Another Look at Privacy-Preserving Automated Contact Tracing
This work addresses privacy and usability challenges in ACT systems, which is important for public health during pandemics, but it appears incremental as it builds on existing ACT solutions.
The paper tackles privacy and functional issues in automated contact tracing (ACT) for COVID-19, proposing a venue-based ACT concept that monitors contacts in high-risk locations and mitigates identified problems, though no concrete performance numbers are provided.
In the current COVID-19 pandemic, manual contact tracing has been proven very helpful to reach close contacts of infected users and slow down virus spreading. To improve its scalability, a number of automated contact tracing (ACT) solutions have proposed and some of them have been deployed. Despite the dedicated efforts, security and privacy issues of these solutions are still open and under intensive debate. In this paper, we examine the ACT concept from a broader perspective, by focusing on not only security and privacy issues but also functional issues such as interface, usability and coverage. We first elaborate on these issues and particularly point out the inevitable privacy leakages in existing BLE-based ACT solutions. Then, we propose a venue-based ACT concept, which only monitors users' contacting history in virus-spreading-prone venues and is able to incorporate different location tracking technologies such as BLE and WIFI. Finally, we instantiate the venue-based ACT concept and show that our instantiation can mitigate most of the issues we have identified in our analysis.