Off the beaten track

Contact tracing apps could be one of the keys to defeating Covid-19. But users’ details need to be secure and safe from prying eyes

In the fight against Covid-19, contact tracing apps could play an important role in keeping us all safe from the disease. The apps work by letting people know if they have been in close contact with someone who later tests positive for Covid-19, helping to pinpoint exactly who needs to be in quarantine and who doesn’t. But there are concerns about how this could affect individual’s privacy and whether the data could be hacked.

Now, ‘ContacTUM‘, an interdisciplinary research team at the Technical University of Munich (TUM) has developed a model for a contact tracing app that, it says, protects personal data. The concept is based on an encryption process that prevents the temporary contact numbers (TCNs) of infected individuals from ending up on the phones of their contacts. In ‘ContacTUM’, researchers from the fields of physics, informatics, law, mathematics and medicine, anchored by physicist Prof Elisa Resconi, are jointly working together.

Mobile phones on which a contact tracing app is installed exchange constantly changing, randomly generated TCNs (temporary contact numbers) using Bluetooth technology. These TCNs are collected locally on the devices and stored there for a limited period of around two weeks. In case of a medically confirmed diagnosis of a Covid-19 infection, the individual's contacts are anonymously notified using the contact tracing app.

The notification mechanism takes either the centralised or decentralised approach. In the centralised approach, the app uploads the TCNs of every contact person received by the infected individual's device to a central server. The server then uses the TCNs to despatch messages with the app, in order to notify the corresponding contact persons of a potential infection.

The risk of the centralised approach is that all of the data is stored at a single location As a result, there is a high risk of abuse, because it becomes possible to de-anonymise and disclose personal contacts as soon as the data on the server can be accessed.

In a decentralised approach, the infected individuals release only the TCNs transmitted by their own device to a server. These TCNs are downloaded from the server by all devices where the app is installed. The check to determine whether any of these ‘infected’ TCNs were previously received now takes place locally on the individual devices. Consequently, the only party with knowledge of possible contact with an infected individual is the contact person himself – and not the central server.

ContacTUM has been working to build on this decentralised approach and make it more secure. The cross-checking of TCNs of infected individuals against those collected on mobile phones takes place without having to load the infected individuals' TCNs onto the phones. This is possible with an encryption process known as private set intersection cardinality, which does not require information to be exchanged in plain text. “As a result,” says physicist Kilian Holzapfel, “the risk scenario in which an attacker could combine the received TCNs with other information such as the date, time and location where the TCN was transmitted – which would endanger the anonymity of an infected person – is minimised to a large extent.”