Frequently Asked Questions
- What is Safe Paths? What are PathCheck Bluetooth and PathCheck GPS?
Safe Paths is a global movement to develop free, open-source, privacy-by-design tools for residents, public health officials, and larger communities to flatten the curve of COVID-19, and prevent a surveillance-state response to the pandemic. PathCheck Foundation, a 501(c)(3) nonprofit, is here to help nations, states and employers build their own custom solutions (app, server and dashboard). We provide a modular framework that can be customized into two separate solutions (i) PathCheck Bluetooth (Project Aurora) based on Google-Apple Exposure Notification that uses Bluetooth and (ii) PathCheck GPS (currently known as CovidSafePaths) based on location data. Follow updates at our GitHub repo, the largest non-profit Covid19 open-source repository.
- What is the overall value of this effort?
Trace, test, treat is a proven strategy endorsed by the WHO to reduce viral spread. When there is a verified case, it is the responsibility of public health authorities to determine what other individuals the patient may have been in sufficient proximity to possibly be infected. Testing that individual quickly, before symptoms have been developed, is one of the most effective strategies to reduce viral spread. It assumes sufficient testing is available. The impact and approach changes over the course of the spread. In early and later stages where the ratio of the infected population is relatively low, high sensitivity to exposure can lead to much more rapid testing to reduce spread. In a saturated community, isolated individuals have few contacts and advanced tracing protocols can have equal impact. In all cases, additional information reduces fear.
- Why is privacy-by-design important?
We believe any comprehensive solution requires two things working in harmony:
- Active support and engagement from the public health authority
- Full trust and confidence from residents
Safe Paths was founded on a belief that there is a false division between the privacy of patient data and the utility of the data to society. The effectiveness of any mobile device initiative that betrays public trust is undermined by each individual’s ability to opt out by turning off their phone, changing the setting, or leaving it at home. Safe Paths aims to prevent privacy risks from occurring in the first place by strictly minimizing any data leaving a device and enforcing the strictest consent requirements .
MIT Computational Law Report recently published a set of privacy principles that are summarized: “Health, education, location, and contact tracing data is personal data. No service provider or government agency should use data other than what is generated by the entity and used by it for its legitimate purpose or share outside its organization without user consent.” For this consent to be meaningful, it must be voluntary, explicit, and targeted to a specific purpose or use.
In most cases, privacy-by-design software should be transparent to inspection through open source community tools. For the public good, where appropropriate, software should be licensed as open source.
- What is MIT Safe Paths?
MIT Safe Paths was created by Ramesh Raskar, with Sandy Pentland, Kent Larson, and Kevin Esvelt. Ramesh is an Associate Professor at MIT Media Lab and inventor of a camera to see around corners for which he received the 2016 Lemelson–MIT Prize. He holds 90+ US patents, has co-authored books including Spatial Augmented Reality, Computational Photography, and 3D Imaging; appeared in NY Times, CNN, BBC, NewScientist, Technology Review, and several technology news websites; and has worked on special research projects at Google [X], Facebook, and Apple.
MIT Safe Paths began as a multi-faculty, cross-MIT effort, with input and expertise from institutes including Harvard University, Stanford University, and SUNY Buffalo; clinical input from Mayo Clinic and Massachusetts General Hospital; and mentors from the World Health Organization, the US Department of Health and Human Services, and the Graduate Institute of International and Development Studies.
- MIT Faculty Advisor: Ronald L. Rivest, Yael T. Kalai, Daniel J. Weitzner, Hal Abelson, Jonathan Gruber, Nickolai Zeldovich, and Adi Shamir.
- Other Advisors: Amandeep Gill (I-DAIR), Bernardo Mariano Jr (WHO), Brian McClendon, Don Rucker (HHS), Yoshua Bengio (MILA), Richard Janda (McGill), John Halamka (Mayo Clinic), Alfred Spector (Two Sigma), and Stephen Kennedy Smith.
MIT Safe Paths operates the Private Kit:Safe Paths app and provides global thought leadership through research and development.
- What is Path Check?
