Something being worked on at MIT here: https://privatekit.mit.edu/
On 3/19/20 11:26 AM, Nathan of Guardian wrote: > With the previous news from China of their authoritarian surveillance > system being repurposed for epidemiological uses, and the US governments > interest in the same, I have been mulling what other approaches could be > taken. Those of us who care about and work in privacy-enhancing technology > do not want this pandemic to become yet another moment for an acceleration > of rights erosion on this front. Simultaneously, I understand that contact > tracing of a contagious person is key to fighting any outbreak. Also, that > being able to gain general insights into movement and distance between > citizens in a country can also be very helpful. > > To cut to the chase, I have some ideas, and I am hoping to find out who out > there may be advocating for or working on this problem. We need to provide > alternatives to the most obvious, least private solutions, and quick. > > To summarize my concept, Jonnie Penn and I have been working on a project > (Spotlight![0]) aimed at allowing unionized workers to gather data about > their work days, which includes very detailed geospatial data, movement > history and more. In my testing, I can see my movement through the shopping > isles at Trader Joe's, the hallways in my kids' school, and how long I > spend in my kitchen vs my home office in a typical day. All of this data is > securely stored on the user's device, until they choose to share it with an > advocate. I believe the approach we are taking to provide insights into a > worker's day could be helpful for public health applications, as well. > > My concept is that through use of technology like Bloom Filters[0] or > Google's Private Join and Compute[1], a user could compare their own > time+place data (essentially a set of hashes) to publicly released data of > positive / contagious cases. You could both check for exact co-presence, as > well as a before/after time range. If there was a match, then they alone > would decide what to do. Ideally any system would tell them to self-isolate > at the list, provide local testing options, and also ask them to share > their anonymized data set of time+place hashes, to be added into the > centrally stored aggregated mix of potential contract time+place hashes. > > I know there are researchers at BU working on civic applications for > multi-party computation[3], and plan to reach out to them. Who else should > I be talking to? Are Google, Apple, Facebook and others already thinking > along these lines? They surely have the motherload of location data at this > resolution, but again, as we have seen in previous cases with national > security and law enforcement, these are tricky boxes to close once they are > opened. > > Thanks for any thoughts, contacts or feedback. > > Take care, stay soapy, > Nathan > > p.s. Shout-out to all of you home schooling parents out there. I mean I > have had in-office interns and research assistants before, but usually they > are a bit more qualified! :) > > [0] https://spotlightproject.gitlab.io/ > > [1] https://llimllib.github.io/bloomfilter-tutorial/ > > [2] > https://security.googleblog.com/2019/06/helping-organizations-do-more-without-collecting-more-data.html > > [3] https://multiparty.org/ > > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected] _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
