ACM Europe statement about contact tracing technologies
The SARS-CoV-2 virus and COVID-19 infection have hit people around the world in many significant ways. The SureThing sends our best wishes to everyone in this time.
Contact tracing, i.e. to identify those who have been in contact with infected persons, has been put forth as a tool to help control the pandemic, and there have been numerous technical proposals for this. Perhaps the most notorious is the joint Google and Apple API for smartphones.
Recently, ACM Europe issued a statement on the principles and practices for contact tracing.
ACM says that “at this time, known contact tracing apps cannot fully preserve individual privacy and anonymity”. Also, “the accuracy of contact tracing apps has not been proven and cannot be assumed for multiple technical reasons”. Finally, “high technical quality and functionality will not alone suffice for contact tracing technology to be effective”.
One of the technical reasons relates to radio-frequency interferences, in Bluetooth and other wireless technologies, that are not designed for measuring physical distance. Figuring physical distance is tricky because of wave interference: when there are constructive interference, a distant device can be reached, but when there are destructive interference, even close devices may not be detected. The environment and the presence of metals or water (in human bodies, for example) play a big role in interference.
Many of the stated ACM principles and practices addressing architecture, transparency, oversight, safeguards, and public input are also relevant for location proof systems. However, location proofs are not designed for contract tracing. They assume a voluntary participation from the user. In the SureThing architecture, the user is the Prover, that starts and, in many ways, controls the proof process. Beyond the Prover, and in the cases where we use ad-hoc witnesses (in contrast to the fixed witnesses), we are also working on witness protection, to allow users of SureThing to select the privacy exposure that they are willing to donate to the overall community.