Woman wearing protective face mask on street in city using contact tracing app on mobile

MIT Researchers Develop a COVID-19 Contact Tracing App That Preserves Privacy Using Random IDs

MIT Researchers, in collaboration with others from various universities, have developed a system that allows users to know if they have come near an infected person.  The Private Automated Contact Tracing app, PACT, helps identify the infected people without exposing their identity by using random IDs. The app does not share the user’s phone number, device ID, or geographical information. The collaboration includes Ron Rivest and Adi Shamir, who were behind the development of RSA technology, which is widely used for encryption. The participating universities include Boston University, Brown University, Carnegie Mellon University, and MIT.

The operation of the Private Automated Contact Tracing app

PACT uses Bluetooth to broadcast chirps of random IDs to other devices while listening for Bluetooth signals from other broadcasters. The broadcasts are constantly changing their ID, as often as a minute, such that they cannot be traced to an individual user.

The app requires the infected users to upload the history of their received chirps for the 14-day incubation period to the central server. When a user wishes to check whether they have been exposed to an infected person, the app checks whether its contact history includes IDs from an infected person. To protect the app from misuse, it requires a QR code provided by health authorities. This ensures that only people who have tested positive for COVID-19 can claim to be infected.

The app only logs chirps that are necessary for tracing contacts. These broadcasts only include chirps within an approximate 6-foot radius and picked up for a considerable length of time, such as 10 minutes. This enables the contact tracing app to inform the user of the length of time they have been close to an infected person.

The use of the contact tracing app will help efforts to eradicate the disease by alerting people of the possible risk of exposure. For users who realize they have already been in contact with an infected person, the contact tracing app will allow them to protect their families by self-isolating. The app will also help in keeping its users alert by reminding them of the persistent risk of exposure to the virus.

Before you continue reading, how about a follow on LinkedIn?

Promoting the use of the app

The contact tracing app developers are pitching the idea to public health authorities as well as major app store operators, such as Apple and Google. The researchers also intend to harmonize efforts across the United States and Europe to promote the use of similar privacy-conscious apps. The researchers say the app is made in a “true academic style” with no financial interests or competition.

However, the major challenge facing the contact tracing app is getting the majority of people to use it. Without the infected people uploading their information, it would be impossible for other users to realize whether they are the proximity of an infected person.

Without enough data, the smartphone app could even give other users a false sense of security while still in close proximity to an infected person. The app also requires users to have Bluetooth enabled cell phones to operate.

Achieving interoperability between Android and iPhone devices has also been a challenge. However, the team has already made a breakthrough in achieving communication between devices from various manufacturers.

Similar apps have been introduced in various countries to assist in mitigating the spread of the COVID-19 virus. However, the apps have not prioritized privacy features as the MIT contact tracing app has done. A South Korean app allows health officials to identify when an infected person leaves their home with the help of GPS. Health officials can, therefore, know the location of the individual with pinpoint accuracy. Such an app poses obvious privacy concerns that discourage people from using it. The MIT and allied developers wanted to avoid such scenarios by giving the user the freedom to protect others without jeopardizing his or her privacy.