Privacy-Enhancing Cryptography PEC
A multidisciplinary NIST initiative seeks to address the Covid-19 pandemic by analyzing the availability, effectiveness, accuracy, and privacy of automated contact tracing efforts. PEC team members have been participating, by studying privacy tradeoffs of widespread contact tracing applications and considering how privacy can be improved within these systems.
- 2021-January-26-28: NIST workshop Challenges for Digital Proximity Detection in Pandemics: Privacy, Accuracy, and Impact. The workshop was held to engage with the broader community. PEC team members helped organize the breakout session on privacy. A summary of the workshop and scribe notes on the privacy discussion will be available in a NISTIR (link TBA).
- 2021-March-28: “Encounter Metrics and Exposure Notification” – This article in the Journal of Research of NIST introduces the concept of “encounter metrics”: measuring the levels of interaction in a population of autonomous agents equipped with Bluetooth Low Energy (BLE) broadcasting devices. The assumption is that the speed at which an epidemic spreads is proportional to levels of interaction. Measuring these levels can help understand how certain environments hinder or promote epidemics. It can also be helpful to implement reactive policies such as contact tracing. The approach promotes privacy by design, addressing a privacy concern with many "digital proximity detection” applications that log “overheard” pseudonyms between BLE devices. The concern is that the pseudonyms are used to identify infected individuals despite the fact that they have been broadcast, and thus potentially available to third parties. Instead of pseudonyms we propose using a standard cryptographic technique called “exchange of secret keys”. The technique allows two parties to securely agree on a secret key while using a public communication channel. These keys can later be used as identifiers of “risky encounters" while preserving the privacy of all parties. A NIST news article summarizes some of the high-level ideas for a general audience.
Created January 03, 2017, Updated October 14, 2021