challenges
- Explaining our Unique Selling Point (USP): no data is stored on a central server and no geolocation data will be shared
- Issues with implementation on Android devices: will be solved when BlueTrace, bluetooth key-exchange protocol for detecting devices in proximity is uploaded as open-source
Timeline
Find Funds and Upload
END APRIL
UK & IRELAND
APRIL ONWARDS
EUROPE & Check Legal
Requirements
MAY ONWARDS
Finishing AppTesting
10 APRIL
Finalising Proximus &
Presentation
TODAY
Software in progress along with legal and
financial aspects
4 APRIL
Research
2 APRIL
References- Ferretti, L., Wymant, C., Kendall, M., Zhao, L., Nurtay, A., Abeler-Dörner, L., Parker, M., Bonsall, D. and Fraser, C., 2020.
Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing. Science.- Answersdrive.com, 2019. Quantifying the cost of an app.
https://answersdrive.com/how-much-does-it-cost-to-put-an-app-in-the-apple-store-6248690. [Last Accessed 5 April 2020]
- Chan, J., Gollakota, S., Horvitz, E., Jaeger, J., Kakade, S., Kohno, T., Langford, J., Larson, J., Singanamalla, S., Sunshine, J. and Tessaro, S., 2020. PACT: Privacy Sensitive Protocols and Mechanisms for Mobile Contact Tracing. arXiv preprint arXiv:2004.03544.
- Firebase Cloud Messaging, 2020. FCM Architectural Overview. https://firebase.google.com/docs/cloud-messaging/fcm-architecture. [Last Accessed 5 April 2020]
- 2020. Pan European Privacy Protecting Proximity Tracing. https://404a7c52-a26b-421d-a6c6-96c63f2a159a.filesusr.com/ugd/159fc3_878909ad0691448695346b128c6c9302.pdf. [Last Accessed 5 April 2020]
- University of Oxford, 2020. Infectious disease experts provide evidence for a coronavirus mobile app for instant contact tracing. http://www.ox.ac.uk/news/2020-03-17-infectious-disease-experts-provide-evidence-coronavirus-mobile-app-instant-contact. [Last Accessed 5 April 2020]