privacy-preserving contagious disease tracking
TRANSCRIPT
Privacy-Preserving Contagious Disease TrackingCarsten Kessler Hunter College, City University of New York
http://carsten.io @carstenkessler
• Information about an individual's location is very sensitive, especially when constantly tracked and in a health context
• Goal: Offer an information service that allows users to understand their potential exposure to a disease and make informed decisions – not tracking down potential patients
Preserving users' privacy
• User installs app and can forget about it • Location history is recorded directly on user's phone • This record of an individual's whereabouts
never leave their phone • Any computation is performed directly on the phone
Solution
PathogionPath of contagion
* Thanks to Hunter’s Undergraduate Research Initiative!
1 User installsapp, enables
locationtracking
2 tracks location, saves in local db
3 New case: health authorities reconstruct patient’s path for last days
4 Upload reconstructedpatient track to
notification server
5 Notification server pushes patient track
to app
6 Computing spatial-temporal intersections
7 User gets a notificationif potential matches have been found, showing details aboutthe patient’s path for verification
1 User installsapp, enables
locationtracking
2 tracks location, saves in local db
3 New case: health authorities reconstruct patient’s path for last days
4 Upload reconstructedpatient track to
notification server
5 Notification server pushes patient track
to app
6 Computing spatial-temporal intersections
7 User gets a notificationif potential matches have been found, showing details aboutthe patient’s path for verification
1 User installsapp, enables
locationtracking
2 tracks location, saves in local db
3 New case: health authorities reconstruct patient’s path for last days
4 Upload reconstructedpatient track to
notification server
5 Notification server pushes patient track
to app
6 Computing spatial-temporal intersections
7 User gets a notificationif potential matches have been found, showing details aboutthe patient’s path for verification
1 User installsapp, enables
locationtracking
2 tracks location, saves in local db
3 New case: health authorities reconstruct patient’s path for last days
4 Upload reconstructedpatient track to
notification server
5 Notification server pushes patient track
to app
6 Computing spatial-temporal intersections
7 User gets a notificationif potential matches have been found, showing details aboutthe patient’s path for verification
1 User installsapp, enables
locationtracking
2 tracks location, saves in local db
3 New case: health authorities reconstruct patient’s path for last days
4 Upload reconstructedpatient track to
notification server
5 Notification server pushes patient track
to app
6 Computing spatial-temporal intersections
7 User gets a notificationif potential matches have been found, showing details aboutthe patient’s path for verification
1 User installsapp, enables
locationtracking
2 tracks location, saves in local db
3 New case: health authorities reconstruct patient’s path for last days
4 Upload reconstructedpatient track to
notification server
5 Notification server pushes patient track
to app
6 Computing spatial-temporal intersections
7 User gets a notificationif potential matches have been found, showing details aboutthe patient’s path for verification
1 User installsapp, enables
locationtracking
2 tracks location, saves in local db
3 New case: health authorities reconstruct patient’s path for last days
4 Upload reconstructedpatient track to
notification server
5 Notification server pushes patient track
to app
6 Computing spatial-temporal intersections
7 User gets a notificationif potential matches have been found, showing details aboutthe patient’s path for verification
Icons by iconmonstr
• Location APIs never allow complete anonymity, unless reduced to pure GPS positioning
• Location history may become very large, need to limited time frame and “thin out” data
• Computation of potential meeting points can be done on phone, but need further optimization
Drawbacks
• Currently implementing “push” of patient tracks through Amazon Simple Notification Service
• Intersection algorithm needs more performance tuning
• Consider other use cases, such as looking for witnesses of felonies
• Funding, anyone?
What’s next…
Thank you!Carsten Kessler Hunter College, City University of New York
http://carsten.io @carstenkessler
Photo by Mario Sixtus.