Path Check is a spin-out from MIT Media Lab. The Safe Paths program has been spun out from MIT Media Lab into a newly created non-profit called Path Checks, Inc (PCI), established with the initial purpose of supporting global rollout of the COVID Safe Paths app and Safe Places browser tool for contact tracers. COVID Safe Paths will help to enable societal reemergence, including the reopening of schools and the restarting of the economy, on the other side of what Tomas Pueyo referred to as “The Hammer and the Dance.” Through our global partnership with EY, we are prepared to support public health officials everywhere with two 100% free, open-source technologies:
- Safe Places
- COVID Safe Paths
- What is Safe Places?
Safe Places™ is a browser-based map tool, optimized for public health officials. This enables them to more efficiently interview verified cases, make contact to known individuals who came in contact with these verified cases, and make available to the public anonymized and aggregated data sets of public locations that may become hotspots for the spread.
For more information on Safe Places, click here.
- What is COVID Safe Paths?
COVID Safe Paths™ is an Android/iOS app available for both mobile platforms that interacts with Safe Places in two ways. For users who become diagnosed patients, the app logs the user’s history on their phone or imports location history information to create 5-minute interval snapshots that can be provided with full informed consent to trusted public health officials using Safe Places for contact tracing. For users who have not been diagnosed with COVID-19, the app enables them to download anonymized and aggregated data sets of public locations where they may have been in contact with now diagnosed patients, notifying them of possible exposure.
- What is “Contact Tracing” and why is it important to “flattening the curve”?
The World Health Organization outlines contact-tracing as follows:
People in close contact with someone who is infected with a virus are at higher risk of becoming infected themselves, and of potentially further infecting others. Closely watching these contacts after exposure to an infected person will help the contacts to get care and treatment, and will prevent further transmission of the virus.
This monitoring process is called contact tracing, which can be broken down into 3 basic steps:
- Contact identification: Once someone is confirmed as infected with a virus, contacts are identified by asking about the person’s activities and the activities and roles of the people around them since onset of illness. Contacts can be anyone who has been in contact with an infected person: family members, work colleagues, friends, or health care providers.
- Contact listing: All persons considered to have contact with the infected person should be listed as contacts. Efforts should be made to identify every listed contact and to inform them of their contact status, what it means, what will follow, and the importance of receiving early care if they develop symptoms. Contacts should also be provided with information about prevention of the disease. In some cases, quarantine or isolation is required for high risk contacts, either at home, or in hospital.
- Contact follow-up: Regular follow-up should be conducted with all contacts to monitor for symptoms and test for signs of infection.
- Will Contact tracing apps be less useful in crowded, dense cities? How about in rural areas with low testing?
Safe Paths as a contact tracing app will be useful in dense, as well as rural areas. In dense areas use of GPS and Bluetooth together can help in efficient contact tracing and let people get back to work. In rural areas where we do not need Covid-test-and-isolate, instead we need only fever-test-and-isolate, conservatively we can assume any fever is Covid-related and inform anyone who came in close contact.
- Why is this an Open Source Project?
An open-source approach lets programmers and other experts outside the app development team review the code for a project. These outside programmers can make improvements, copy the code, or use it to create something entirely new. Open source offers a layer of trustworthiness. Because the code is publicly available, it can be reviewed by experts around the world to confirm it works the way the development team says it should. There are, at times, valid reasons to not use an open- source approach, such as when a business is seeking to develop a proprietary technology. During the COVID-19 crisis, we believe that open- source projects promote collaboration and foster community.
- How is COVID Safe Paths multi-fold improvement in Contact Tracing?
Contact tracing has been pivotal in containing and slowing the spread of COVID-19. However, this process is traditionally time-consuming and prone to human memory errors. One example of this is Patient 31 in South Korea. Authorities interviewed and analyzed 1160 of Patient 31’s contacts to find the original infected individual and identify those which became infected from having contact with Patient 31.
COVID Safe Paths is a digital diary of users’ locations that will—with their permission—use GPS data to record everywhere they’ve been, storing it locally on their phones for 28 days. It applies technology to the traditional contact tracing process, reducing memory errors and notifying possible contacts much more efficiently. Key differentiators from traditional contact tracing
- A Faster and More Accurate Patient Interview: Instead of relying on memory, diagnosed patients can opt to provide their 28-day Private Kit / COVID Safe Paths location trail to their health official.
