MIT’s Safe Paths: Contact Tracing with privacy-protection

Ananya Gangavarapu
3 min readApr 19, 2020

Controlling of COVID-19 and similar pandemics requires the effective deployment of 3 TsTesting, Tracing, and Treatment. While treatment options are being evaluated, almost all countries who had succeeded in bending the curve of pandemic spread have deployed contact tracing apps.

Contact Tracing is to track the spread of infections, like COVID-19, based on the recent interactions of the infected person. Traditional contact tracing is effective in the early days of an outbreak when only a few people have been infected. Given the current spread of COVID-19, contact tracing needs to be instantaneous to be effective.

Countries like Singapore, China, and South Korea built and successfully deployed smartphone-based contact tracing apps to control the pandemic. But these digital technologies can be intrusive. In China, the tracing apps are made mandatory and track every movement of the phone with those apps. The data collected can be used beyond the intended purposes of pandemic mitigation. Similarly, contact tracing apps used by South Korea have made private information, such as credit-card transactions and the places visited, broadcasted publicly. Comparatively, BlueTrace, a contact tracing app deployed by Singapore is relatively privacy-protected and exposes some privacy data such as age or gender.

An army of volunteers, led by MIT professors Ramesh Raskar and Alex ‘Sandy’ Pentland, are building infrastructure and secured apps for contact tracing with privacy-first principles. The PrivateKit: Safe Paths app, developed for iOS and Android devices, enables contact tracing while protecting the privacy of the individuals. PrivateKit app uses Bluetooth technology to record any close encounters one has with other uses of the app and GPS locations of the places visited in the last 28 days. This data is encrypted and resides on the user’s phone. Any infected user can choose to share the data with public health officials. Public officials use software to scrub all privacy-related information before uploaded into the database. Once in the database, the system sends alerts to all users who were in the geographical proximity of the infected users.

Key privacy-protection principles governing PrivateKit: Safe Paths app are

  • App is private by design — possible contacts determined privately on a user’s own device using open source code and cryptographic algorithms
  • Data should never leave the user’s device (100% local) unless they become ill and opt to release it to a trusted health official
  • Trusted health officials remove all diagnosed patient personally identifiable information (PII) — only releasing the redacted location trail
  • Location trails are never released in the public domain in a raw form

Widespread adoption of the app makes it more effective in curbing the pandemic spread and still is impactful even with a smaller install base. Also, the benefits of such an approach go beyond current mitigation and help the country return to a new normalcy.

The app and its supporting infrastructure work require a small administrative infrastructure team to operate — around 300 people for a large state like Illinois.

Please check the following link to get more information and download the prototype apps:

The entire project is open-sourced and GitHub repo is here.

To join the team, please complete the volunteer intake form.