Improved privacy in the norwegian contact tracing app

In a chaotic, pandemic-ridden 2020, we have seen governments, academia and industry rushing to introduce a number of smartphone-based contact tracing solutions. The goal of these apps is to reduce the time it takes between someone testing positive to when their close contacts are notified, in addition to reaching out to contacts that we either don’t know about or forgot. However, it is important to keep the privacy and security of the users in mind when designing such solutions.

Several countries decided to publish apps that gathered both GPS coordinates and Bluetooth connections in a central database, so as to track the user’s movements and contacts, and more easily reach out to their close contacts. This includes the first version of the Norwegian contact tracing app Smittestopp (literal translation: “Infection Stop”) launched in April. Unfortunately, this gathered the location and social graphs of everyone using the app, engendering the most invasive data collection ever performed by the Norwegian Government. The Norwegian Data Protection Authority shut down the app a few months later due to privacy violations.

Later on, Google and Apple designed a protocol based purely on Bluetooth, where each phone exchanges randomly generated strings called “infection keys” with each other. These are completely unlinkable to your identity.

Smartphones with the contact tracing app exchanges “infection keys” whenever they are within close proximity.

Every phone stores all the “infection keys” they have seen locally. Later, if a user tests positive, they identify themselves via the app, which then uploads all the user’s “infection keys” to notify others.

The system works as following. 1) The user identifies themselves to prove that they have tested positive. 2) The verification service sends a token back to the app to confirm the positive test. 3) The app uploads the “infection keys” to the backend server together with the token. 4) If the token is valid, all the “infection keys” are shared with every user for them to locally check if they have been in touch with the person who tested positive.

Initially, the token would just be forwarded by the app. This is what the Danish contact tracing app does, which is also the backbone of the new Norwegian contact tracing app. However, if the token is just forwarded, then it is possible to link the “infection keys” to the identity because each token is unique. To improve the user’s privacy, we designed a new protocol for randomized tokens, where the app can change the token into a new valid token before it gets forwarded.

The token-protocol is based on a newly published cryptographic protocol called Privacy Pass. We adjusted Privacy Pass to the setting of contact tracing, so that each user can unlink their identity from their “infection keys”. Read more about the anonymous tokens here. We also wrote an open source library which is integrated into the new version Smittestopp 2.0. The app is currently downloaded by almost 700,000 users in Norway.

Written by Tjerand Silde, PhD Candidate in Cryptography at the Department of Mathematical Sciences at NTNU. Based on joint work with Martin Strand (Norwegian Defence Research Establishment), Henrik Walker Moe (Bekk Consulting), Johannes Brodwall (Sopra Steria) and the Norwegian Institute of Public Health.

%d bloggers like this: