Adding Location Context to Apple/Google Exposure Notification Bluetooth API: MIT SafePaths Encryption Proposals for GPS + Bluetooth
Version 0.1, Apr 26th, 2020
Contact tracing requires a strong understanding of location and context of the infection encounters. Although Bluetooth technology does not provide location or context of the encounters, we present key privacy preserving ideas to capture this context that can be used in or alongside the forthcoming Google/Apple Bluetooth Exposure Notification API (GAEN). There are four different ways of propagating context between the two users. We propose two simple ideas to allow private location logging without revealing the location history in the app. In addition, we propose two encryption based methods. The first encryption method is a variant of Apple FindMy protocol that already allows nearby Apple devices to capture GPS location of the lost Apple device. The second encryption method, which we recommend is the best option, is a minor modification of the existing GAEN protocol so that GPS information is available to a healthy phone only if exposed. We highlight the benefits and potential privacy issues with each proposed method for context propagation. It will still be the role of the Public Health smartphone app to decide how to use the location-time context to build a full fledged contract tracing and public health solution.
Read the full version here.