Assessing Disease Exposure Risk with Location Data: A Proposal for Cryptographic Preservation of Privacy

TL;DR

This paper proposes a privacy-preserving location-based contact tracing system using encrypted GPS data and private set intersection, aiming to balance effective disease exposure risk assessment with individual privacy protection.

Contribution

It introduces a novel location-based contact tracing approach that enhances privacy through encryption and cryptographic protocols, offering a practical alternative to existing Bluetooth and decentralized solutions.

Findings

Uses GPS data transformed and encrypted for privacy

Employs private set intersection protocol for risk assessment

Aims for practical implementation during outbreaks

Abstract

Governments and researchers around the world are implementing digital contact tracing solutions to stem the spread of infectious disease, namely COVID-19. Many of these solutions threaten individual rights and privacy. Our goal is to break past the false dichotomy of effective versus privacy-preserving contact tracing. We offer an alternative approach to assess and communicate users' risk of exposure to an infectious disease while preserving individual privacy. Our proposal uses recent GPS location histories, which are transformed and encrypted, and a private set intersection protocol to interface with a semi-trusted authority. There have been other recent proposals for privacy-preserving contact tracing, based on Bluetooth and decentralization, that could further eliminate the need for trust in authority. However, solutions with Bluetooth are currently limited to certain devices and contexts while decentralization adds complexity. The goal of this work is two-fold: we aim to propose a location-based system that is more privacy-preserving than what is currently being adopted by governments around the world, and that is also practical to implement with the immediacy needed to stem a viral outbreak.