Tyrone Burke, November 4, 2020
COVID-19 and Privacy Concerns: New Tracing App Doesn’t Collect User Data
Carleton’s Wei Shi Develops Contact Tracing App That Uses Bluetooth Technology to Identify Exposure to COVID-19 without Collecting Personal Information
Canadians routinely allow large technology companies to access our data in exchange for the use of convenient tools like Facebook Messenger and Google Maps. But when it comes to volunteering our personal information to governments for COVID-19 contact tracing apps, many of us balk. Concerns about privacy have kept adoption rates for contact tracing apps relatively low – even in the face of an ongoing pandemic.
In Spring 2020, Carleton’s Wei Shi began work on a contact tracing app that preserves its users’ privacy by using a cell phone’s built-in Bluetooth technology. Like the COVID Alert app that was adopted by Health Canada in late July, Shi’s app uses Bluetooth because it only transmits data over a short range. This allows phones to exchange data only with each other, without sending user data to a central server.
The Associate Professor in the School of Information Technology received an NSERC Alliance Grant for her work on the app, which transmits an encrypted message that is received by nearby phones. The only information that is included is the date and time. There is no GPS or location data, and it includes no information about a person’s identity or phone number.
Whenever an app user tests positive for COVID-19, the app confirms that the test is legitimate, and delivers a set of encrypted messages to all of its users through the internet. Each message can be decrypted only by the phones of those who had encountered this infected person’s phone in the 14 days before and after the test date.
“Many of the contact-tracing systems used in other countries collect your whereabouts and analyze this data at a central server to determine who could have been infected,” says Shi.
“But you don’t need to do that. If everyone uses a cell phone with a Bluetooth, we can establish contact between phones without recording their geolocations. Only the other’s app ID, the date and the time of the encounter need to be saved locally on your own phone.”
Share: Twitter, Facebook