Infectious diseases such as COronaVIrus Disease 2019 (COVID-19) are known to spread rapidly from person to person. In the absence of an effective vaccine or drug treatment, infection control relies on (i) rapid identification and isolation of persons with infection; a process called contact tracing, and/or (ii) extreme social distancing measures to reduce contact between people. Contact tracing processes used today are manual, time-consuming, error-prone, and do not scale. Scaling contact tracing through the use of smartphones pose risks to individuals' privacy and confidentiality. The other approach of physical distancing that has been implemented by governments has resulted in societal and economic distress. This project builds Poirot to detect exposure in a privacy-preserving manner automatically. As physical distancing measures are eased, a tool such as Poirot can be used to help the essential workers track exposure to the infection.
Poirot is a privacy-preserving system that uses smartphones to (a) detect contact with potentially infectious individuals, and (b) provide recommendations for infection control (e.g., isolation, testing). Compared to other suggestions that utilize smartphones, Poirot makes three key innovations: (i) it takes into account the transitive nature of infection when notifying users, (ii) it utilizes user-contributed information beyond just contacts (e.g., use of personal protective equipment) to assess exposure status, and (iii) it can incorporate information retroactively, such as back-dated activities of infected users who were initially not in the system. These features present unique challenges in privacy, cryptography, secure multiparty computation, infectious disease epidemiology, and data-intensive systems. First, any exposure detection application, despite the emergency, must ensure the fundamental privacy rights of an individual. Poirot presents novel techniques in using secure multiparty computation algorithms to address this challenge and implement the features mentioned above. Second, any exposure detection solution must scale to millions of users, which cannot be done with current general-purpose secure multiparty computation tools. Poirot employs novel methods to speed up secure multiparty computation by revealing differentially private statistics and using techniques from data-intensive computing. Finally, revealing exposure status to individuals from smartphone identified contacts and user-contributed information can result in privacy violations. Thus, Poirot's selection of notification strategies will be informed by rigorous analysis of the privacy implications of different ways of notifying users of their exposure. Addressing these challenges helps develop a pragmatic and scalable solution for exposure detection that can be widely implemented by public health agencies in the face of the current and future pandemics.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