- Personal Information is Fully Removed: Using the web app Safe Places, the health official redacts personally identifiable information from the location trail.
- Be Notified if you’ve Crossed Paths: Patient’s redacted and blurred location trail is released. Private Kit / COVID Safe Paths notifies users who came in close contact with a diagnosed patient. Healthy user’s data never leaves their phone.
- Digitally enabled Self-Reporting: SafePaths is developing privacy preserving self-reporting in the form of personal digital diary that prevents from leading to any misinformation and abuse.
- How does COVID Safe Paths ensure individual and community privacy?
We are an all-volunteer team united around a commitment to slow the spread of COVID-19 while also preserving privacy and protecting individual liberties. Please visit the following page to learn about the privacy principles developed by the team: https://law.mit.edu/pub/covid19contacttracingprivacyprinciples
- Why should I use the Safe Paths App? What are the benefits to me and my community?
Safe Paths lets you privately store the last 28 days of your location information.
- If you are currently not impacted, you can compare your location history with contact tracing information from patients diagnosed with COVID-19 published by your local public health authority, without revealing your location information.
- If you are tested positive, you can opt to share your location information with your public health officials to help protect your community and to allow local public health officials to make the most informed decisions.
- What exactly happens when I allow COVID Safe Paths access to my location services?
When you enable location services within the App, GPS location information is periodically recorded securely and privately on your phone. Your location information is not shared with anyone, unless you decide to share it.
- How and when would I share my location history with local public health officials?
If you test positive for the infection, and you opt to release your location information with your local public health officials, you will decide to provide your GPS location information, which will provide health officials with more accurate information than you might be able to otherwise remember about your recent travels in the community.
- How do we identify that you came in close contact to someone diagnosed with COVID-19?
Our goal is to use contact tracing so that users can tell if they came within 10-15 feet of a diagnosed carrier, based on GPS or Bluetooth data. We never assert that any given individual has definitively come into contact with a COVID-19 carrier.
- Is 10-15 feet sufficiently precise to be valuable?
Yes, if the potential contact occurs in a densely-populated area (such as a grocery store or shopping mall) the issue expands to contaminated surfaces. Even if two individuals never come within six feet of each other, a carrier could infect a surface and then walk away. A potential contact with the caveat of a 10-15 foot margin is thus still valuable information in dense zones.
- Okay, but couldn’t we incorporate unique bluetooth-interaction pins to get even higher precision?
Yes, the team is actively working on including bluetooth technology as a second dimension of personal data to identify “proximity” in addition to the “location” data.
- How does the phone get the location data?
It uses its internal GPS capabilities to gather and locally record that data.
- If this app becomes essential, would asking for consent become “asking for consent under duress? If so, how do the ethics change?
Ensuring consent is always voluntary, informed and fair under all the circumstances is essential. This is a core principle of the project, as described in our white paper, here: https://arxiv.org/pdf/2003.08567.pdf
Obtaining consent for any form of data collection and use helps manage privacy risks. Consent’s utility in real-world settings, however, is often undermined. Language which is incomprehensible for typical users and a lack of real choice(e.g. users must often relinquish privacy and share their data in order to receive a service or opt not to use the service at all) severely limit the power of consent. Other contact-tracing technologies rarely overcome the challenges associated with obtaining true consent from the user (for example, a user may be required to share their location with a third party in order to receive an exposure risk assessment).
Access and usage of the data by an entity, mostly governments, should be limited and highly regulated. Harsh penalties for the abuse of such data should be established. Obtaining true user consent further protects diagnosed carriers. Not all approaches in use today require consent to share personal data. Particularly in non-democratic regimes, diagnosed carriers may be unable to deny consent. In other instances, all users must consent to share their data in order to be informed of their own exposure risk. We believe no one should be obligated to share their personal information. Time limited storage of location trails further protects the privacy of diagnosed carriers. Finally, using an open-source approach to create an app fosters trust in the app’s privacy protection capabilities, as independent experts and media can access and evaluate the source code.
- What cryptographic methods are you using to protect the data?
