COVID-19: Some privacy concerns

As presented by MIT a few weeks ago, infected people may be facing immediate social stigma. Dr Lee Su-young, Psychiatrist at Myongji Hospital, South Korea, reported that some patients "were more afraid of being blamed than dying of the virus". Companies such as health and life insurance or mortgage dealers, in the absence of available science, may start relying on worst-case assumptions and start discriminating against infected people. The identities of infected people must remain private to avoid this risk. Pr Serge Vaudenay from EPFL recently listed privacy vulnerabilities of the DP3T design. This class of design, because it is very similar to the one chosen by Apple and Google, is likely to become the norm. In the design, the anonymous identifiers collected are stored locally on users' devices for 14 days. This data is sensitive: disclosing it could lead to re-identification. On the 8th of April, Pr Vaudenay proposed the usage of secure hardware (TPM) to protect this data. From the documents published by Apple and Google on the 10th, we understand that TPMs will be used, mitigating most listed vulnerabilities. It is reassuring but does not offer protection of the entire chain of identifiers communication. Indeed, we see that the design would still be vulnerable to an organised attack. Infected users' temporary identifiers are publicly disclosed by authorities. A network of rogue trackers - in the form of an easy-to-install or modified mobile application - could scan and record all advertised identifiers, attaching timestamps and GPS locations. Crossing this data with publicly disclosed temporary identifiers will allow the rogue organisation to retroactively geolocate infected people and enable re-identification. This vulnerability can be mitigated; we will present our solution in tomorrow's article.