In Version 3 of the COVID Safe Paths (not yet released), the “best practice” is still evolving, but currently it is an algorithm that discretizes space/time into little blocks and checks if your blocks match “target” blocks produced by a diagnosed individual’s location log- Only sharing a set of all blocks produced by diagnosed patients. No ID is attached to anything encrypted and anonymous.
- When is Safe Paths going to be on the app store?
- How is Safe Paths App different from other Contact Tracing Apps?
SafePaths is not just building the app, but a whole open source ecosystem that allows any country/state to build their own version. Currently, Safe Paths & Safe Places are two solutions geared towards the needs of our different user-groups that include individuals, health authorities, and communities.
- Why is Safe Places needed?
Safe Places creates a reliable tool and infrastructure for public health professionals, while COVID Safe Paths reduces the risk of privacy violations by replacing centralized storage of sensitive data with time-limited storage of data on the user’s own device and requiring user consent for data sharing; hence avoiding a surveillance state.
Safe Places enables health agencies to communicate to individuals their personal risk profile. It also helps contact tracers do their existing jobs more effectively by using data instead of individuals’ memories to determine where they have been in the ~14 days leading up to their positive COVID-19 diagnosis. Safe Places and COVID Safe Paths aims to help societies get back online by improving the public health infrastructure for tracing, and leveraging technology to understand how the disease is spread and more surgically target interventions. Its open-source and modular nature allows other applications to be built on top of it, hence facilitating synergies and enabling a collaborative ecosystem approach.
- How do I install Safe Places?
Once you enter into a Memorandum of Understanding with Path Check, Inc we will send you a link and instructions, so that you host the Safe Places website on your servers. Path Check will never have access to any unpublished information that you collect, as the data will always be hosted by you.
- If an infected resident tests positive, how can I use Safe Places?
The first and most important thing that you should do is to obtain patient consent to collect the GPS trail that is stored on their phone using the Safe Paths app. Once you have received true patient consent, you can instruct the patient how to transmit his/her GPS location data to you.
- How does the data get from the patient to us?
- Location data is stored on user’s phone (before or after becoming an Infected Person)
- Data is in app-local storage sandbox
- Exported raw location data is sent to transmission agent (e.g. the user’s email application, or any other communication channel such as a secure WhatsApp message)
- Infected Person’ raw location data is received by you
- You save raw location data to local hard-drive
- You load raw location data into memory of browser — it is never sent outside of local memory
- Redacted location data is saved to your local hard-drive in independent file
- Individual redacted data files are combined into a single array, then published along with agency info and locale new URL in “safe-paths.json” file
- What about people without a smartphone?
Not all patients use a smartphone. If you choose to collect data from these patients through an interview, it can easily be added to Safe Places so you still have a full picture of the situation in your area/region.
- How are public health officials trained to use Safe Places?
Public health workers are under enormous stress as the coronavirus pandemic spreads. We have minimized the training needed to successfully use Safe Places. Training occurs by remote video conference sessions, training videos, and supporting documents. We also provide one-on-one consultant support during training. We have a human-centred approach to making the implementation of Safe Places successful and customize training programs that work for the health officials and staff.
- Is Safe Places useful to public health officials after the immediate coronavirus has passed?
Yes, collecting and viewing data trends and mapping exposure sites allows public health officials to quickly take action to limit a severe peak in infection rates as the population emerges from the most severe quarantine phase.
- What is required to use Safe Places?
Safe Places operates as a browser extension. Only thing needed is a computer with internet access.
- Where is the location data stored on Safe Places?
Safe Places does not store user data in order to protect privacy. Each public health team determines where to store the data they collect – on hardware, a secure server, or in a cloud based secure system. Teams generally choose to store data the same way they store other Protected Health Information (PHI).
- Are there any new privacy concerns that I should be aware of in using this form of contact tracing?
Yes. There are two areas of privacy concern that you should be aware of and address:
- When a patient sends you raw location information, you must use usual and customary data protection schemes on your network to maintain this data and patient privacy.
- When you decide to publish redacted, blurred data to your community, you need to ensure that you have patient permission to do so, and you must ensure that you have de-identified the data prior to publication